W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: Privileged context features and JavaScript

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Fri, 17 Apr 2015 11:16:46 -0400
Message-ID: <553123DE.5030207@mit.edu>
To: Anne van Kesteren <annevk@annevk.nl>
CC: Mike West <mkwst@google.com>, Webapps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>, public-script-coord <public-script-coord@w3.org>
On 4/17/15 11:13 AM, Anne van Kesteren wrote:
> A bunch of the new non-legacy APIs (that is geolocation doesn't count)
> have some kind of promise thing you need to get past before things
> start working. For those APIs we could have something with normative
> language. I don't see how we could make something work for all
> possible APIs (unless we do the hiding thing).

OK, so the annotation could be defined as something like adding the 
following to the operation (and maybe attribute getter?) steps in WebIDL:

    If the API returns a Promise type, return a Promise rejected with
    a TypeError (??).  Otherwise, the operation steps MUST fail in some

Or some such.

Received on Friday, 17 April 2015 15:17:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC