TC39 General
2021-12-12
plaintext logs
prev next
source on github
17:13
<Andreu Botella (he/they)>
Hey. I was trying to understand the ShadowRealm proposal, and I noticed that the requirements for HostResolveImportedModules don't say anything about realms
17:13
<Andreu Botella (he/they)>
and IIUC the security properties of ShadowRealms need the realm to not share a module map with any other realms
17:27
<Andreu Botella (he/they)>
Also, the HTML spec's implementation of HostResolveImportedModules doesn't follow the requirements, since it always uses the current realm's module map, and if referencingScriptOrModule is null, that might result in different calls to that operation returning different module records
17:27
<Andreu Botella (he/they)>
I'd argue that's a bug with the TC39 spec
20:20
<Mathieu Hofman>
and IIUC the security properties of ShadowRealms need the realm to not share a module map with any other realms
That is not my understanding. What made you think this? My recollection is that the shadow realms would share a module map, but would be keyed by realm. Cc leobalter
20:24
<Mathieu Hofman>
I believe this is the issue where it was discussed: https://github.com/tc39/proposal-shadowrealm/issues/261
20:24
<Mathieu Hofman>
I think there is a related whatwg issue
20:27
<Mathieu Hofman>
I believe this comment on the integration PR: https://github.com/whatwg/html/pull/5339#issuecomment-874588585
20:28
<Andreu Botella (he/they)>
Thanks for those links, I hadn't been following the conversations and was trying to figure out how things worked purely from the spec proposal and how it interacts with the HTML spec as it is currently
20:28
<Andreu Botella (he/they)>
But my understanding was that, if a module is first instantiated in the parent realm, and then imported from a ShadowRealm, you could access the parent realm's intrinsic objects that way
20:29
<Andreu Botella (he/they)>
I don't think there's anything to stop that currently
20:36
<Mathieu Hofman>
Ah no, you don't get the same module instance. It's keyed on the realm. But the resolution is shared per document
20:37
<Andreu Botella (he/they)>
oh, so the actual fetch for a module script only happens once per document, but you have different module records per realm?
20:37
<Mathieu Hofman>
So you can observe with timing if the parent has the module in it's map, but you never directly share any objects
20:40
<Andreu Botella (he/they)>
But in that case, HostResolveImportedModules would still need to say something about realms
22:06
<Andreu Botella (he/they)>
I filed https://github.com/tc39/proposal-shadowrealm/issues/342