►
From YouTube: SES Meeting: ShadowRealm HTML Integration Challenges
Description
Daniel Ehrenberg introduces us to Matthew Gaudet from Mozilla who is implementing ShadowRealm in SpiderMonkey who discusses challenges in integrating ShadowRealms with HTML, including reclassifying global objects, and various web APIs dependence on state rooted in the two extant types of global object: worker and window.
A
Kris
“cowbert”
kowal:
okay,,
it's
assess
meeting
and
the.
and
it's
june
fourteenth
of
2023..
We
have
2
topics
today.
if
we
manage
to
get
to
them..
The
first
topic.
Long
planned
is
shadow
realm,,
html,
integration.,
and
we
have
all
the
part
people
we
need
to
have
that
conversation.
and
then,.
If
we
happen
to
have
time
toward
the
end
of
that.
A
B
B
B
B
B
B
B
B
B
B
B
Matthew
gaudet:,
the
actual
active
testing
list,
is
going
to
reveal
a
lot
of
questions
about
things
like
whether
or
not
it
makes
sense..
So
I
don't
know
how
to
pronounce
their
name,
so
somebody
feel
free
to
correct
me.,
but
ms.
2
came
along
and
did
a
whole
bunch
of
pull
requests
on
a
bunch
of
web
standards,,
changing
them
to
be
exposed,
star.
B
B
B
Matthew
gaudet:
and
you
know,.
There
was
this
catch
22
situation
with
their
standard
where
they
were
like,
well,
nobody's
implemented
it.,
so
we're
not
gonna
have
that
in
there.,
but
of
course
nobody
will
influence
it
unless
it's
in
there..
So
I
thought,
okay,
well,.
What
if
I
go,
and
I
try
to
do
that.
B
B
B
B
B
B
B
B
C
C
C
C
C
C
B
C
B
B
Matthew,
gaudet:
that
when
we
were
doing
reviews,
and
like
this
was
the
case
for
mozilla,
when
we
did
our
internal
reviews
of
set
up
shadow
around..
So
I
did
my
initial
implementation
of
channel
rooms..
There's
a
lot
of
things
where
it's
like
this
is
fine..
This
is
easy..
We
did
it,
you
know,
implemented
all
of
it..
It
looks
fine,
and
we
implemented
the
host
back.
B
B
Matthew
gaudet:
and
that
matthew,
gaudet:
like.,
I'm
not
sure
the
we,
as
mozilla,,
would
have
even
supported
shadow
runs
going
to
stage
3..
Had
we
understood
the
like
level
of
complexity
like
this
was.
This
was
one
of
those
unfortunate
scenarios
where
we
reviewed
it
as
the
spider
monkey
team,,
and
we
just
sort
of
took
it
as
an
article
of
faith.,
but
the
hook
was
going
to
be
no
issue.
B
B
B
B
B
B
C
Daniel
ehrenberg:,
mike
should
be
daniel,
ehrenberg:,
totally
unable
to
see
who
you're
in
closing.
global
is
so
for
for
some
background,
here,
from
the
perspective
of
tc.
39.,
none
of
us,
especially
were
pushing
for
having
all
these
web
apis
be
exposed
in
shadow
realms..
This
was
an
interest
in
this
was
an
interest
raised
by.
C
Daniel
ehrenberg:
web
standards.
people
who
wanted
to
make
sure
that
it
wasn't
kind
of
too
sharp
of
an
edge
between
pc.,
3
or
9
to
design
things
and
web
design
things,
so
they
wanted
to
make
sure
that
their
web
things
were
available
so
that
it
wouldn't
be
this
break
in
the
abstraction
model.
If
mozilla's
web
people
now
feel
that
it
shouldn't
be
exposed,,
that's
like
a
legitimate
position
to
take.
C
Daniel
ehrenberg:-
and
we
should
it
would
be
great
if
that
were
like
expressed..
So
if
especially,
if
it
turns
out
to
be
unimplementable,,
that
would
be
a
pretty
strong
argument
for
just
not
exposing
these
things..
If
there's
a
particular
api
that
has
problems,,
I
think
we
can
just
expose
it.
exclude
that
particular
api.
Aside
from
the
things
you
raised.,
there
was
also
a
question
which
remains
unresolved,,
about
which
apis
we
do
expose.
C
C
C
C
Daniel
ehrenberg:,
if
there's
a
particular
technical
issue
with
a
particular
api,,
I
think
we
should,,
we
should
look
into
it..
I
don't
think
it's.
I
don't
think
it's
fair
to
say
that
this
was
just
like
randomly
swept
under
the
rug..
We
had
like
a
lot
of
debate
about
the
about
the
nature
of
this
over
a
long
time.
