info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Should the entire JS structure be Object.freeze()'d if it's exposed through a read only property?
81 views
Skip to first unread message
Tim Guan-tin Chien
Jul 9, 2015, 4:48:57 AM7/9/15
to dev-platform
Hi,
I want to call out on a confusion here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1176184#c12
In this case, I modified the manifest object passed from mozApp API,
and the object was subsequently removed by the platform, so did my
modifications. Fabrice said I should not be modified the object since
it's marked as read only in WebIDL.
I am currently working on changing my code there so I won't be
modifying the manifest object, but, I wonder if platform should
protect web authors more by simply freeze the entire structure when
giving it to the content.
Are there any other APIs expose a structure like this?
Tim
I want to call out on a confusion here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1176184#c12
In this case, I modified the manifest object passed from mozApp API,
and the object was subsequently removed by the platform, so did my
modifications. Fabrice said I should not be modified the object since
it's marked as read only in WebIDL.
I am currently working on changing my code there so I won't be
modifying the manifest object, but, I wonder if platform should
protect web authors more by simply freeze the entire structure when
giving it to the content.
Are there any other APIs expose a structure like this?
Tim
Boris Zbarsky
Jul 9, 2015, 4:11:59 PM7/9/15
to
On 7/9/15 4:48 AM, Tim Guan-tin Chien wrote:
> In this case, I modified the manifest object passed from mozApp API,
> and the object was subsequently removed by the platform, so did my
> modifications. Fabrice said I should not be modified the object since
> it's marked as read only in WebIDL.
"readonly" just means the property has a getter but no setter. Whether
> In this case, I modified the manifest object passed from mozApp API,
> and the object was subsequently removed by the platform, so did my
> modifications. Fabrice said I should not be modified the object since
> it's marked as read only in WebIDL.
you can then modify the value returned by the getter is a separate issue
that needs to be considered as part of designing an API.
> I wonder if platform should
> protect web authors more by simply freeze the entire structure when
> giving it to the content.
<https://developer.mozilla.org/en-US/docs/Mozilla/WebIDL_bindings#Frozen>.
But note that freezing is not recursive, so if some of the properties
are themselves objects _they_ could still be mutated...
> Are there any other APIs expose a structure like this?
-Boris
Tim Guan-tin Chien
Jul 13, 2015, 2:40:53 AM7/13/15
to Boris Zbarsky, dev-platform
In that case, the right question to ask would be (A) should
DOMApplication#manifest be a recursive frozen JS structure, and maybe
(B) should WebIDL binding provide an keyword like DeepFrozen that
could recursive freeze the exposed structure.
In essence, (A) is the API design question, (B) is the infrastructure
needed should answer to (A) is an yes.
I would personally vote yes on both (A) and (B).
Tim
Ehsan Akhgari
Jul 13, 2015, 12:36:39 PM7/13/15
to Tim Guan-tin Chien, Boris Zbarsky, dev-platform
On 2015-07-13 2:40 AM, Tim Guan-tin Chien wrote:
> On Fri, Jul 10, 2015 at 2:45 AM, Boris Zbarsky <bzba...@mit.edu> wrote:
> On Fri, Jul 10, 2015 at 2:45 AM, Boris Zbarsky <bzba...@mit.edu> wrote:
> Thanks for reply :bz.
>
> In that case, the right question to ask would be (A) should
> DOMApplication#manifest be a recursive frozen JS structure, and maybe
I suppose we could do that, to remove this footgun, even though I can't
>
> In that case, the right question to ask would be (A) should
> DOMApplication#manifest be a recursive frozen JS structure, and maybe
remember other similar examples in the platform off the top of my head.
Boris Zbarsky
Jul 14, 2015, 4:14:25 PM7/14/15
to
On 7/13/15 2:40 AM, Tim Guan-tin Chien wrote:
> In that case, the right question to ask would be (A) should
> DOMApplication#manifest be a recursive frozen JS structure
Is it a plain vanilla object with nothing hanging off it that has
> In that case, the right question to ask would be (A) should
> DOMApplication#manifest be a recursive frozen JS structure
getter/setters? If so, that would not be unreasonable.
> and maybe
> (B) should WebIDL binding provide an keyword like DeepFrozen that
> could recursive freeze the exposed structure.
-Boris
Tim Guan-tin Chien
Jul 30, 2015, 3:00:41 AM7/30/15
to dev-platform
Closing the loop here:
With the help from :bholley the Cu.cloneInto() method now comes with
an option to deepFreeze the cloned object. Those who interested can
check out the bugs.
https://bugzilla.mozilla.org/show_bug.cgi?id=1184439
https://bugzilla.mozilla.org/show_bug.cgi?id=1186213
This is not as convenient as a keyword in WebIDL but I think it's good enough.
> _______________________________________________
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
With the help from :bholley the Cu.cloneInto() method now comes with
an option to deepFreeze the cloned object. Those who interested can
check out the bugs.
https://bugzilla.mozilla.org/show_bug.cgi?id=1184439
https://bugzilla.mozilla.org/show_bug.cgi?id=1186213
This is not as convenient as a keyword in WebIDL but I think it's good enough.
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
Anne van Kesteren
Jul 30, 2015, 4:02:38 AM7/30/15
to Tim Guan-tin Chien, dev-platform
On Thu, Jul 30, 2015 at 9:00 AM, Tim Guan-tin Chien
<timd...@mozilla.com> wrote:
> This is not as convenient as a keyword in WebIDL but I think it's good enough.
You might want to chime in on
<timd...@mozilla.com> wrote:
> This is not as convenient as a keyword in WebIDL but I think it's good enough.
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29004
which is asking for something similar (though more scoped).
Note though that frozen in JavaScript only freezes the properties. If
the object has private state that can still be modified through other
means. E.g., freezing a Set or Map might not do what you expect it to
do.
--
https://annevankesteren.nl/
0 new messages