Normative: Provide source text to HostEnsureCanCompileStrings #3222
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
cc @mikesamuel |
ljharb
reviewed
Nov 16, 2023
jmdyck
previously requested changes
Nov 16, 2023
ptomato
force-pushed
the
source-text-hostensurecancompilestrings
branch
from
d07cd69
to
8b2f141
Compare
jmdyck
reviewed
Nov 16, 2023
ptomato
force-pushed
the
source-text-hostensurecancompilestrings
branch
2 times, most recently
from
2a8a0a0
to
a4dbfc8
Compare
ptomato
force-pushed
the
source-text-hostensurecancompilestrings
branch
2 times, most recently
from
9659303
to
a0c6261
Compare
|
Updated to reflect the consensus in TC39 plenary of 2023-11-27:
|
|
thanks for the update @ptomato, this is looking good! |
ptomato
force-pushed
the
source-text-hostensurecancompilestrings
branch
from
a0c6261
to
e149547
Compare
|
I've updated this to reflect the option that had the most support in today's plenary meeting: passing the body string to the host hook after stringifying it. (I've also removed the references to #1498 from the commit message and reset the author; this PR no longer subsumes the goal of #1498, and in fact has ship-of-Theseus'ed so that it now contains nothing from the original) cc @erights for further discussion |
ptomato
force-pushed
the
source-text-hostensurecancompilestrings
branch
from
e149547
to
82fc88b
Compare
ptomato
force-pushed
the
source-text-hostensurecancompilestrings
branch
from
82fc88b
to
f3bc8eb
Compare
michaelficarra
approved these changes
Nov 30, 2023
|
Note that Firefox, Safari and Chrome already implement Option 2. Test case: <html>
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
</head>
<script>
new Function({
toString: () => {
console.log("Should not happen");
return "return 2"
},
});
</script>
</html>All the three browsers log before throwing. The observable change introduced my option 2 would thus just be matching web reality :) |
|
For posterity, "option 2" refers to this slide. |
syg
approved these changes
Dec 6, 2023
nicolo-ribaudo
suggested changes
Dec 7, 2023
ptomato
force-pushed
the
source-text-hostensurecancompilestrings
branch
from
1ebabde
to
db61ea2
Compare
bakkot
reviewed
Jan 8, 2024
ptomato
force-pushed
the
source-text-hostensurecancompilestrings
branch
from
639273d
to
af086c8
Compare
|
@tc39/ecma262-editors I realized this one wasn't in the list of things that would be added before ES2024 is cut. But I believe all of the discussions have been resolved, is there anything else preventing it from making the cut? |
bakkot
approved these changes
Feb 9, 2024
michaelficarra
added
the
ready to merge
) This change provides the source text to be evaluated, and the grammar symbol that should be used to parse it, to the host hook HostEnsureCanCompileStrings. One example of where this is needed is for allowing a Content Security Policy to provide hashes for code executed via `eval()` or `new Function()`: w3c/webappsec-csp#623 This is useful on its own, but has come up again in the topic of ShadowRealm-HTML integration. In a ShadowRealm you can either execute code asynchronously, with ShadowRealm.p.importValue, or synchronously, with ShadowRealm.p.evaluate. Because the latter uses `eval()` inside the ShadowRealm, it's subject to CSP rules, so the only CSP policy that will let you execute synchronously in the realm is `unsafe-eval`. This is a separate needs-consensus PR, rather than being part of the ShadowRealm proposal, because it's useful independently of ShadowRealm, and also ShadowRealm would go forward regardless of whether this goes forward. Prior art: https://github.com/tc39/proposal-dynamic-code-brand-checks
ljharb
force-pushed
the
source-text-hostensurecancompilestrings
branch
from
af086c8
to
b07ca06
Compare
ptomato
added a commit
to ptomato/proposal-shadowrealm
that referenced
this pull request
Feb 15, 2024
As of tc39/ecma262#3222 the signature of HostEnsureCanCompileStrings changed. This adapts to the new signature by pulling in the latest version of ecma262-biblio and adding the missing arguments. Closes: tc39#367
caridy
pushed a commit
to tc39/proposal-shadowrealm
that referenced
this pull request
Feb 16, 2024
As of tc39/ecma262#3222 the signature of HostEnsureCanCompileStrings changed. This adapts to the new signature by pulling in the latest version of ecma262-biblio and adding the missing arguments. Closes: #367
lukewarlow
added a commit
to lukewarlow/proposal-dynamic-code-brand-checks
that referenced
this pull request
Feb 20, 2024
…changed. This updates the README to reflect the current state.
lukewarlow
added a commit
to lukewarlow/proposal-dynamic-code-brand-checks
that referenced
this pull request
Feb 20, 2024
…changed. This updates the spec to better reflect the current state.
lukewarlow
added a commit
to lukewarlow/proposal-dynamic-code-brand-checks
that referenced
this pull request
Feb 20, 2024
…changed. This updates the spec to better reflect the current state. This also updates the README accordingly.
lukewarlow
added a commit
to lukewarlow/proposal-dynamic-code-brand-checks
that referenced
this pull request
Feb 20, 2024
…changed. This updates the spec to better reflect the current state. This also updates the README accordingly.
lukewarlow
added a commit
to lukewarlow/proposal-dynamic-code-brand-checks
that referenced
this pull request
Feb 20, 2024
…changed. This updates the spec to better reflect the current state. This also updates the README accordingly.
lukewarlow
added a commit
to lukewarlow/proposal-dynamic-code-brand-checks
that referenced
this pull request
Feb 20, 2024
…changed. This updates the spec to better reflect the current state. This also updates the README accordingly.
This was referenced Feb 22, 2024
This was referenced Feb 22, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is based on Mike Samuel's work in #1498, but ultimately goes in a different direction. Due to #2670, this change can be made simpler than it previously was.
This change provides the source text to be evaluated, and the grammar symbol that should be used to parse it, to the host hook HostEnsureCanCompileStrings.
One example of where this is needed is for allowing a Content Security Policy to provide hashes for code executed via
eval()ornew Function():w3c/webappsec-csp#623
This is useful on its own, but has come up again in the topic of ShadowRealm-HTML integration. In a ShadowRealm you can either execute code asynchronously, with ShadowRealm.p.importValue, or synchronously, with ShadowRealm.p.evaluate. Because the latter uses
eval()inside the ShadowRealm, it's subject to CSP rules, so the only CSP policy that will let you execute synchronously in the realm isunsafe-eval.The original purpose of #1498 was to support Trusted Types, which is still a goal of this PR.This is a separate needs-consensus PR, rather than being part of the ShadowRealm proposal, because it's useful independently of ShadowRealm, and also ShadowRealm would go forward regardless of whether this goes forward.
Prior art: https://github.com/tc39/proposal-dynamic-code-brand-checks