C
B
Matthew
gaudet:
performances,
like
my
my
case
in
point
of
being
like
as
I
look
at
it,,
I
see
real
problems
that
I'm
concerned
about.,
and
some
of
this
just
comes
down
to
like
a
lack
of
testing
and
a
of
like
infrastructure,
around,
like,.
What
is
the
actual
model
that
was
expected??
What
is
the
intention
of
this
supposed
to
be
when
we
implement
the
hook.?
So
kara
is
next,,
because
I
should.
D
D
B
Matthew
gaudet:
yeah
exposed
attribute
was
applied
to
it
with
these
intention
that
it's
like,
oh,
yes,.
This
is
a
simple
change,,
a
simple
pr
that
obviously
should
just
work.,
but
as
a
result
of
the
actual
exposure
and
trying
to
implement
it,,
you
start
to
see
that
it's
not
as
simple
as
simply
marketing
makes
both
star..
There
are
dependencies
that
are
not
exposed.
This
way.
B
D
D
Matthew
gaudet:,
absolutely
okay.,
like
dropping
one
of
the
one
of
the
potential
outcomes
here,
is
that
the
answer
is
that
we
drop
the
host
book
and
we
say
the
a
shadow
realm
is
just
a
very
primitive
realm,
that
if
you
want
to
access
anything
outside
you,,
the
user
are
responsible
for
pushing
the
things
in
exposing
them.
Appropriately.
B
B
Daniel
ehrenberg:
yeah,,
that
was
the
original
design,,
and
we
would
be
fine
with
returning
to
that
design..
I
think
you
should
talk.
if
you
can
talk
to
your
web
platform,
people
about
whether
they
would
be
fine.
with
that.
That
would
be
really
helpful.
yup,.
That
was
the
reason
on
this
side,,
like
you
have
nothing
there..
It
makes
it
more
difficult
than.
D
Matthew
gaudet:
yeah,
I
like
to
be
fair
like
to
like
when
I'm
wearing
my
like.
there's
a
lot
of
here.,
I'm
very
much
wearing
my
like
spider
monkey
team
is
what
I
had.,
and
you
know
this
is
an
unfortunate
nature
of
like
organizational
boundaries
that
I
haven't
been
super
in,
like
paying
attention
to
the
html.
half
of
these
conversations.
B
D
D
Matthew
gaudet:
no,,
this
is,.
This
is
entirely.
but
like,.
I
can't
remember
the
title
right
now.,
but
the
the
web
platform
post
book,,
which
is
like,.
What
are
the
global.?
What
are
the
global
things
that
are
exposed
inside
of
that
global??
You
know,.
What
are
the
names
that
you
see
inside
of
the
global
one??
It
is
created.
and
I
think
mark
is
next.
E
Mark
s.
miller,
(mm,
agoric):
you're
running
into
considerations
that
might
push
you
to
advocate
for
that
in
part
to
end.
in
particular,.
I
want
to
very
much
support
what
dan
said
about
drawing
a
line
at
I/o..
If
we,
if
you
know,,
if,
if
some
web
platform
api
is
still
make
it
implicitly
into
new
shadow
rooms.,
but
there's
a
new
line
to
be
a
new
restrictive
wanting
to
be
drawn.
E
E
E
E
E
E
E
E
E
E
C
C
C
C
C
C
F
F
F
F
F
F
E
E
E
Mark
s.
miller,
(mm,
agoric):
okay?,
so
the
used
cases
don't..
So
why
are
use
cases
that
don't
require
membrane,
but
do
require
fetch
and
specially
compelling
category.
because,.
You
know,
used
cases
that
don't
require
a
membrane,
but
do
require
x.
in
general,,
where
x
is
hard
to
emulate.
Without
a
membrane,
we
have
a
membrane
off
the
shelf
that
we
can
use.
and
that's
a
way
to
solve
the
hard,
hard
to
emulate.
x.
D
D
Caridy:,
so
something
like
a
test
framework
where
it
tests
are
executed
inside
the
realm..
If
the
test
is
just
infection
using
console
log,,
it's
going
in,,
you
know
my
stuff.,
then
it
becomes
really
difficult.,
but
the
same
time.
I
feel
that
some
of
these
could
be
not
necessarily
virtualized
through
a
membrane,,
but
it
could
be
done
like
a
library
that
you
implement.
and
then.
D
D
Caridy:
and
they
shut
around
environment.
makes
it
easy
to
debug
and
so
on.,
but
it
it
is
not
native
code..
It's
just
someone's
running
that
code
there.
but
yeah,.
It's
it's
just
going
to
be
more
difficult
for
people
to
use
the
shadow
wrong
for
things
that
are
on
a
membrane,
because
membranees
are
complicated.
F
D
C
C
D
D
caridy:.
There
are
2
places
where
you
might
be
interested
in,
knowing
that
there
was
an
error
oncut
or
triggered
by
the
code
running
inside
the
membrane.
That
could
be
for
an
outside
a
membrane
as
sorry
for
outside
the
room
or
from
within
the
room
itself
that
they
could
program
that
you
have
running
inside
the
shadow
room.
D
D
D
D
D
C
F
C
F
F
F
D
D
Caridy:
they
shot
a
wrong
caridy:
constructor
level
that
you
provide
some
sort
of
call
back.
That
is
going
to
be
call
if
an
error
is
not
handled
correctly
inside
the
wrong.,
so
you'll
get
that
thing.,
and
now
you
decide,.
How
are
you
going
to
communicate
that
back
to
the
shadow
and
the
assumptions
that
you
will
not
be
able
to
really.
D
F
F
F
F
D
B
B
B
B
Matthew
gaudet:
right?,
because
I
actually
think
that
a
lot
of
this
conversation
makes
total
sense,
and
that
there's
gonna
be
problems
here.,
but
the
way
to
discover
and
actually
build
them
would
be
to
sit
down
and
write.
The
test
and
like,
have
someone
actually
use
this
interface
deeply
and
thoroughly,
and
actually
consume
these
web.
api's.
D
B
Matthew,
gaudet:
well,,
I
mean
it
like.,
matthew,
gaudet:.
If
you
would
eliminate
that
if
you
eliminate
the
host,
hope,
that's
one
thing.
I
know
that
there
are
people
who
for
whom
that
is
actually
a
problem,
right?.
There
are
people
for
whom
you
know
the
decision.
I
like..
I
can't
speak
for
all
of
them
as
a
lot,,
but
I
know
that
there
are
people,
you
know,,
who
want
shadow
realms
to
not
reflect
just
the
tc.
39
contents.
and
you
know,
mark
mentioned
text
decoder
as
the
canonical
example,,
and
I
think
it's
a
great
example.
B
B
Matthew
gaudet:,
but
we
have
a
you
know..
We
started
this
conversation
with
like
one
of
the
problems
with
trying
to
implement.
This
is
that
there
are
no
tests.
and,
as
I
implemented,
I
discover
problems.,
and
if
we
had
a
set
of
test
cases
and
we
could
represent
like,,
how
do
you
catch
an
error?
and
on
handle
project
showing
like,?
Do
we
need
that??
Can
we
figure
out,
hey?,
you
know,
normal,,
callable,
boundary
thing,,
like
all
this
sort
of
stuff,
like,?
B
C
C
C
Daniel
ehrenberg:,
the
point
is
taken
that
we
should
have
web
platform
tests
that
are
more
complete
than
what
we
had
previously..
Does
anybody
want
to
sign
up
to
do?
That?
the
champions
listed,
the
proposal,
or
the
herman
carrotty,
you
rights.
vo,
leo
belter,,
or
cauldron
legit
cas..
Anybody
want
to
take
this
action
at
him.
Among
the
champion
group.
C
C
C
C
C
B
B
B
B
Daniel
ehrenberg:
well,,
I
I
can
answer
that.
One
question
right
now,,
which
is
that
shadow
realms
should
generally
act
like
the
realm
that
they're
in
close..
They
generally
act
like
the
window
or
the
worker,
depending
on
whether
in
a
window
or
worker,
isolating
a
shadow
room
from
being
able
to
detect
that
it's
embedded
in
one
of
those
is
not
a
goal.
B
C
C
B
C
C
B
Matthew
gaudet:,
and
so
we
have
to
call
into
code.
that
is
rent
safe,
that
has
different
accessors.,
that's
kind
of
a
different
stable.
and
on
the
window
case,
we
say,
well,.
In
the
window
case.
We
assume
that
we
are
running
on
name
thread..
We
don't
have
to
worry
about
it,
like
the
worker
will
have
done
all
of
the
appropriate
things
to
coordinate..
So
we
just
go
ahead
and
follow
forward.
B
C
B
B
B
Matthew
gaudet:
and
the
idea
that
like.
matthew,
gaudet:
oh,,
you
know,
it's
okay..
If
anything,
that
is
a
shadow
round
global
says
that
it's
a
window
is
just
a
non-starter..
That's
never
gonna
happen,,
because
that
is
down
that
road
lies
security,
vulnerabilities,
coming
up.,
the
wasn't
right.
they're
just,
you
know,
we?.
We
have
so
many
checks
that
assume
correctly
like,.
If
this
is
a
window,,
we
know
things
about
that
window..
We
are
doing
dynamic,
casting
between
types
like
this.
no,,
but
so,.
But
that
means
that's
good
to
understand..
C
B
Matthew
gaudet:,
but
then
what
I'm
concerned
about
is
like
the
web
platform
is
stupidly,
complicated..
