leobalter Github contribution chart
leobalter Github Stats
leobalter Most Used Languages

Activity

07 Oct 2022

Leobalter

Clarify security story.

cc @arturjanc @arthursonzogni @syg @ajklein

Hi there! Chrome web platform security reviewer here.

We (Chrome web platform security folks) just took another look at this proposal and were concerned with the light treatment given to security concerns, as well as the explicit endorsement of ShadowRealms for untrusted code evaluation (such as plugins). Figma for example has backtracked and stopped using realms after discovering security issues with them.

We understand that the champions focus on "integrity" instead of "security", which is fine with us. We simply wish for security concerns to be made explicit, to avoid others falling into the trap of believing ShadowRealms are a meaningful isolation boundary for untrusted code on par with cross-origin iframes.

Merged On 07 Oct 2022 at 04:29:02

Leobalter

Commented On 07 Oct 2022 at 04:29:02
Issue Comment

Leobalter

Clarify security story.

cc @arturjanc @arthursonzogni @syg @ajklein

Hi there! Chrome web platform security reviewer here.

We (Chrome web platform security folks) just took another look at this proposal and were concerned with the light treatment given to security concerns, as well as the explicit endorsement of ShadowRealms for untrusted code evaluation (such as plugins). Figma for example has backtracked and stopped using realms after discovering security issues with them.

We understand that the champions focus on "integrity" instead of "security", which is fine with us. We simply wish for security concerns to be made explicit, to avoid others falling into the trap of believing ShadowRealms are a meaningful isolation boundary for untrusted code on par with cross-origin iframes.

Forked On 06 Oct 2022 at 08:18:55

Leobalter

Thanks for the PR, @letitz! I'm reviewing the contents internally - including the comments in this PR - to get back soon with a response

Commented On 06 Oct 2022 at 08:18:55

Leobalter

Editorial: Remove unused evalRealm parameter from ShadowRealmImportValue (#374)

Pushed On 28 Sep 2022 at 04:14:44

Leobalter

Editorial: Remove unused evalRealm parameter from ShadowRealmImportValue

Created On 28 Sep 2022 at 04:14:44

Leobalter

Editorial: fix #371 - better handling of completion values (#373)

  • fix #371: better handling of completion values

  • restoring order of steps

Co-authored-by: Caridy PatiƱo caridy@caridys-air.lan Co-authored-by: Leo Balter leonardo.balter@gmail.com

Pushed On 28 Sep 2022 at 04:14:08

Leobalter

Editorial: fix #371 - better handling of completion values

Created On 28 Sep 2022 at 04:14:07

Leobalter

Editorial: Update ecmarkup; lint. (#375)

  • Update ecmarkup.

  • Lint.

  • Fix some more formatting issues.

Pushed On 28 Sep 2022 at 04:13:55

Leobalter

Update explainer.md (#376)

Fix typo

Pushed On 28 Sep 2022 at 04:13:55

Leobalter

Fix typos (#377)

Clarifying and grammatical changes

Pushed On 28 Sep 2022 at 04:13:55

Leobalter

Merge branch 'main' into caridy/issue-371

Pushed On 28 Sep 2022 at 04:13:55
Issue Comment

Leobalter

Editorial: fix #371 - better handling of completion values
Forked On 28 Sep 2022 at 04:11:51

Leobalter

@rwaldron PTAL at the referred test262.

Commented On 28 Sep 2022 at 04:11:51

Leobalter

Fix typos

Created On 28 Sep 2022 at 04:09:39

Leobalter

Fix typos (#377)

Clarifying and grammatical changes

Pushed On 28 Sep 2022 at 04:09:39

Leobalter

Fix typos

Clarifying and grammatical changes

Merged On 28 Sep 2022 at 04:09:33

Leobalter

Commented On 28 Sep 2022 at 04:09:33

Leobalter

Fix typo at explainer.md

Created On 28 Sep 2022 at 04:09:19

Leobalter

Update explainer.md (#376)

Fix typo

Pushed On 28 Sep 2022 at 04:09:20

Leobalter

Fix typo at explainer.md

"the" was written twice

Merged On 28 Sep 2022 at 04:09:14

Leobalter

Commented On 28 Sep 2022 at 04:09:14

Leobalter

Cleanup

Pushed On 19 Sep 2022 at 10:54:17
Create Branch

Leobalter

Description not entered by the user.

On 19 Sep 2022 at 10:51:06
Create Branch

Leobalter

Description not entered by the user.

On 19 Sep 2022 at 10:48:52

Leobalter

Normative: fix #353 - propagate error details across realms when possible

As described in #353, this PR will attempt to copy the "message" (as string), and the "cause" (if it is string), when throwing an error in the caller realm, whether that's a result of evaluation, importValue or just calling a wrapped function.

Forked On 15 Sep 2022 at 04:12:36

Leobalter

duplicate of https://github.com/tc39/proposal-shadowrealm/pull/372#discussion_r966200757 but yes, not a "relief".
On 15 Sep 2022 at 04:12:36

Leobalter

Normative: fix #353 - propagate error details across realms when possible

As described in #353, this PR will attempt to copy the "message" (as string), and the "cause" (if it is string), when throwing an error in the caller realm, whether that's a result of evaluation, importValue or just calling a wrapped function.

Merged On 15 Sep 2022 at 04:12:37

Leobalter

Commented On 15 Sep 2022 at 04:12:37

Leobalter

Editorial: Update ecmarkup; lint. (#375)

  • Update ecmarkup.

  • Lint.

  • Fix some more formatting issues.

Pushed On 15 Sep 2022 at 04:11:45

Leobalter

Editorial: Update ecmarkup; lint.

Created On 15 Sep 2022 at 04:11:43

Leobalter

Editorial: Update ecmarkup; lint.
Merged On 15 Sep 2022 at 04:11:36

Leobalter

Commented On 15 Sep 2022 at 04:11:36

Leobalter

ci: bump actions/checkout from 2 to 3

Created On 13 Sep 2022 at 09:16:18

Leobalter

ci: bump actions/checkout from 2 to 3 (#9)

Bumps actions/checkout from 2 to 3.


updated-dependencies:

  • dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] support@github.com

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Pushed On 13 Sep 2022 at 09:16:18