-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Principle: Use [Exposed=*]
to make only purely computational APIs available
#509
Comments
This sounds reasonable. I'm not sure if it needs to be a principle or could just be advice in the Web IDL standard. It might also be helpful to have some examples so people can evaluate whether they understand the rules correctly. |
As it so happens, I do have some examples to propose. The
The The |
I support having guidance for this. I think this is a good piece of guidance. I think Blob, as described, sits right on the line. |
Given the positive feedback so far, I've gone ahead and drafted a text for this in #510. |
(Given the File API discussion in WebApps at TPAC |
In the spirit of clarifying edge cases, what about
I'm guessing no, but I'm not sure I could articulate exactly what makes OffScreenCanvas or WebCodecs not pure computation (at least the subset of the APIs which doesn't do any network/on-screen rendering stuff). |
Problem statement
In webidl#526 a new
Exposed
annotation,[Exposed=*]
, was introduced. It denotes a fundamental set of interfaces that are intended to be exposed in Window, all Workers, all Worklets, ShadowRealm, as well as any future global scopes.We've heard concerns (e.g., tc39/proposal-shadowrealm#401) that it's not clear when an interface should belong to this fundamental set and when it shouldn't. We'd like to issue guidance for this in a design principle.
I'm interested in feedback on the proposed guidance below, and am willing to write up the conclusions in a PR if it is generally positive.
Proposed guidance
[Exposed=*]
should be applied only to purely computational interfaces. That is, they do not perform I/O and do not affect the state of the user agent or the user's device.Anything annotated with
[SecureContext]
should not be exposed everywhere; not all global scopes are secure contexts.Anything relying on an event loop should not be exposed everywhere; not all global scopes have an event loop.
The
[Exposed=*]
annotation should also be applied conservatively. If an interface is not that useful without other interfaces that are not exposed everywhere, default to not exposing that interface as well.Further reading
Directly related, but predates
[Exposed=*]
: #35Discussion resulting in the addition of
[Exposed=*]
: webidl#468Other relevant reading: #325, #360, #448, tc39/ecma262#1120, WebAudio/web-audio-api#2499, tc39/proposal-shadowrealm#398
The text was updated successfully, but these errors were encountered: