From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Qiantan Hong Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] Add user content APIs for WebKit Xwidgets Date: Fri, 28 Aug 2020 15:41:01 +0000 Message-ID: <37FB26C9-1B79-4317-930B-0EE5F0149139@mit.edu> References: <87y2lyu98i.fsf@gnus.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Apple-Mail=_7458CEA8-FC66-4565-88C0-80ABCC0DB58C"; protocol="application/pkcs7-signature"; micalg=sha-256 Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="24940"; mail-complaints-to="usenet@ciao.gmane.io" Cc: "emacs-devel@gnu.org" To: "larsi@gnus.org" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Fri Aug 28 17:42:00 2020 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kBgVr-0006MR-Mz for ged-emacs-devel@m.gmane-mx.org; Fri, 28 Aug 2020 17:41:59 +0200 Original-Received: from localhost ([::1]:36724 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kBgVq-0007a4-PT for ged-emacs-devel@m.gmane-mx.org; Fri, 28 Aug 2020 11:41:58 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:45836) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kBgVJ-0006r4-SP for emacs-devel@gnu.org; Fri, 28 Aug 2020 11:41:25 -0400 Original-Received: from outgoing-exchange-3.mit.edu ([18.9.28.13]:34344) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kBgVH-0001G4-T3 for emacs-devel@gnu.org; Fri, 28 Aug 2020 11:41:25 -0400 Original-Received: from w92exedge4.exchange.mit.edu (W92EXEDGE4.EXCHANGE.MIT.EDU [18.7.73.16]) by outgoing-exchange-3.mit.edu (8.14.7/8.12.4) with ESMTP id 07SFfDhx010939; Fri, 28 Aug 2020 11:41:21 -0400 Original-Received: from oc11expo16.exchange.mit.edu (18.9.4.47) by w92exedge4.exchange.mit.edu (18.7.73.16) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Fri, 28 Aug 2020 11:40:45 -0400 Original-Received: from oc11expo16.exchange.mit.edu (18.9.4.47) by oc11expo16.exchange.mit.edu (18.9.4.47) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Fri, 28 Aug 2020 11:41:01 -0400 Original-Received: from oc11expo16.exchange.mit.edu ([18.9.4.47]) by oc11expo16.exchange.mit.edu ([18.9.4.47]) with mapi id 15.00.1365.000; Fri, 28 Aug 2020 11:41:01 -0400 Thread-Topic: [PATCH] Add user content APIs for WebKit Xwidgets Thread-Index: AQHWfOJ72IExLf6WZUuCQTChnsOyvKlNl+CagABUrIA= In-Reply-To: <87y2lyu98i.fsf@gnus.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [18.18.245.17] Received-SPF: pass client-ip=18.9.28.13; envelope-from=qhong@mit.edu; helo=outgoing-exchange-3.mit.edu X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/28 11:41:22 X-ACL-Warn: Detected OS = Windows 7 (Websense crawler) X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:254356 Archived-At: --Apple-Mail=_7458CEA8-FC66-4565-88C0-80ABCC0DB58C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 >> The script message handler API makes it possible to trigger event in = emacs >> from JavaScript, and can be used to implement procedure calling from >> js to elisp. Currently only the other way around is possible. >=20 > That sounds really scary, though. What are the security implications > here? I think it doesn=E2=80=99t increase any security risk, but sure correct = me if I=E2=80=99m wrong.