W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2013

RE: Selectors: name find method and find signature

From: Domenic Denicola <domenic@domenicdenicola.com>
Date: Fri, 13 Sep 2013 18:46:05 +0000
To: Boris Zbarsky <bzbarsky@MIT.EDU>
CC: Anne van Kesteren <annevk@annevk.nl>, WebApps WG <public-webapps@w3.org>
Message-ID: <B4AE8F4E86E26C47AC407D49872F6F9F9657E0A0@BY2PRD0510MB354.namprd05.prod.outlook.com>
Thanks Boris, this is indeed all very helpful. I just wanted to point out that what you are calling "dictionaries" is largely covered by what I called "destructuring," on the input side at least. E.g.

> Furthermore, privileged code should never be working with raw page-provided ES objects, because doing that makes confused-deputy scenarios impossible to avoid in practice.  For example, dictionaries that will be operated on by privileged script first need to be coerced to a new clean object with a sane proto chain, only value properties, and the values themselves coerced to be safe to work with.  To the extent that we do not have a way to specify or perform such a coercion, we have a problem.

I believe this is almost entirely taken care of by destructuring.

Aside from that, much appreciate you spelling out what you find most important, and I think we're on the same page there.
Received on Friday, 13 September 2013 18:46:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:13 UTC