kmaglione/stdin.eml Secret

## stdin.eml
Subject: Specifying permissions for IDL fragments

We're working on creating a draft specification for browser extensions APIs in
the Browser Extension Community Group. Our main issue at the moment is
deciding how to specify APIs which should not be exposed unless the extension
has specific permissions.

The current WebIDL editor's draft doesn't have any features that serve our
purpose, so our current working draft uses the non-standard
CheckAnyPermissions extended attribute used in Gecko internals:

    interface ExtensionGlobal {
      [CheckAnyPermissions="webextensions"]
      readonly attribute Browser browser;
    };

    Window implements ExtensionGlobal;

    // ...

    dictionary Tab {
      [CheckAnyPermissions="tabs"] DOMString url;
      // ...
    };

    // ...

    [NoInterfaceObject, Exposed=Window, CheckAnyPermissions="contextMenus"]
    interface BrowserContextMenusAPI {
      readonly attribute BrowserContextMenus contextMenus;
    };

    Browser implements BrowserContextMenusAPI;

The question we have is whether it's worth adding an attribute like this to
the WebIDL spec, or to simply break the IDL fragments up based on the
permissions that they require, and to specify them in the text:

    The following interface definitions MUST NOT be exposed unless the context
    has the *tabs* permission:

      partial dictionary Tab {
        DOMString url;
      };

    ...

    The following interface definitions MUST NOT be exposed unless the context
    has the *contextMenus* permission:

      [NoInterfaceObject, Exposed=Window]
      interface BrowserContextMenusAPI {
        readonly attribute BrowserContextMenus contextMenus;
      };

      Browser implements BrowserContextMenusAPI;

I'd appreciate any thoughts on the matter.
	Subject: Specifying permissions for IDL fragments

	We're working on creating a draft specification for browser extensions APIs in
	the Browser Extension Community Group. Our main issue at the moment is
	deciding how to specify APIs which should not be exposed unless the extension
	has specific permissions.

	The current WebIDL editor's draft doesn't have any features that serve our
	purpose, so our current working draft uses the non-standard
	CheckAnyPermissions extended attribute used in Gecko internals:

	interface ExtensionGlobal {
	[CheckAnyPermissions="webextensions"]
	readonly attribute Browser browser;
	};

	Window implements ExtensionGlobal;

	// ...

	dictionary Tab {
	[CheckAnyPermissions="tabs"] DOMString url;
	// ...
	};

	// ...

	[NoInterfaceObject, Exposed=Window, CheckAnyPermissions="contextMenus"]
	interface BrowserContextMenusAPI {
	readonly attribute BrowserContextMenus contextMenus;
	};

	Browser implements BrowserContextMenusAPI;

	The question we have is whether it's worth adding an attribute like this to
	the WebIDL spec, or to simply break the IDL fragments up based on the
	permissions that they require, and to specify them in the text:

	The following interface definitions MUST NOT be exposed unless the context
	has the tabs permission:

	partial dictionary Tab {
	DOMString url;
	};

	...

	The following interface definitions MUST NOT be exposed unless the context
	has the contextMenus permission:

	[NoInterfaceObject, Exposed=Window]
	interface BrowserContextMenusAPI {
	readonly attribute BrowserContextMenus contextMenus;
	};

	Browser implements BrowserContextMenusAPI;

	I'd appreciate any thoughts on the matter.