brendan at mozilla.com
Wed Feb 3 12:39:34 PST 2010
On Feb 2, 2010, at 6:23 PM, Kris Kowal wrote:
>> Different module contexts may have different module ID resolvers,
>> so for example it would be possible for host environments to
>> provide a SecureESContext that didn't allow identifiers to resolve
>> to the "filesystem" module or the "dom" module.
> This verbiage implies black-listing. It would be good to be clear
> that the object formerly known as a "module context" should be
> explicitly populated with a white-list of module instances for SES.
Agreed, and good point.
Oprah moment: something about the way you wrote makes me want to plead
for goodwill assumptions in our informal exchanges. No one on the
committee is trying to open up capability leaks or introduce ambient
authority. I doubt anyone is unfamiliar with the problems of
blacklisting. It seemed clear to me that Dave was not specifying
rigorously, just giving two examples.
(Ok, group hug :-P.)
More information about the es-discuss