RE: Safe, Closure-free, Serializable functions
francois.remy.dev at outlook.com
Thu Sep 26 13:10:24 PDT 2013
>> TLDR ==> The web needs a way to express executable code that does not rely on its parent context, is guaranteed to be side-effect-free, and can be executed safely anywhere (even in a different thread/worker/window/device, or as callback for browser code being executed while the DOM is not ready to be accessed)
> Why "need"? You don't really expose a use case. You only start with
> "It's been some time I've been working on this idea of a..."
> Also, one thing is not really clear to me. Are you trying to protect the
> function from its caller/loader or the caller from the function? both?
An arbitrary function can't do the trick here because the browser is in a state where it cannot execute arbitrary JS on the DOM when he needs this kind of information, or could be in another thread where it simply can't access the global variables and all. So, instead of trying a way that would be very complex to make all DOM API throw in this case, I propose to add a way to make sure you can't have them.
Then you can check at runtime whether or not a function is "safe" for out-of-context usage. You can send the function as part of a JSON object, by the way, and it could be deep-cloned, unlike a normal function.
What I really try to do is to give entire control to the caller regarding what the function can access. This requires isolating the called function completely form the outside environment, to the exception of the given arguments.
More information about the es-discuss