[e-lang] Initial draft Caja design docs & library now available

Kevin Reid kpreid at mac.com
Sat Nov 3 17:52:06 EDT 2007 

On Oct 11, 2007, at 21:41, Mark Miller wrote:

> The initial draft design doc is at
> http://google-caja.googlecode.com/files/caja-spec-2007-10-11.pdf
> At the moment, much of the substance appears only in the tables in  
> the back, sorry.

There are two problems with the serving of this file (and the later  
updated version):
   - A HEAD request erroneously returns 404 where GET does not.
   - The response contains 'Content-Disposition: attachment' (a hint  
that the file should be "downloaded" rather than viewed in the  
browser), which is in my opinion inappropriate for this document.


Comments on caja-spec.pdf:

Isn't the name capitalized "JavaScript"?

"Object references thereby become the sole representation of rights  
to effect the world"
-- should be "affect"

The second sentence in the footnote seems clunky; perhaps "ca" and  
"Ja" should be italicized to clarify why this is being said.

"No shared global scope."
-- The proper term is "environment". I would really like to see us  
stop propagating this misuse of terms, including in E.

(Example usage:

   function f(x) {
     return x * 5;
   };
   f(10)

The scope of x is the function body, "return x * 5"; it is a lexical/ 
static property. The environment of that expression is, for the  
example call, {x: 10}; it is a runtime property.
)

"Crazy things" is a bit strong for eval.

The notation of Figure 2 is not explained; in particular, the dotted  
lines.

The inline circle symbols are too high and the arrows are too low;  
their centerlines ought to be the same.

The first circle mentioned in the text is (2) rather than (1); this  
is somewhat disconcerting.

"The (3)→(4) transition is not a technical change, but a change in  
where the user’s value resides, and thus a change in the user’s  
risks."
-- I think calling this a transition at all is not good, but I don't  
know what to say instead.

Related thought: Another improvement to passages would be to allow  
them to have stylesheets. One could define a rewriting of a CSS  
stylesheet such that all its selectors operate as if the passage is  
the root element.

"A web app, on detecting the presence of a powerbox, could offer to  
edit a local file chosen by the user."
-- I think "editing" is a poor choice of description, as it doesn't  
reflect what people think of web-apps as being useful for today; this  
is obviously a circular problem but I don't have a better example.

"The object-capability alternative naturally supports POLA, the  
principle of least authority, shown in the upper right."
-- add "of Figure 2" - my reaction was to look at Figure 4 which is  
in the upper right of this page.

"Browser compatibility. ... EC3." -- typo for ES3?

"(Imagine a frozen surface covering a liquid lake.)"
-- this metaphor seems worthless, as it conveys very little about the  
relation of the frozen objects to its components. Now if the surface  
ice had broken up into floating, mobile sections, that would be a  
vaguely useful metaphor, but rather convoluted.

"RegExp syntax" -- could the translation instead be something like  
"new ImmutableRegExp(/pattern/)", thus getting the "compilation"  
benefits from the implementation?

In pages such as 8 and 11, it is hard to find the beginning of the  
normal text, distinguishing it from the figures. It might help to  
reduce the margins above the captions, and increase those below.

> The untested first stab at a Caja runtime library that corresponds to
> this spec is at
> http://google-caja.googlecode.com/svn/trunk/src/js/com/google/caja/ 
> caja.js

For such a well-defined and error-prone task, it seems hazardous to  
me to write an implementation without aid of tests.

-- 
Kevin Reid                            <http://homepage.mac.com/kpreid/>

More information about the e-lang mailing list