Re: [webidl] Add a [SecureContext] operator attribute (#65)

@mikewest The "can transition" section should probably explicitly say that things remain exposed, right?  Or more precisely, the definition of exposure should use the secure context state at the moment the script environment is created.

It doesn't make sense to talk about an interface being "executed".  What can happen is that an interface member or constructor will be "executed".  Also, I assume this section is generally informative, not normative, and should be clearly labeled as such.  This section claims the normative behavior is defined in "perform a security check", but that's not what actually happens; it's a separate step, right?  It might in fact be better to move it into "perform a security check" to avoid all the copy/paste...

For the bits talking about when operations are exposed... I don't think that's the right way to do that.  I think the right way is to change the definition of "exposed" at http://heycam.github.io/webidl/#dfn-exposed and that should do what we want.  That would presumably also handle attribute exposure, which is not handled in this patch afaict.

Apart from that, seems reasonable.


---
Reply to this email directly or view it on GitHub:
https://github.com/heycam/webidl/pull/65#issuecomment-175038874

Received on Tuesday, 26 January 2016 14:22:47 UTC