- From: Joshua Cline <notifications@github.com>
- Date: Mon, 16 Nov 2020 16:54:35 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/542/728567690@github.com>
> Adding something which encourages buggy and insecure code to the language---not just the V8 API, or the Node.js `vm` module power-toolset, but the language itself---is a big deal, and has serious impacts on web architecture, which is this group's remit. I would like to make the counterpoint that at the least it would be *unified* "buggy and insecure code" that could be built upon and is a improvement from current hacks to achieve the same goal which people are *failing at anyway*. Now I am not a expert on this proposal (and could someone tag me with a correction if I am wrong.) but it seems to achieve similar results to what is described in [this post](https://blog.risingstack.com/writing-a-javascript-framework-sandboxed-code-evaluation/). As can be seen in the post it is a mess that most people (including myself) don't actually understand. Does it make a eval that is more secure? Yes. But if only 1% of programmers use it it is useless. It doesn't matter if Realms is only partially secure if people are using a i-frame, (or just a normal eval,) anyway. Using this at least makes it clear what and why the code is working in the way it's working. As I understand it part of this groups remit is to improve readability. The solution may be as simple as renaming the stupid thing to make is sound less like a sandbox. > 1. Realms allow code to run in a "sandbox", but that sandbox is insecure. I mean this in the sense that it has no Spectre protections, or protections against the various arbitrary-write memory safety bugs that every browser continues to exhibit on a frequent basis. Many people (e.g. on the realms issue tracker) have the impression that realms can be used for cases like running non-audited third-party plugin code in the same process as user data, which is a _bad idea_. To the extent realms enable such folly, they should not be added to the platform. If I understand correctly, using realms in a web-worker would solve many of these issues (oh, and you can't have i-frames in web workers, but you could have a realm in a web worker). Additionally, there are varying levels of _bad idea_, there is "running plugins in a bank app" all the way down to "Modding a single player web game". -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/542#issuecomment-728567690
Received on Tuesday, 17 November 2020 00:54:48 UTC