From: Qiantan Hong <qhong@mit.edu>
To: "larsi@gnus.org" <larsi@gnus.org>
Cc: "emacs-devel@gnu.org" <emacs-devel@gnu.org>
Subject: Re: [PATCH] Add user content APIs for WebKit Xwidgets
Date: Fri, 28 Aug 2020 15:41:01 +0000 [thread overview]
Message-ID: <37FB26C9-1B79-4317-930B-0EE5F0149139@mit.edu> (raw)
In-Reply-To: <87y2lyu98i.fsf@gnus.org>
[-- Attachment #1: Type: text/plain, Size: 1235 bytes --]
>> The script message handler API makes it possible to trigger event in emacs
>> from JavaScript, and can be used to implement procedure calling from
>> js to elisp. Currently only the other way around is possible.
>
> That sounds really scary, though. What are the security implications
> here?
I think it doesn’t increase any security risk, but sure correct me if I’m wrong.
The way this works is, Elisp side has to use
(xwidget-webkit-register-message xwidget message-name)
to register for an identifier — if nothing is registered, nothing can go to
Elisp.
After an identifier is registered, JavaScript can then use it to post
messages, which becomes an input event on Elisp side. This itself won’t
be able to call any Elisp procedure, but it’s possible to bind the input event
to some Elisp procedure that dispatches on message body and calls other
function to simulate an FFI interface from js to Elisp. In this case,
that Elisp procedure should control which procedures are allowed to call.
> Anyway, this is a larger large patch, so to apply it to Emacs, we'd have
> to have a copyright assignment to the FSF. Would you be willing to sign
> such paperwork?
Sure, I’m sending email.
[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 1858 bytes --]
next prev parent reply other threads:[~2020-08-28 15:41 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-28 2:25 [PATCH] Add user content APIs for WebKit Xwidgets Qiantan Hong
2020-08-28 14:37 ` Lars Ingebrigtsen
2020-08-28 15:41 ` Qiantan Hong [this message]
2020-08-30 13:43 ` Lars Ingebrigtsen
2020-08-29 4:07 ` Richard Stallman
2020-08-29 4:10 ` Richard Stallman
2020-08-29 4:45 ` Qiantan Hong
-- strict thread matches above, loose matches on Subject: below --
2022-10-14 6:34 Qiantan Hong
2022-10-14 7:01 ` Po Lu
2022-10-14 7:12 ` Qiantan Hong
2022-10-14 7:35 ` Po Lu
2022-10-14 21:13 ` Qiantan Hong
2022-10-15 1:37 ` Qiantan Hong
2022-10-15 7:53 ` Qiantan Hong
2022-10-15 11:23 ` Po Lu
2022-10-15 18:29 ` Qiantan Hong
2022-10-16 0:26 ` Po Lu
2022-10-15 23:33 ` Qiantan Hong
2022-10-16 4:32 ` Po Lu
2022-10-16 6:29 ` Qiantan Hong
2022-10-16 6:41 ` Po Lu
2022-10-16 6:45 ` Po Lu
2022-10-23 9:11 ` Qiantan Hong
2022-10-23 10:58 ` Po Lu
2022-10-23 22:16 ` Qiantan Hong
2022-10-24 0:30 ` Po Lu
2022-10-24 4:17 ` Qiantan Hong
2022-10-24 5:38 ` Po Lu
2022-10-24 5:44 ` Qiantan Hong
2022-10-24 7:20 ` Po Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=37FB26C9-1B79-4317-930B-0EE5F0149139@mit.edu \
--to=qhong@mit.edu \
--cc=emacs-devel@gnu.org \
--cc=larsi@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).