Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Intent to implement: Dynamic module imports (JS 'import()' syntax)
181 views
Skip to first unread message
Jon Coppeard
Oct 18, 2018, 10:45:39 AM10/18/18
to
Summary:
This introduces a function-like import() syntax to JS that imports an ES6 module and returns a promise for that module's namespace.
We currently support static module imports and these should be used where possible. However sometimes it's desirable to dynamically load code at runtime, for example to allow a module to be chosen based on information only known at runtime, or to support lazy loading of infrequently-used code.
Note that use of this feature is not restricted to ES6 modules but can be used to load modules from classic scripts.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1342012
Link to standard:
This is currently a TC39 stage 3 proposal: https://github.com/tc39/proposal-dynamic-import
HTML spec changes: https://github.com/whatwg/html/pull/3044
Platform coverage: All platforms.
Estimated or target release: 65
Preference behind which this will be implemented: javascript.options.dynamicImport
Is this feature enabled by default in sandboxed iframes?
This features requires script execution and is allowed where script execution is allowed.
DevTools bug: I don't know whether there is DevTools work to do here or not.
Do other browser engines implement this?
Chrome shipped this in 63, Safari in 11.1, and it's in development in Edge.
web-platform-tests:
https://github.com/web-platform-tests/wpt/tree/master/html/semantics/scripting-1/the-script-element/module/dynamic-import
Is this feature restricted to secure contexts?
No, it's not restricted as it's part of script execution and works everywhere that is allowed.
Jon
This introduces a function-like import() syntax to JS that imports an ES6 module and returns a promise for that module's namespace.
We currently support static module imports and these should be used where possible. However sometimes it's desirable to dynamically load code at runtime, for example to allow a module to be chosen based on information only known at runtime, or to support lazy loading of infrequently-used code.
Note that use of this feature is not restricted to ES6 modules but can be used to load modules from classic scripts.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1342012
Link to standard:
This is currently a TC39 stage 3 proposal: https://github.com/tc39/proposal-dynamic-import
HTML spec changes: https://github.com/whatwg/html/pull/3044
Platform coverage: All platforms.
Estimated or target release: 65
Preference behind which this will be implemented: javascript.options.dynamicImport
Is this feature enabled by default in sandboxed iframes?
This features requires script execution and is allowed where script execution is allowed.
DevTools bug: I don't know whether there is DevTools work to do here or not.
Do other browser engines implement this?
Chrome shipped this in 63, Safari in 11.1, and it's in development in Edge.
web-platform-tests:
https://github.com/web-platform-tests/wpt/tree/master/html/semantics/scripting-1/the-script-element/module/dynamic-import
Is this feature restricted to secure contexts?
No, it's not restricted as it's part of script execution and works everywhere that is allowed.
Jon
Boris Zbarsky
Oct 18, 2018, 10:53:03 AM10/18/18
to
On 10/18/18 10:45 AM, Jon Coppeard wrote:
> DevTools bug: I don't know whether there is DevTools work to do here or not..
I can think of several devtools things that would be nice to have:
1) A log of which modules got loaded (and when?)
2) Ability to break in a module once it gets loaded but before its code
starts to run (maybe this already works like for normal scripts?).
3) Ability to see the resulting module dependency graph (applies to
static modules too).
-Boris
> DevTools bug: I don't know whether there is DevTools work to do here or not..
I can think of several devtools things that would be nice to have:
1) A log of which modules got loaded (and when?)
2) Ability to break in a module once it gets loaded but before its code
starts to run (maybe this already works like for normal scripts?).
3) Ability to see the resulting module dependency graph (applies to
static modules too).
-Boris
L. David Baron
Oct 20, 2018, 4:54:05 AM10/20/18
to Jon Coppeard, dev-pl...@lists.mozilla.org
On Thursday 2018-10-18 07:45 -0700, Jon Coppeard wrote:
> Do other browser engines implement this?
>
> Chrome shipped this in 63, Safari in 11.1, and it's in development in Edge.
>
> web-platform-tests:
>
> https://github.com/web-platform-tests/wpt/tree/master/html/semantics/scripting-1/the-script-element/module/dynamic-import
>
> Is this feature restricted to secure contexts?
>
> No, it's not restricted as it's part of script execution and works everywhere that is allowed.
Part of the idea behind restricting things to secure contexts is
> Do other browser engines implement this?
>
> Chrome shipped this in 63, Safari in 11.1, and it's in development in Edge.
>
> web-platform-tests:
>
> https://github.com/web-platform-tests/wpt/tree/master/html/semantics/scripting-1/the-script-element/module/dynamic-import
>
> Is this feature restricted to secure contexts?
