W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: Privileged context features and JavaScript

From: Adam Klein <adamk@chromium.org>
Date: Fri, 17 Apr 2015 09:46:33 -0700
Message-ID: <CAEvLGc+fpwP6N51ysNH2_GqB18=HNe_9=Z2JM8W7rtzHYPk+dA@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Elliott Sprehn <esprehn@chromium.org>, Anne van Kesteren <annevk@annevk.nl>, Mike West <mkwst@google.com>, public-webappsec@w3.org, public-webapps <public-webapps@w3.org>, public-script-coord <public-script-coord@w3.org>
On Fri, Apr 17, 2015 at 7:06 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:

> On 4/17/15 3:38 AM, Elliott Sprehn wrote:
>> It's preferable not to do that for us because you can then create a
>> static heap snapshot at compile time and memcpy to start JS contexts
>> faster.
> For this specific case, where there are only two possibilities (privileged
> or not) it seems like you can just have two different snapshots and pick
> the right one.  I agree this uses more memory; there are all sorts of
> tradeoffs here.
> But yes, this is an argument against having any sort of dynamic behavior.
> In the case of Gecko, we have to have _something_ somewhat dynamic anyway,
> since we expose APIs to extensions that we don't expose to web pages...
> which I'm sure you do too.

In Blink, we don't include host objects in our snapshot anyway, so this
point is probably moot for web APIs. Or at least it's moot until more
things are self-hosted.

- Adam
Received on Friday, 17 April 2015 16:47:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC