Contact emails s...@chromium.org, lwar...@igalia.com
Explainer https://github.com/tc39/proposal-shadowrealm/blob/main/explainer.md Specification https://tc39.es/proposal-shadowrealm/ Design docs https://docs.google.com/document/d/1SWFGpiSdrBwErDNot8rqMyBjKGC3WDArcLnGg7MX6SE/edit?usp=sharing https://docs.google.com/document/d/1k9OZxtbKmzENOMzahmm2C0uBNRc_pVLXMSoKsrkJJBw/edit?usp=sharing Summary ShadowRealm is a TC39 proposal to add an in-process, synchronous way to create a new global environment with its own global object and its own set of built-ins and intrinsics. See the proposal explainer at https://github.com/tc39/proposal-shadowrealm/blob/main/explainer.md Blink component Blink>JavaScript>Language Motivation The ShadowRealm API provides a way to run trusted code in a fresh global environment, which has use cases for virtualization, virtual DOM, and other execution of trusted 3rd party code. Please note that because ShadowRealm is a synchronous, in-process (eg no separate address space protection) API, it is not a sufficient security boundary for many threat models. It is not a generic sandboxing primitive for security purposes. Initial public proposal None TAG review None TAG review status Not applicable Risks Interoperability and Compatibility It is a new feature and a Stage 2 TC39 proposal. The the main risk is that it fails to become an interoperable part of the web platform if other browsers do not implement it. Gecko: No signal (https://github.com/mozilla/standards-positions/issues/997) https://bugzilla.mozilla.org/show_bug.cgi?id=1566145 WebKit: No signal (https://github.com/WebKit/standards-positions/issues/433) https://bugs.webkit.org/show_bug.cgi?id=230602 Web developers: No signals Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability While a new way to execute JS code, it is purely synchronous, and thus the executed code is debugged like any other synchronous JS code. The ShadowRealm objects themselves have reasonable console output. Is this feature fully tested by web-platform-tests? Yes Tested in test262: https://github.com/tc39/test262/tree/main/test/built-ins/ShadowRealm Various tests in WPT for shadow realms integration with other web standards. Flag name on about://flags Finch feature name None Non-finch justification None Requires code in //chrome? False Tracking bug https://bugs.chromium.org/p/v8/issues/detail?id=11989 Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5638053476433920?gate=5591276603310080 This intent message was generated by Chrome Platform Status. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67570404.2b0a0220.1bb510.012c.GAE%40google.com.
