W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: Privileged context features and JavaScript

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Fri, 17 Apr 2015 10:09:44 -0400
Message-ID: <55311428.9070209@mit.edu>
To: Mike West <mkwst@google.com>, Anne van Kesteren <annevk@annevk.nl>
CC: Webapps WG <public-webapps@w3.org>, public-webappsec@w3.org, public-script-coord <public-script-coord@w3.org>
On 4/17/15 2:44 AM, Mike West wrote:
> Either way, expressing the constraint via IDL seems totally reasonable.

OK, so let's say we do the "API is still present but fails somehow" 
thing.  How would one express that constraint via IDL?  What would the 
normative language be?  It seems like the best you can do in this 
situation is an IDL annotation that has no actual behavior implications 
of its own but serves as a warning to the spec reader to carefully read 
the prose for what the behavior implications are, right?

I say this because I'm seeing people want to apply this to a variety of 
different APIs which should do a variety of different things in the 
"disabled" state, as far as I can tell.

Am I missing something and there's something more that such an 
annotation could do?

Received on Friday, 17 April 2015 14:10:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC