W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: Privileged context features and JavaScript

From: Richard Barnes <rbarnes@mozilla.com>
Date: Fri, 17 Apr 2015 10:01:44 -0400
Message-ID: <CAOAcki_WnC7eKyqXGCi2rcuT0uFgyBDojSXrmgkixnMRm3J2ow@mail.gmail.com>
To: Elliott Sprehn <esprehn@chromium.org>
Cc: Boris Zbarsky <bzbarsky@mit.edu>, Anne van Kesteren <annevk@annevk.nl>, Mike West <mkwst@google.com>, public-webappsec@w3.org, public-webapps <public-webapps@w3.org>, public-script-coord <public-script-coord@w3.org>
Since we're talking about a binary distinction (privileged vs.
unprivileged), presumably you could just make two snapshots?

On Fri, Apr 17, 2015 at 3:38 AM, Elliott Sprehn <esprehn@chromium.org>

> It's preferable not to do that for us because you can then create a static
> heap snapshot at compile time and memcpy to start JS contexts faster.
> On Apr 17, 2015 12:03 AM, "Boris Zbarsky" <bzbarsky@mit.edu> wrote:
>> On 4/17/15 2:52 AM, Boris Zbarsky wrote:
>>> If that preference is toggled, we in fact remove the API entirely, so
>>> that "'geolocation' in navigator" tests false.
>> Oh, I meant to mention: this is more web-compatible than having the API
>> entrypoints throw, because it can be object-detected.  Of course we could
>> have made the API entrypoints just always reject the request instead, I
>> guess; removing the API altogether was somewhat simpler to do.
>> -Boris
Received on Friday, 17 April 2015 14:02:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC