ihab.awad at gmail.com
ihab.awad at gmail.com
Sun Jan 31 22:04:31 PST 2010
On Sun, Jan 31, 2010 at 6:56 PM, Sam Tobin-Hochstadt <samth at ccs.neu.edu> wrote:
> First, it's also possible to achieve isolation via lexical scope by
> using functions, closures, and objects, as Dave's example shows. Our
> proposal attempts to leverage the existing facilities in EcmaScript to
> achieve most of isolation, using modules for name management and
> restricting the top-level lexical environment.
But, in some module M that imports X, Y and Z, the top-level lexical
environment *must* include access to all the state encapsulated by X,
Y and Z.
> Second, we expect that needing to isolate untrusted code is the
> uncommon case for importing a module.
That is only true if you *completely* trust all the code you and all
your coworkers write on a large project. Otherwise, the issue is not
isolating untrusted *code* but isolating the extent of authorities
into code. This is important for both security and software
> Third, the reason the API for `loadModule' is async is that
> encouraging synchronous dynamic loading on the web is encouraging
> broken webapps. However, it might not be right for `loadModule' to be
> standardized in ES, as Dave mentioned, and offline applications would
> want a synchronous version.
I agree that your 'loadModule' (or any such dynamic loading utility)
should be async. But this is a question for another time.
> So, the way I think of it, everything in our proposal is internally
> linked, except insofar as a Context might specify a different behavior
> for the name of some module.
So you propose linking to a standard library using some agreed-upon
name. Let's say it's "stdlib". So, when I say:
/* ... my code here ... */
If "stdlib" were some reference to some code which I could make more
or less independently of the container (perhaps subject to its
permission, but not too much else), then this is internal linking.
However, if "stdlib" is not only some code but an object *with
expected powers* that the container must be expected to set up for me
ahead of time, that sounds like external linking.
Am I incorrect in my use of the terms?
In any case, my point stands. The namespaces for "pure code being
brought in" and "powers granted to me by my container" are being
conflated. For the former, you need modules. For the latter, you need
some sort of "service registry" or whatever else.
Ihab A.B. Awad, Palo Alto, CA
More information about the es-discuss