Frank Hecker wrote:
In both documents you write "This proposal does not address Python and other languages, but they are identical to C++ for purposes of this proposal." Maybe it's just my ignorance, but I'm confused: Did you actually mean to write that Python and other languages are equivalent to JavaScript, e.g., for the "checks in glue" model checks would be done at entry from Python into C++, just as would be done for JavaScript?
They could, sure. But we only allow python in chrome, where it is in fact equivalent to C++. If we decide to allow untrusted python (which seems pretty unlikely to me), we could indeed modify both of these models to account for it.
-Boris _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
