Darin Fisher wrote:
1) You could use thread local storage (TLS) for the context parameter, and implement this today without any new APIs.
How do I do this from an extension's JavaScript? How do I do this if I'm proxying my Necko access to the main thread from a background thread?
In any case, the point is to make it as hard as possible to screw up. Having to set a global (or thread-local) variable before making a newChannel call is just as bad as having to call CheckLoadURI, from that point of view, whereas just knowing that any newChannel call is insecure and that there is a simple more secure option might work better... I hope.
I really wish we'd built this into newChannel to start with. :(
2) Why not use nsIProtocolHandler::protocolFlags to convey capability requirements?
We might be able to get away with that, yes. At the moment, I just need to differentiate between a small finite set of options (like 3-4). If you're ok with giving me a few bits to work with, I could probably put something together...
-Boris _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