>
> No, it's not restricted as it's part of script execution and works everywhere that is allowed.
that we will have to add secure context tests to areas where they
aren't currently present. So being part of script execution doesn't
seem to be to be an adequate reason for not restricting.
Have both Chrome and Safari shipped it without a secure context
restriction? (If not, we should probably restrict. If so... it's
perhaps a more interesting question -- maybe we shouldn't, or maybe
it should depend on current usage levels.)
-David
--
𝄞 L. David Baron http://dbaron.org/ 𝄂
𝄢 Mozilla https://www.mozilla.org/ 𝄂
Before I built a wall I'd ask to know
What I was walling in or walling out,
And to whom I was like to give offense.
- Robert Frost, Mending Wall (1914)
Luke Wagner
Oct 20, 2018, 4:01:13 PM10/20/18
to Baron, L. David, jon.co...@gmail.com, Mozilla dev-platform mailing list mailing list
Since dynamic import is a core part of the JS language, with dedicated
syntax (`import` is not a plain function, but a fixed syntactic form), it
would seem to fall under the new, underlined JS exception in the first
section of
https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere.
On Sat, Oct 20, 2018 at 3:54 AM L. David Baron <dba...@dbaron.org> wrote:
> On Thursday 2018-10-18 07:45 -0700, Jon Coppeard wrote:
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>
syntax (`import` is not a plain function, but a fixed syntactic form), it
would seem to fall under the new, underlined JS exception in the first
section of
https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere.
On Sat, Oct 20, 2018 at 3:54 AM L. David Baron <dba...@dbaron.org> wrote:
> On Thursday 2018-10-18 07:45 -0700, Jon Coppeard wrote:
> > Do other browser engines implement this?
> >
> > Chrome shipped this in 63, Safari in 11.1, and it's in development in
> Edge.
> >
> > web-platform-tests:
> >
> >
> https://github.com/web-platform-tests/wpt/tree/master/html/semantics/scripting-1/the-script-element/module/dynamic-import
> >
> > Is this feature restricted to secure contexts?
> >
> > No, it's not restricted as it's part of script execution and works
> everywhere that is allowed.
>
> >
> > Chrome shipped this in 63, Safari in 11.1, and it's in development in
> Edge.
> >
> > web-platform-tests:
> >
> >
> https://github.com/web-platform-tests/wpt/tree/master/html/semantics/scripting-1/the-script-element/module/dynamic-import
> >
> > Is this feature restricted to secure contexts?
> >
> > No, it's not restricted as it's part of script execution and works
> everywhere that is allowed.
>
> Part of the idea behind restricting things to secure contexts is
> that we will have to add secure context tests to areas where they
> aren't currently present. So being part of script execution doesn't
> seem to be to be an adequate reason for not restricting.
>
> Have both Chrome and Safari shipped it without a secure context
> restriction? (If not, we should probably restrict. If so... it's
> perhaps a more interesting question -- maybe we shouldn't, or maybe
> it should depend on current usage levels.)
>
> -David
>
> --
> 𝄞 L. David Baron http://dbaron.org/ 𝄂
> 𝄢 Mozilla https://www.mozilla.org/ 𝄂
> Before I built a wall I'd ask to know
> What I was walling in or walling out,
> And to whom I was like to give offense.
> - Robert Frost, Mending Wall (1914)
> _______________________________________________
> that we will have to add secure context tests to areas where they
> aren't currently present. So being part of script execution doesn't
> seem to be to be an adequate reason for not restricting.
>
> Have both Chrome and Safari shipped it without a secure context
> restriction? (If not, we should probably restrict. If so... it's
> perhaps a more interesting question -- maybe we shouldn't, or maybe
> it should depend on current usage levels.)
>
> -David
>
> --
> 𝄞 L. David Baron http://dbaron.org/ 𝄂
> 𝄢 Mozilla https://www.mozilla.org/ 𝄂
> Before I built a wall I'd ask to know
> What I was walling in or walling out,
> And to whom I was like to give offense.
> - Robert Frost, Mending Wall (1914)
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>
Jon Coppeard
Oct 22, 2018, 6:13:27 AM10/22/18
to
On Saturday, 20 October 2018 09:54:05 UTC+1, David Baron wrote:
> Have both Chrome and Safari shipped it without a secure context
> restriction?
Yes, it is supported outside of secure contexts in both Chrome and Safari.
> Have both Chrome and Safari shipped it without a secure context
> restriction?
Jon
0 new messages