On Mar 21, 2016 4:36 AM, "Raul-Sebastian Mihăilă" <[email protected]> wrote:
> Wouldn't it be enough to prevent access from normal SES realms to the > proto-SES realm's Zone primordial in order to keep SES as an ocap > environment (by having the global objects from normal SES realms inherit > from a proxy of the global object from proto-SES, instead of inheriting > directly from the proto-SES global object)? > Hi Raul, recall that Reflect.theProtoGlobal provides direct access to the proto-SES realm's global itself (the so-called "proto-global"). If Zone is found there, then it is pervasively available. The hard question is, is it safe for this observably mutable global to be pervasively available? At first I thought the answer was "of course not". Now, due to Dean's observation, the answer is that it may indeed be safe. This is sufficiently likely that we should consider the case seriously. If we decide not to share a global Zone but do decide that it is safe to have on individual SES realms, then we can treat it more like eval, Function, Math, and Date: Arrange for it to be absent or crippled on the proto-global, and instead have separate Zone objects to appear on each SES realm's global. As with eval and Function, this could be by built-in initialization. Or as with Date and Math, it could be by user-level pattern. But before worrying about how to fall back to this more conservative position, let's continue to critically examine the more radical hypothesis.
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