So
what
happens
when
some
random
function
gets
a
wrapped
global,?
It
gets
a
rapt
function
handler
passed
to
it.
and
the
web
platform
says,
well,
you,
as
the
global
that
comes
from
that
function
to
do
some
other
work,
and
it
goes
and
does
that
other
work,
and
it
ends
up
in
code
that
was
never
audited
for
the
purpose
of
whether
or
not
you
had
a
shadow
on
global,
and
now
it
explodes
it..
B
Matthew
gaudet:.
I
get
scared
when
I
started
implementing
this
because
of
this
question
and
the
the
question
of
like
even
delegation,
the
idea
that,
like
well,,
if
you're
a
shadow
round,
global,
then
report
the
answer
of
what
is
your
in
closing
global
is
mostly
reasonable.
but
again,.
It's
going
to
require
us
to
every
place
that
you
have
to
know.
questions.
About.
your
global
go
through
and
figure
out.
B
B
B
G
G
G
G
C
C
G
B
Matthew
gaudet:,
I
see.
so
like
that
particular
concern
has
sort
of
been
addressed.
for
my
part,
it.
It
just
means,
like
the
level
isolation
that
I
thought
shadow
roms
had
is
distinct
from
the
actual
level
of
isolation
of
the
shadow
of
this
anything
for,
and
so
that
was
an
expectations
mismatch
more
than
anything
else.
B
B
Matthew
gaudet:,
it
starts
to
get
a
little
bit.
Weird.
my,
can
you?
you
know,.
You
can
create
these
performance
marks.,
but
you
can't
actually
register
them
anywhere,,
so
they'll
never
show
up
in
the
performance.
timeline.
there.
The
performance
object
exists
only
in
recently
accessible
via
performance
mark,,
but
it
needs
to
exist
for
you
to
do
it
like
it's
a
weird
that
that's
a
weird
one
for
sure.
F
Mathieu
hofman:
concern
that
I
had,
and
which
is
why
I
wanted
to,,
and
I
pushed
to
have
those
invariance
included
in
the
spec,
was
that
there
would
be
implementation
host
implementation
issues
where
one
api
looks
up
the
enclosing
global
and
it's
a
building,
a
a
return
object
that
is
built
out
of
the
realm
of
the
enclosing
global.
Instead
of
the
shadow
rail.
F
Mathieu
hofman:,
I
have
here.,
I
I
don't
know
how
related
that
is
to
what
matthew
has
been
talking
about.,
but
I
actually
forgot
about
that..
That's
actually
a
a
real
legit
problem
that
we've
run
into
in
streams,
because
the
web
standard
really
tend
to
not
actually
ever
say
anything
about..
Where
should
a
thing
be
constructed??
What
is
the
actual
global
that
needs
to
be
used.
B
Matthew
gaudet:
a
lot
of
times.,
it's
implicit,
and
it's
done
through
a
variety
of
implicit
mechanisms.
and
this
implicit
mechanisms,
don't
always
agree
either.,
and
so
we
run
into
places
where
even
we
have
a
compatibility
issues
for
different
browsers
decide
to
build
things
in
different,
like
in
different
globals.
B
B
B
A
A
A
A
A
A
A
F
F
C
C
Daniel
ehrenberg:,
I
think
we
should
propose
next
meeting
to
retract
the
proposals
to
stage
2,,
because
it's
been.
this
proposal
has
been
at
stage
3
for
a
long
time..
It's
hadn't
been
known
gaps
known
to
the
champions..
The
champions
have
not
worked
on
it.
and
that's
not
a
good
state
for
a
stage.
3
proposal
to
be
in,.
We
should
be
signaling
clearly
whether
or
not.
D
D
D
Caridy:
out
of
that
team
and
getting
maybe,
rick,
to
write
some
of
this
test,
and
this
patch
will
be.,
I
think
you're
at
the
end
of
the
release
of
the.
they'll
have
time
the
next
month
or
so
to
work
on
it
on
this
back
for
that
later,
piece,,
not
for
the
audit,,
but
just
a
later
piece
that
was
already
decide..
I
think,
was
the
dominant
proposal
for
making
a
global
a
by
target..
So
those
are
the
2
things
that
I
have
in
my
my
play.
A
C
C
D
C
A
G
Shu-Yu
guo:
on
shadow
realms
to
be
just
2,,
6,
2.
It
should
not
be
the
the
bound,
like
the
line,
should
not
be
drawn
at
standard
organization
bodies..
But
what
is
the
set
of
web?
api,?
That
is
appropriate?
we're
much
more
fluid
on
that.
that..
I
just
think
that
that
set
is
is
not
like,.
I
don't
think
it's
defensible
to
say
that's
just
that
should
be
empty.