- From: Alexey Feldgendler <alexey@feldgendler.ru>
- Date: Tue, 31 Oct 2006 10:09:53 +0600
On Tue, 31 Oct 2006 06:04:40 +0600, Douglas Crockford <douglas at crockford.com> wrote: > I have been looking at the mashup problem. All scripts run with the authority > of the base page, so mashups are not indicated for any application containing > private data or managing a private connection. That is extremely limiting. > Even worse, it turns out that rich media ads are mashups. > > I had been thinking that the solution was to replace JavaScript with a > capability language like E (http://erights.org/) and to replace the DOM with > a capability DOM. I am now thinking that a far less drastic solution is > required: a module facility that forms a trust boundary in the page with a > communications mechanism that does not allow capability leakage. > > It requires no changes to JavaScript and a small, incremental change to HTML. > The proposal is here: http://json.org/module.html What you propose looks very similar to the Cross-document messaging already included into the current draft: http://whatwg.org/specs/web-apps/current-work/#crossDocumentMessages The principal difference between this and your proposal is that you insist on the messages to be JSON. I rather agree with the current WHAT spec which defines just sending of strings back and forth without imposing more complex interpretation upon them. Also, the current WHAT spec reuses the event handling mechanism in contract to introducing an ad-hoc one with send() and receive() methods. DOM event handling alows events to be dispatched asynchronously, which fits various threading models implemented in browsers better. -- Alexey Feldgendler <alexey at feldgendler.ru> [ICQ: 115226275] http://feldgendler.livejournal.com
Received on Monday, 30 October 2006 20:09:53 UTC