Proposal revisions: "Draft Proposed Standard SES" becomes "Draft Proposed Frozen Realm API"

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Proposal revisions: "Draft Proposed Standard SES" becomes "Draft Proposed Frozen Realm API"

Mark S. Miller-2
At https://github.com/FUDCo/ses-realm

Since I last posted this, I have received much useful feedback of this proposal, especially from Daniel Ehrenberg, Ojan Vafai, Elliott Sprehn, Alex Russell, and Dave Herman. Thanks!

This revision addresses this feedback in a variety of ways:

  * By overemphasizing security, the previous version underemphasized the utility for normal non-security robustness.
  * In accord with extensible web principals, it proposes a lower level API not specific to ocaps, that can support ocaps and other security models.
  * It reconciles this proposal with the old Realms API proposal at https://gist.github.com/dherman/7568885
  * By generalizing the spawning of descendant realms, this API supports the creation of polyfilled realms derived from TheFrozenRealm.

Enjoy!

--
    Cheers,
    --MarkM

_______________________________________________
es-discuss mailing list
[hidden email]
https://mail.mozilla.org/listinfo/es-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Proposal revisions: "Draft Proposed Standard SES" becomes "Draft Proposed Frozen Realm API"

Bradley Meck
Does this mandate that the global inherit from any specific prototype? Most cases in the wild inherit from Object at some point, but I feel that should only be in the Annex. Several large libraries depend on this, but it is not strictly required for all libraries.

_______________________________________________
es-discuss mailing list
[hidden email]
https://mail.mozilla.org/listinfo/es-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Proposal revisions: "Draft Proposed Standard SES" becomes "Draft Proposed Frozen Realm API"

Mark S. Miller-2
Good question!

Regarding the existing global, the frozen realm API proposal does not say anything at all -- it is concerned only about TheFrozenRealm and realms descendant from it. Outside of the frozen realm proposal, I would indeed like us to pin this down better for globals in general. Why only in the Annex? If we can get agreement to pin it down, I would prefer that it be in the main normative-mandatory text.

Regarding the global of TheFrozenRealm, I did not intend to underspecify that. This is an oversight that I will fix. When I said "the global of TheFrozenRealm is a plain object" I had in mind that it would inherit directly from Object.prototype. I will revise to say that explicitly. Thanks!




On Tue, Mar 29, 2016 at 6:34 AM, Bradley Meck <[hidden email]> wrote:
Does this mandate that the global inherit from any specific prototype? Most cases in the wild inherit from Object at some point, but I feel that should only be in the Annex. Several large libraries depend on this, but it is not strictly required for all libraries.



--
    Cheers,
    --MarkM

_______________________________________________
es-discuss mailing list
[hidden email]
https://mail.mozilla.org/listinfo/es-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Proposal revisions: "Draft Proposed Standard SES" becomes "Draft Proposed Frozen Realm API"

Bradley Meck
This requirement is not specified in EcmaScript, and I have started playing around with `null` inheriting globals. I do not want it explicitly mandated by this if ES does not mandate it. Is there a reason it is a mandate and not an Annex that is there due to some parts of the ecosystem?

On Tue, Mar 29, 2016 at 8:50 AM, Mark S. Miller <[hidden email]> wrote:
Good question!

Regarding the existing global, the frozen realm API proposal does not say anything at all -- it is concerned only about TheFrozenRealm and realms descendant from it. Outside of the frozen realm proposal, I would indeed like us to pin this down better for globals in general. Why only in the Annex? If we can get agreement to pin it down, I would prefer that it be in the main normative-mandatory text.

Regarding the global of TheFrozenRealm, I did not intend to underspecify that. This is an oversight that I will fix. When I said "the global of TheFrozenRealm is a plain object" I had in mind that it would inherit directly from Object.prototype. I will revise to say that explicitly. Thanks!




On Tue, Mar 29, 2016 at 6:34 AM, Bradley Meck <[hidden email]> wrote:
Does this mandate that the global inherit from any specific prototype? Most cases in the wild inherit from Object at some point, but I feel that should only be in the Annex. Several large libraries depend on this, but it is not strictly required for all libraries.



--
    Cheers,
    --MarkM


_______________________________________________
es-discuss mailing list
[hidden email]
https://mail.mozilla.org/listinfo/es-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Proposal revisions: "Draft Proposed Standard SES" becomes "Draft Proposed Frozen Realm API"

Mark S. Miller-2
On Tue, Mar 29, 2016 at 6:54 AM, Bradley Meck <[hidden email]> wrote:
This requirement is not specified in EcmaScript, and I have started playing around with `null` inheriting globals. I do not want it explicitly mandated by this if ES does not mandate it. Is there a reason it is a mandate and not an Annex that is there due to some parts of the ecosystem?

If we can get general agreement, to minimize pointless variations after that agreement, mandating the agreed state is generally better. If we can't, then we probably can't get enough agreement for an Annex B entry. The main reason for listing something in Annex B:

  * It is normative optional -- if the feature exists at all, it must exist like so.

Since the global object must exist, the normative optional rationale would not seem to apply.


 

On Tue, Mar 29, 2016 at 8:50 AM, Mark S. Miller <[hidden email]> wrote:
Good question!

