Re: [widgets] What does it mean to have an unavailable API from Marcos Caceres on 2009-06-02 (public-webapps@w3.org from April to June 2009)

From: Marcos Caceres <marcosc@opera.com>
Date: Tue, 2 Jun 2009 19:50:29 +0200
To: Jonas Sicking <jonas@sicking.cc>
Cc: Marcin Hanclik <Marcin.Hanclik@access-company.com>, Scott Wilson <scott.bradley.wilson@gmail.com>, Henri Sivonen <hsivonen@iki.fi>, public-webapps <public-webapps@w3.org>
Message-ID: <b21a10670906021050l1f9a8b43ne57809f184d01c0f@mail.gmail.com>

On Tue, Jun 2, 2009 at 7:19 PM, Jonas Sicking <jonas@sicking.cc> wrote:
> On Tue, Jun 2, 2009 at 7:28 AM, Marcin Hanclik
> <Marcin.Hanclik@access-company.com> wrote:
>> Hi Scott,
>>
>> In BONDI we have discussed the (has/request)Feature() for some time.
>> http://bondi.omtp.org/1.0/security/BONDI_Architecture_and_Security_v1.0.pdf, section 4.3
>>
>> A few points for further discussion:
>> 1. feature (at least in BONDI) is an abstract thing, not just one function. So hasFeature() is simply optimized checking procedure. If you check for a feature and discover that it is available, you may/should/must assume that a set of functions is available. Otherwise, you have to check each function individually and basically you cannot assume that if one functions is available, then the other is as well.
>>
>> 2. requestFeature() adds dynamism to the Website content. Widgets express their dependency statically by <feature>.
>> http://bondi.omtp.org/1.0/security/BONDI_Architecture_and_Security_Appendices_v1.0.pdf B.2 specifies more details.
>
> Doesn't the requestFeature() make at least the security benefits of
> <feature> moot? In Another thread Marcos stated that one of the
> benefits of <feature> was that if a widget gets exploited, the
> exploited code couldn't get access to any features that the widget
> hadn't enabled using <feature>. However this does not seem to be true
> if the exploited code could simply call requestFeature() first, and
> then use the feature.
>

I don't know what the BONDI doc says, but this is certainly not what
should happen (unless something changed since I stopped working with
Bondi on this). The idea with getFeature, IIRC, is that you first
declare a feature, e.g., <feature name="foo:bar">, and then you can
ask for an pointer to it at runtime:

<script>
    var foobarator =  Bondi.getFeature("foo:bar");
    foobarator.crush().kill().destroy();

    var barfoo  = Bondi.getFeature("bar:foo");
    barfoo === underfined; // true
</script>


-- 
Marcos Caceres
http://datadriven.com.au

Received on Tuesday, 2 June 2009 17:54:12 UTC