W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: CSP3: DOM API Strawman

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Mon, 03 Nov 2014 08:54:17 -0500
Message-ID: <54578909.2080908@mit.edu>
To: Mike West <mkwst@google.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 11/3/14, 8:43 AM, Mike West wrote:
> I think of it as a pure virtual interface which SecurityPolicySourceURL,
> SecurityPolicySourceHash, and SecurityPolicySourceNonce implement. I
> suppose this doesn't actually require marking it as NoInterfaceObject,
> however.

What's the point of such a pure virtual interface, exactly?  What are 
the use cases?

It's very unlikely that you want this to be NoInterfaceObject.  You 
either don't want such an interface at all, or you want it to have a 
sane constructor object with a prototype object hanging off it and all that.

> Those are arrays only because Bikeshed is rejecting
> `sequence<SecurityPolicySource>`.

Yeah, we need to finally fix 
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23682 and update Bikeshed 
accordingly...

-Boris
Received on Monday, 3 November 2014 13:54:45 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC