Privileged context features and JavaScript

Soon there will be a number of features that are restricted to
privileged contexts. Most prominent one being service workers.

Within user agents the prevailing pattern is that privileged APIs are
not available in unprivileged contexts. However, both Firefox and
Chrome currently expose the service worker API everywhere, it just
happens to reject.

Should we change this and simply not expose the API in unprivileged
contexts? E.g. through IDL syntax? That way we don't have to carefully
secure all access points.


-- 
https://annevankesteren.nl/

Received on Friday, 17 April 2015 05:17:11 UTC