search

WICG / Realms-Initialization-Control

WIP explainer for RICA (Realms Initialization Control API) proposal
MIT License
5 stars 0 forks source link

Are workers in scope? #5

Open yoavweiss opened 2 months ago

yoavweiss commented 2 months ago

They are mentioned as part of the terminology definition, but aren't mentioned elsewhere.

weizman commented 2 months ago

Great question,

Workers are part of the terminology definition because they are an important example to properly explaining what realms are.

However, in context of this proposal, Workers aren't relevant because the same origin concern refers to realms that have synchronous access to each other's graph, and by that can access/manipulate each other's internal intrinsics, DOM, global object, execution environment and more.

Easiest way to test this mentally is by telling whether Array of another realm is accessible to your realm or not:

// in scope ("ƒ Array() { [native code] }")
document.body.appendChild(document.createElement('iframe')).contentWindow.Array;
open('about:blank').Array;

These techniques aren't relevant with Workers (no such access exists) and that's why they're out of scope here.

yoavweiss commented 2 months ago

Can't subworkers be used to e.g. grab overridden native prototypes from the global scope?

weizman commented 2 months ago

I'm not familiar with the term sub workers, but if you're referring to https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers then the answer is no