W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2015

Re: Privileged context features and JavaScript

From: Richard Barnes <rbarnes@mozilla.com>
Date: Fri, 17 Apr 2015 10:01:44 -0400
Message-ID: <CAOAcki_WnC7eKyqXGCi2rcuT0uFgyBDojSXrmgkixnMRm3J2ow@mail.gmail.com>
To: Elliott Sprehn <esprehn@chromium.org>
Cc: Boris Zbarsky <bzbarsky@mit.edu>, Anne van Kesteren <annevk@annevk.nl>, Mike West <mkwst@google.com>, public-webappsec@w3.org, public-webapps <public-webapps@w3.org>, public-script-coord <public-script-coord@w3.org>
Since we're talking about a binary distinction (privileged vs.
unprivileged), presumably you could just make two snapshots?

On Fri, Apr 17, 2015 at 3:38 AM, Elliott Sprehn <esprehn@chromium.org>
wrote:

> It's preferable not to do that for us because you can then create a static
> heap snapshot at compile time and memcpy to start JS contexts faster.
> On Apr 17, 2015 12:03 AM, "Boris Zbarsky" <bzbarsky@mit.edu> wrote:
>
>> On 4/17/15 2:52 AM, Boris Zbarsky wrote:
>>
>>> If that preference is toggled, we in fact remove the API entirely, so
>>> that "'geolocation' in navigator" tests false.
>>>
>>
>> Oh, I meant to mention: this is more web-compatible than having the API
>> entrypoints throw, because it can be object-detected.  Of course we could
>> have made the API entrypoints just always reject the request instead, I
>> guess; removing the API altogether was somewhat simpler to do.
>>
>> -Boris
>>
>>
>>
Received on Friday, 17 April 2015 14:02:19 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:31 UTC