=20 The way this works is, Elisp side has to use (xwidget-webkit-register-message xwidget message-name) to register for an identifier =E2=80=94 if nothing is registered, = nothing can go to Elisp. After an identifier is registered, JavaScript can then use it to post messages, which becomes an input event on Elisp side. This itself = won=E2=80=99t be able to call any Elisp procedure, but it=E2=80=99s possible to bind = the input event to some Elisp procedure that dispatches on message body and calls other function to simulate an FFI interface from js to Elisp. In this case,=20 that Elisp procedure should control which procedures are allowed to = call. > Anyway, this is a larger large patch, so to apply it to Emacs, we'd = have > to have a copyright assignment to the FSF. Would you be willing to = sign > such paperwork? Sure, I=E2=80=99m sending email.= --Apple-Mail=_7458CEA8-FC66-4565-88C0-80ABCC0DB58C Content-Disposition: attachment; filename="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCA70w ggO5MIIDIqADAgECAhAaql39NsO1qLVjkS2hl517MA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYT AlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3Rp dHV0ZSBvZiBUZWNobm9sb2d5MRUwEwYDVQQLEwxDbGllbnQgQ0EgdjEwHhcNMjAwODAzMDEyNDIz WhcNMjEwODAxMDEyNDIzWjCBoTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMx LjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsT DENsaWVudCBDQSB2MTEVMBMGA1UEAxMMUWlhbnRhbiBIb25nMRwwGgYJKoZIhvcNAQkBFg1xaG9u Z0BNSVQuRURVMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylUlEQdK4BSXKzoGh6As CKN/TpLmC0kjhPdxUKMj1/86Xl6GDCla4h95uISDOWVAKdu3cIlA8m9zRLT2jNEIkt1DVpXP6c9h y8RRyfJm0qlrvr6tsHi5AmO4Li6s2dEGaTxbakPL6vEn7ZYr86t5orq56nubki77Z8ZvRv9/fWdF bF/YBNGDayLNk0NbXIEQdCHiz1l+bxfw+GHHRmdOge3MKWSg463+GGMdxtLQ61AbtR2vm47FIJBt c0X6ptcInWUg4Nf/9vSNGl6KvREvfbEWKCT6TfL5ncIFlitf6ZWKue2PZ4ULFfIQ3/7EsEk03xxr S7sTOy7e2dbPboe/WwIDAQABo4GhMIGeMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMB0G A1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFDeb9Jlj XSm+y0CD872IhzRDIGv1MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jYS5taXQuZWR1L2NhL21p dGNsaWVudC5jcmwwDQYJKoZIhvcNAQELBQADgYEApBTx4tBbD5rQ+bNGd/Z3OBV07qFsm5QHNg0+ 6lxJ3j7q5zMMq35o6y5cBIhcFG6t+MFqJIdERZ3EprDturyqozQsIBMHFnqh+iZcMg0uQyssEqKZ hrzIdw8GuY4Z6jNewdGy5mwwG9yjpEbzWWgdofSM5rnezZz7EvCQu9ilt1sxggNDMIIDPwIBATCB gDBsMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEuMCwGA1UEChMlTWFzc2Fj aHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEVMBMGA1UECxMMQ2xpZW50IENBIHYxAhAa ql39NsO1qLVjkS2hl517MA0GCWCGSAFlAwQCAQUAoIIBkzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0yMDA4MjgxNTQxMDFaMC8GCSqGSIb3DQEJBDEiBCAVfXgdW3Us i2aMqAYgSEfl/jfzrKR1rjVC7eiv7ZhtmzCBkQYJKwYBBAGCNxAEMYGDMIGAMGwxCzAJBgNVBAYT AlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3Rp dHV0ZSBvZiBUZWNobm9sb2d5MRUwEwYDVQQLEwxDbGllbnQgQ0EgdjECEBqqXf02w7WotWORLaGX nXswgZMGCyqGSIb3DQEJEAILMYGDoIGAMGwxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNo dXNldHRzMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MRUw EwYDVQQLEwxDbGllbnQgQ0EgdjECEBqqXf02w7WotWORLaGXnXswDQYJKoZIhvcNAQEBBQAEggEA gplyidRMuUnSJnTl1pnBlr03mASiTBe3TbTTkyem/Qdrz6pM6MZrTcIg6uJECbNgQ+1Q7QLR6YEK FQnYPaXiiyaXJFXrU4LPcrWMgE57dFS6ZqJn3XO+1yA0fMYdqpbTNn7OsaTg/dGkaut/+r9XG/od 4O853xmZQUaZzFJcAtWa3aJHjfSvs8klUdHBMVu6nGGO7880m/bCvwYMdqlw/7zYpMz5pf5jObPp kZByCVGXEtVzgsaYP4ey2ZUPoO1D91GlRM7ikcNTEqTlSQZ8PpSV6q+n54WutUeYEgTwIq+1lMmj NUiqpn5Uz5ItCtpoe8I5g19S/DWNnuH745PQ/QAAAAAAAA== --Apple-Mail=_7458CEA8-FC66-4565-88C0-80ABCC0DB58C--