| marp | theme | paginate | style |
|---|---|---|---|
true |
gaia |
true |
@import url('https://cdn.jsdelivr.net/npm/hack-font@3/build/web/hack-subset.css');
@import url('https://fonts.googleapis.com/css2?family=Rubik:ital,wght@0,400;0,700;1,400;1,700&display=swap');
code { font-family: Hack; }
section { font-family: Rubik, sans-serif; letter-spacing: 0; }
section.lead.invert { text-shadow: 0 0 10px black, 0 0 20px black; }
section.smaller-type li { font-size: 85% }
marp-pre code, marp-pre { background-color: #042029; }
.hljs-string { color: #8ae234; }
.hljs-number, .hljs-literal { color: #729fcf; }
.hljs-params { color: #e9b96e; font-style: italic; }
.hljs-built_in { color: #fce94f; font-weight: bold; }
.hljs-title.class_ { color: #fce94f; text-decoration: none; font-weight: bold; }
.hljs-title.function_ { color: #c8a8c4; }
.hljs-keyword { color: #fcaf3e; font-weight: bold; }
.hljs-attr { color: #e9b96e; }
.hljs-variable { color: red; font-weight: bold; }
/* .hljs-comment, .hljs-regexp, .hljs-symbol */
.twocol {
display: grid;
grid-template-columns: repeat(2, minmax(0, 1fr));
gap: 1rem;
}
|
Philip Chimento
Igalia, in partnership with Salesforce
TC39 December 2024
—
NOTE - checklists will continue to be updated until the meeting
A mechanism to execute JavaScript code within the context of a new global object and set of built-ins.
Goal is not security, but integrity: complete control over the execution environment.
globalThis.someValue = 1;
const realm = new ShadowRealm();
realm.evaluate(`globalThis.someValue = 2;`);
console.assert(globalThis.someValue === 1);
- Everything revolves around the question Which web APIs should be present inside ShadowRealm?
- Several different ways of answering this question have been proposed and rejected:
- "None"
- A vetted list
- A criterion based on confidentiality
- Sept. 2023: Stage 2, readvancement pending explicit support from two implementations that the testing and list of APIs to be exposed to ShadowRealms are sufficient
- Feb. 2024: Stage 2.7, with the understanding that stage 3 requires signoff from HTML folks on the HTML integration, as well as resolution of Mozilla's concerns about test coverage
- Not an opportunity to relitigate previous design decisions
Which web APIs should be present inside ShadowRealm?
- New W3C TAG design principle:
- Only purely computational features are exposed everywhere
- not performing I/O
- not affecting the state of the user agent or the user's device
- Exception: Anything relying on an event loop is not exposed
- Expose conservatively: features primarily useful for unexposed feature are not exposed
- Only purely computational features are exposed everywhere
- Developed based on a number of conversations with implementors and web platform experts
- Clear criterion to decide whether something is in or out
- Distinction between "which standards body standardized a feature" is irrelevant
Update: Full list of 1300+ global properties, which are in/out, & why: 📋spreadsheet
- Pull request: whatwg/html#9893
- Design settled and reviews have occurred
- Fixing details
- Some mechanical work needed in specs downstream of HTML to use new terminology
- ✅ Test APIs in ShadowRealms created in multiple scopes
- ✅ Window
- ✅ Worker
- ✅ SharedWorker
- ✅ ServiceWorker
- ✅ AudioWorklet
- ✅ other ShadowRealm
- ✅ Abort: AbortController, AbortSignal (except AbortSignal.timeout not exposed) (PR)
- ✅ Base64: atob, btoa (PR)
- ✅ console (PR 1, 2)
- ✅ crypto.getRandomValues, crypto.randomUUID (PR - pending acceptance by WebCrypto spec)
- ✅ DOMException (PR)
- ✅ Encoding: TextDecoder, TextDecoderStream, TextEncoder, TextEncoderStream (PR 1, 2 - pending review)
- ✅ Error handler: ErrorEvent, onerror, reportError (PR - pending review)
- ✅ Events: addEventListener, CustomEvent, dispatchEvent, Event, EventTarget (including
globalThisbeing one), removeEventListener (PR - pending review) - ✅ isSecureContext (PR - pending review)
- ✅ Observable, Subscriber (PR - pending review)
- ✅ Promise rejection: onrejectionhandled, onunhandledrejection, PromiseRejectionEvent (PR - pending review)
- ✅ queueMicrotask and evaluation order: (PR - pending review)
- ✅ self (PR)
- ✅ Streams: ByteLengthQueuingStrategy, CompressionStream, CountQueueingStrategy, ReadableByteStreamController, ReadableStream, ReadableStreamBYOBReader, ReadableStreamBYOBRequest, ReadableStreamDefaultController, ReadableStreamDefaultReader, TransformStream, WritableStream, WritableStreamDefaultController, WritableStreamDefaultWriter (PR 1, 2 - pending review)
- ✅ Structured clone: DataCloneError, structuredClone (PR - pending review)
- ✅ URL, URLSearchParams (PR - pending Interop question)
- ✅ URLPattern (PR - pending acceptance by URLPattern spec)
- ✅ WebAssembly (PR 1, 2) (except
compileStreamingandinstantiateStreamingnot exposed) - ✅ WebAssembly ESM imports (PR - pending review)
- ✅ Remove tests for things no longer exposed under the criterion
- ❌ Not currently covered in WPT at all: TransformStreamDefaultController, WebTransportWriter
- ✅ The feature has sufficient testing and appropriate pre-implementation experience
Specific to ShadowRealm
- Explicit support from two implementations that the testing and list of APIs to be exposed to ShadowRealms are sufficient
- Signoff from HTML folks on the HTML integration
- Resolution of Mozilla's concerns about test coverage
(to be added)