Regarding the existing global, the frozen realm API proposal does not say anything at all -- it is concerned only about TheFrozenRealm and realms descendant from it. Outside of the frozen realm proposal, I would indeed like us to pin this down better for globals in general. Why only in the Annex? If we can get agreement to pin it down, I would prefer that it be in the main normative-mandatory text.

Regarding the global of TheFrozenRealm, I did not intend to underspecify that. This is an oversight that I will fix. When I said "the global of TheFrozenRealm is a plain object" I had in mind that it would inherit directly from Object.prototype. I will revise to say that explicitly. Thanks!




On Tue, Mar 29, 2016 at 6:34 AM, Bradley Meck <[hidden email]> wrote:
Does this mandate that the global inherit from any specific prototype? Most cases in the wild inherit from Object at some point, but I feel that should only be in the Annex. Several large libraries depend on this, but it is not strictly required for all libraries.



--
    Cheers,
    --MarkM




--
    Cheers,
    --MarkM

_______________________________________________
es-discuss mailing list
[hidden email]
https://mail.mozilla.org/listinfo/es-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Proposal revisions: "Draft Proposed Standard SES" becomes "Draft Proposed Frozen Realm API"

Mark S. Miller-2
In reply to this post by Mark S. Miller-2


On Tue, Mar 29, 2016 at 6:50 AM, Mark S. Miller <[hidden email]> wrote:
Good question!

Regarding the existing global, the frozen realm API proposal does not say anything at all -- it is concerned only about TheFrozenRealm and realms descendant from it. Outside of the frozen realm proposal, I would indeed like us to pin this down better for globals in general. Why only in the Annex? If we can get agreement to pin it down, I would prefer that it be in the main normative-mandatory text.

Regarding the global of TheFrozenRealm, I did not intend to underspecify that. This is an oversight that I will fix. When I said "the global of TheFrozenRealm is a plain object" I had in mind that it would inherit directly from Object.prototype. I will revise to say that explicitly.

Done.

 
Thanks!




On Tue, Mar 29, 2016 at 6:34 AM, Bradley Meck <[hidden email]> wrote:
Does this mandate that the global inherit from any specific prototype? Most cases in the wild inherit from Object at some point, but I feel that should only be in the Annex. Several large libraries depend on this, but it is not strictly required for all libraries.



--
    Cheers,
    --MarkM



--
    Cheers,
    --MarkM

_______________________________________________
es-discuss mailing list
[hidden email]
https://mail.mozilla.org/listinfo/es-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Proposal revisions: "Draft Proposed Standard SES" becomes "Draft Proposed Frozen Realm API"

Bradley Meck
Moving discussion to https://github.com/FUDCo/frozen-realms/issues/14 , not a fan.

On Tue, Mar 29, 2016 at 9:04 AM, Mark S. Miller <[hidden email]> wrote:


On Tue, Mar 29, 2016 at 6:50 AM, Mark S. Miller <[hidden email]> wrote:
Good question!

Regarding the existing global, the frozen realm API proposal does not say anything at all -- it is concerned only about TheFrozenRealm and realms descendant from it. Outside of the frozen realm proposal, I would indeed like us to pin this down better for globals in general. Why only in the Annex? If we can get agreement to pin it down, I would prefer that it be in the main normative-mandatory text.

Regarding the global of TheFrozenRealm, I did not intend to underspecify that. This is an oversight that I will fix. When I said "the global of TheFrozenRealm is a plain object" I had in mind that it would inherit directly from Object.prototype. I will revise to say that explicitly.

Done.

 
Thanks!




On Tue, Mar 29, 2016 at 6:34 AM, Bradley Meck <[hidden email]> wrote:
Does this mandate that the global inherit from any specific prototype? Most cases in the wild inherit from Object at some point, but I feel that should only be in the Annex. Several large libraries depend on this, but it is not strictly required for all libraries.



--
    Cheers,
    --MarkM



--
    Cheers,
    --MarkM


_______________________________________________
es-discuss mailing list
[hidden email]
https://mail.mozilla.org/listinfo/es-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Proposal revisions: "Draft Proposed Standard SES" becomes "Draft Proposed Frozen Realm API"

Mark S. Miller-2
In reply to this post by Mark S. Miller-2
On Tue, Mar 29, 2016 at 7:02 AM, Mark S. Miller <[hidden email]> wrote:
[...]The main reason for listing something in Annex B:

  * It is normative optional -- if the feature exists at all, it must exist like so.

As the proposal says:

Some of the elements of Annex B are safe and likely mandatory in practice, independent of host environment:
  • escape and unescape
  • Object.prototype.__proto__
  • String.prototype.substr
  • The String.prototype methods defined in terms of the internal CreateHTMLanchorbig, ..., sup
  • Date.prototype.getYear and Date.prototype.setYear
  • Date.prototype.toGMTString
Some of these are messy but none are unsafe or inherently stateful. I would welcome an investigation into which of these are in fact normative mandatory in practice, independent of host environments. For those, I would welcome proposals to move them into the main normative mandatory text. However, I do not have the energy to pursue that myself. Thanks.


--
    Cheers,
    --MarkM

_______________________________________________
es-discuss mailing list
[hidden email]
https://mail.mozilla.org/listinfo/es-discuss