- From: Domenic Denicola <notifications@github.com>
- Date: Mon, 16 Nov 2020 14:46:07 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/542/728375593@github.com>
> We (the champions) have been very clear about this for a long time, Realms are not a security boundary. You can try to be clear about it, but it's not working. E.g. there is a separate proposal, titled "Secure ECMAScript", which uses realms as the basis of its "security". Or there are people trying to use realms for security boundaries, and getting burned, as seen in e.g. https://www.figma.com/blog/an-update-on-plugin-security/ . If a feature encourages writing insecure code, you can't just say "but we told you not to write insecure code" and use that as justification for adding it to the platform anyway. That is why I think that people who want integrity via multiple globals should continue to use the power tools that are available in their environments, and should not get support from this footgun-laden API being baked into the platform. > In each of them, it is harder and harder to achieve the same, for no particular reason. I strongly disagree with this. It is "hard" (e.g., environment-specific) for very good reasons, which I've listed above. > For these reasons, I will disregard this concern as subjective. This concern is my strongest one, and certainly not subjective. Adding something which encourages buggy and insecure code to the language---not just the V8 API, or the Node.js `vm` module power-toolset, but the language itself---is a big deal, and has serious impacts on web architecture, which is this group's remit. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/542#issuecomment-728375593
Received on Monday, 16 November 2020 22:46:20 UTC