- From: Alex Russell <slightlyoff@google.com>
- Date: Mon, 5 Nov 2012 10:32:38 +0000
- To: Boris Zbarsky <bzbarsky@mit.edu>
- Cc: public-web-security@w3.org
- Message-ID: <CANr5HFUqexrkU+tq-3KU74we7mo_8z1M131RuzQdiOds6dFjVg@mail.gmail.com>
On Mon, Nov 5, 2012 at 1:08 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 11/4/12 3:58 PM, Alex Russell wrote:
>
>> DOMString toString();
>>
>
> This should probably be:
>
> stringifier;
>
> instead (which in ES will produce a toString on the prototype, but is more
> clear about the point, and might do different things in other binding
> languages).
Other binding languages don't matter, but OK.
> One open issue: I'm not sure If allowsEval, allowsInlineScript, and
>> allowsInlineStyle should just be boolean getters or if they should stay
>> methods
>>
>
> I think readonly boolean attributes would make more sense here, personally.
>
Read-only when vended from document.securityPolicy, right?
When constructed ("new SecurityPolicy(...)"), I think they should be
read-write.
> Another thing to think about is whether reportURIs should really be an IDL
> array (which does NOT produce a JS array on the JS side, so it really
> depends on the expected use cases).
I'll advocate for a JS array wherever we surface an array-like collection.
It's long past time that we stopped shitting on users with ad-hoc
collection types. If you want it read-only, vend an ES6 proxy. We can
figure out later how to say that in WebIDL (not that it actually matters,
IMO).
Received on Monday, 5 November 2012 10:33:41 UTC