W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: Privileged context features and JavaScript

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 17 Apr 2015 09:07:50 -0700
Message-ID: <CABkgnnU7w_oFt2L2ZOjMOkpw84RLFh_aFr3i9sekhRYDFTFD6A@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Anne van Kesteren <annevk@annevk.nl>, Mike West <mkwst@google.com>, Webapps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>, public-script-coord <public-script-coord@w3.org>
On 17 April 2015 at 08:16, Boris Zbarsky <bzbarsky@mit.edu> wrote:
>    If the API returns a Promise type, return a Promise rejected with
>    a TypeError (??).  Otherwise, the operation steps MUST fail in some
>    way.
>
> Or some such.

SecurityError perhaps.  But I still like the idea of an IDL annotation
like [SecureContext] that causes the API to disappear as though not
implemented.
Received on Friday, 17 April 2015 16:08:24 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:12 UTC