[whatwg] Proposal for enhancing postMessage

Posted first at public-html-comments, but that list seems silent. I have received suggestions to repost here. Message 1 of 2, from : Currently, HTML5's postMessage may transfer some amount of data in the message, and up t

Re: [whatwg] Proposal for enhancing postMessage

Message 2 of 2, from : To be concrete about it, I am a member of the Caja team, which is building an object-capability subset of JavaScript by translation to JavaScript. Currently, Caja brings object-capabilities only to

Re: [whatwg] Proposal for enhancing postMessage

On Wed, Mar 11, 2009 at 2:30 PM, Drew Wilson wrote: > Mark, I won't pretend to completely understand the use cases you're > describing as I'm not familiar with the prior work you've cited. But my > understanding of the postMessage() API is that they are primarily useful for > handing off ports to

Re: [whatwg] Worker and message port feedback

On Fri, Mar 20, 2009 at 3:29 PM, Ian Hickson wrote: > On Fri, 6 Mar 2009, Mark S. Miller wrote: >> >> Currently, HTML5's postMessage may transfer some amount of data in the >> message, and up to one MessagePort as the port parameter. I propose that >> postMessage

Re: [whatwg] Cryptographically strong random numbers

[+benl, +shabsi, +frantz, +daw] On Sun, Feb 13, 2011 at 6:37 PM, Boris Zbarsky wrote: > On 2/13/11 8:22 PM, Adam Barth wrote: > >> It seems likely that window.crypto will continue to grow more quality >> cryptographic APIs, not all of which will be appropriate at the >> ECMAScript level. >> > >

Re: [whatwg] Cryptographically strong random numbers

On Mon, Feb 14, 2011 at 2:47 AM, Adam Barth wrote: > That's a pretty long time horizon. You're going to start discussing > it in 2-4 months? That seems a bit overwrought for what amounts to > four lines of code. > The committee meets once every two months. Between meetings, we discuss things o

Re: [whatwg] Cryptographically strong random numbers

n Mon, Feb 14, 2011 at 8:31 AM, Mark S. Miller wrote: >> >>> On Mon, Feb 14, 2011 at 2:47 AM, Adam Barth wrote: >>> >>>> That's a pretty long time horizon. You're going to start discussing >>>> it in 2-4 months? That seems a bit overwro

Re: [whatwg] Cryptographically strong random numbers

While we're waiting for Adam to subscribe to es-discuss and repost his messages on this thread, this one seems worth pre-posting. Changes needed for this to become an EcmaScript strawman: Replace references to ArrayBufferView with appropriate abstractions from < http://wiki.ecmascript.org/doku.ph

Re: [whatwg] Cryptographically strong random numbers

On Wed, Feb 16, 2011 at 11:36 AM, Oliver Hunt wrote: > I agree with this sentiment, the specification should simply state "the > returned values are guaranteed to be cryptographically secure", that's all > that needs to be said. There is no need to describe how this is > implemented, if an imple

Re: [whatwg] Multiple globals and direct/indirect eval

On Fri, Mar 4, 2011 at 5:53 AM, David Bruant wrote: > [Adding WhatWG and public-script-coord (WebIDL) to the discussion. > Discussion is ongoing : > - Start of thread : > https://mail.mozilla.org/pipermail/es-discuss/2011-March/012915.html > - Strawman by Dave Herman: > http://wiki.ecmascript.org/

Re: [whatwg] Behavior when

Given only that the JSONP response has a ACCESS-CONTROL-ALLOW-ORIGIN:* header, the API you suggest below can be fully implemented as a library. Since any response that parses as JavaScript has no same origin protection anyway, rather than carve out a special case for JSONP, should we waive the ACC

Re: [whatwg] Behavior when

On Thursday, December 8, 2011, Jonas Sicking wrote: > On Thu, Dec 8, 2011 at 9:23 AM, Mark S. Miller > > > wrote: > > Given only that the JSONP response has a ACCESS-CONTROL-ALLOW-ORIGIN:* > > header, the API you suggest below can be fully implemented as a library. &g

Re: [whatwg] Behavior when

On Thursday, December 8, 2011, Yehuda Katz wrote: > > Yehuda Katz > (ph) 718.877.1325 > > > On Thu, Dec 8, 2011 at 9:23 AM, Mark S. Miller > > > wrote: > >> Given only that the JSONP response has a ACCESS-CONTROL-ALLOW-ORIGIN:* >> header, the API you s

Re: [whatwg] Behavior when

On Thursday, December 8, 2011, Mark S. Miller wrote: > [...] Anne Van Kesteren pointed out the only form of confidentiality we > can be confident of in this context: comments (and whitespace and choice of > internal variable names). > Anne said only "comments". I added the

Re: [whatwg] Behavior when

On Thursday, December 8, 2011, Yehuda Katz wrote: > > I'm probably still misunderstanding, but the current security > infrastructure of the web supports cross-origin XHR only with a new kind of > explicit server opt-in that most APIs do not support. > In that case you are understanding correctly

[whatwg] Behavior when

wrote: > > Yehuda Katz > (ph) 718.877.1325 > > > On Thu, Dec 8, 2011 at 4:31 PM, Mark S. Miller wrote: > >> On Thursday, December 8, 2011, Yehuda Katz wrote: >> >>> >>> I'm probably still misunderstanding, but the current security >>> infra

Re: [whatwg] Handling out of memory issues with getImageData/createImageData

On Sat, Sep 26, 2015 at 7:34 AM, Anne van Kesteren wrote: > On Fri, Sep 25, 2015 at 4:48 PM, Justin Novosad wrote: > > Currently there is no spec'ed behavior for handling out-of memory issues > > for the specific case of attempting to allocate a large buffer through > > image data APIs. > > Actu

Re: [whatwg] Handling out of memory issues with getImageData/createImageData

On Sat, Sep 26, 2015 at 3:33 PM, Niels Keurentjes < niels.keurent...@omines.com> wrote: > > > https://esdiscuss.org/topic/using-max-stack-limit-to-determine-current-js-engine-and-revision#content-7 > > indicates there may be security issues with throwing out-of-memory > exceptions. > > That's hard

Re: [whatwg] Handling out of memory issues with getImageData/createImageData

I should make it clear that my post is not concerned about OOM for image data -- the original subject of this thread -- but rather about the more general OOM question that Anne asks about. On Sat, Sep 26, 2015 at 9:15 PM, Rik Cabanier wrote: > On Fri, Sep 25, 2015 at 7:51 AM, Boris Zbarsky wro

Re: [whatwg] Handling out of memory issues with getImageData/createImageData

On Sun, Sep 27, 2015 at 8:30 AM, Mark S. Miller wrote: > On Sat, Sep 26, 2015 at 7:34 AM, Anne van Kesteren > wrote: > >> On Fri, Sep 25, 2015 at 4:48 PM, Justin Novosad wrote: >> > Currently there is no spec'ed behavior for handling out-of memory issues

Re: [whatwg] Handling out of memory issues with getImageData/createImageData

Since my post is about the more general OOM issue, I have shifted the discussion to es-discuss https://mail.mozilla.org/pipermail/es-discuss/2015-September/044267.html Please continue discussion of the non-browser-specific issue there. On Sun, Sep 27, 2015 at 8:33 AM, Mark S. Miller wrote: >