From: Qiantan Hong <qhong@mit.edu>
To: "larsi@gnus.org" <larsi@gnus.org>
Cc: "emacs-devel@gnu.org" <emacs-devel@gnu.org>
Subject: Re: [PATCH] Add user content APIs for WebKit Xwidgets
Date: Fri, 28 Aug 2020 15:41:01 +0000 [thread overview]
Message-ID: <37FB26C9-1B79-4317-930B-0EE5F0149139@mit.edu> (raw)
In-Reply-To: <87y2lyu98i.fsf@gnus.org>
[-- Attachment #1: Type: text/plain, Size: 1235 bytes --]
>> The script message handler API makes it possible to trigger event in emacs
>> from JavaScript, and can be used to implement procedure calling from
>> js to elisp. Currently only the other way around is possible.
>
> That sounds really scary, though. What are the security implications
> here?
I think it doesn’t increase any security risk, but sure correct me if I’m wrong.
The way this works is, Elisp side has to use
(xwidget-webkit-register-message xwidget message-name)
to register for an identifier — if nothing is registered, nothing can go to
Elisp.
After an identifier is registered, JavaScript can then use it to post
messages, which becomes an input event on Elisp side. This itself won’t
be able to call any Elisp procedure, but it’s possible to bind the input event
to some Elisp procedure that dispatches on message body and calls other
function to simulate an FFI interface from js to Elisp. In this case,
that Elisp procedure should control which procedures are allowed to call.
> Anyway, this is a larger large patch, so to apply it to Emacs, we'd have
> to have a copyright assignment to the FSF. Would you be willing to sign
> such paperwork?
Sure, I’m sending email.
[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 1858 bytes --]
next prev parent reply other threads:[~2020-08-28 15:41 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-28 2:25 [PATCH] Add user content APIs for WebKit Xwidgets Qiantan Hong
2020-08-28 14:37 ` Lars Ingebrigtsen
2020-08-28 15:41 ` Qiantan Hong [this message]
2020-08-30 13:43 ` Lars Ingebrigtsen
2020-08-29 4:07 ` Richard Stallman
2020-08-29 4:10 ` Richard Stallman
2020-08-29 4:45 ` Qiantan Hong
-- strict thread matches above, loose matches on Subject: below --
2022-10-14 6:34 Qiantan Hong
2022-10-14 7:01 ` Po Lu
2022-10-14 7:12 ` Qiantan Hong
2022-10-14 7:35 ` Po Lu
2022-10-14 21:13 ` Qiantan Hong
2022-10-15 1:37 ` Qiantan Hong
2022-10-15 7:53 ` Qiantan Hong
2022-10-15 11:23 ` Po Lu
2022-10-15 18:29 ` Qiantan Hong
2022-10-16 0:26 ` Po Lu
2022-10-15 23:33 ` Qiantan Hong
2022-10-16 4:32 ` Po Lu
2022-10-16 6:29 ` Qiantan Hong
2022-10-16 6:41 ` Po Lu
2022-10-16 6:45 ` Po Lu
2022-10-23 9:11 ` Qiantan Hong
2022-10-23 10:58 ` Po Lu
2022-10-23 22:16 ` Qiantan Hong
2022-10-24 0:30 ` Po Lu
2022-10-24 4:17 ` Qiantan Hong
2022-10-24 5:38 ` Po Lu
2022-10-24 5:44 ` Qiantan Hong
2022-10-24 7:20 ` Po Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=37FB26C9-1B79-4317-930B-0EE5F0149139@mit.edu \
--to=qhong@mit.edu \
--cc=emacs-devel@gnu.org \
--cc=larsi@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.