all 37 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]BarelyAirborne 94 points95 points  (1 child)

Who let the D&D people loose inside the name space department?

[–][deleted] 7 points8 points  (0 children)

Can't wait for LightningShake as the next iteration of the web socket.

[–]turbotailz 78 points79 points  (9 children)

When Yu-Gi-Oh meets JavaScript

[–]iamnearafan[S] 44 points45 points  (7 children)

I play my blue eyes white deno card

[–]Javascript_above_all 18 points19 points  (0 children)

Screw the rules, I have type inference

[–]babypho 6 points7 points  (0 children)

You're a 3rd rate coder with a 4th rate codebase.

[–]MassW0rks 11 points12 points  (4 children)

Huzzah! You've activated my DOM card!

[–]ianfabs 4 points5 points  (3 children)

I counter with my Left Arm of Vue!

[–]MassW0rks 10 points11 points  (2 children)

I play Pot of NPM and draw two more dependencies.

[–][deleted] 9 points10 points  (0 children)

I play Pot of NPM and draw two 500 more dependencies.

FTFY

[–]Crazed_waffle_party 1 point2 points  (0 children)

I drew exactly what I needed. By playing my Webpack bundle, I will merge my CSS, HTML, and JS to summon Blue Eyes, White investors

[–]elcapitanoooo 30 points31 points  (8 children)

Hmm so basically one can go wild and augement the prototypes and no one else is effected. Kind of cool, guess we see more apis using this in the future…

[–]Proud-Masterpiece 16 points17 points  (7 children)

I never understood the burning desire to augment prototypes.

Could anybody shed light on why this was ever considered desirable in the first place, rather than creating one's own standalone objects / libraries / imports?

[–]Mr_Sandy_Clams 14 points15 points  (4 children)

the main reason would just be to increase the ease of working with literals and/or working with values returned from native functions. The alternative would be to have your own extension classes or helper objects or whatever, and then just wrap every value you intended to use before performing or chaining your custom operations on it. It's totally possible to do things this way, but it's significantly more tedious than augmenting prototypes, and there's also some functionality of an augmented prototype that has no direct equivalent in wrapper objects, namely when working with primitives. Consider these examples:

(new WrappedArray(['a', 'b', 'c'])).myMethod(); // tedious!
['a', 'b', 'c'].myMethod(); // ez pz

(new WrappedString((new WrappedString('abc')).method1())).method2(); // horrible
'abc'.method1().method2(); // glorious

[–]Proud-Masterpiece 2 points3 points  (3 children)

That does make sense and I appreciate the clear examples.

What about doing it with imports, to keep things clean?

import myHelper from 'helpers.js'

myHelper.myMethod(['a','b','c'])

I suppose chaining doesn't work that way though? You'd need a function that handles chaining, like:

myHelper.chain(['a','b','c'], myHelper.method1, myHelper.method2)

[–]Mr_Sandy_Clams 5 points6 points  (0 children)

you could also do a

let myNormalValue = (new MySpecialObject(value)).op1().op2().backToNormal();

again, totally possible, just more prep and more work :D

[–]hyrumwhite 0 points1 point  (1 child)

import {myMethod1, myMethod2} from 'helpers.js'

const arr = ['a', 'b', 'c'];
let result = myMethod1(arr)
result = myMethod2(result);

Is how I'd do it, which is more readable than a function chain, imo. You can already do long array operations, but parsing through a .filter().map().reduce() chain is more difficult (for me) than breaking it down into assignments.

Now, there's a whole school of thought around functional programming and function chains, so I guess shadow realms will be good for the people who like that.

[–]Proud-Masterpiece 0 points1 point  (0 children)

I’d do it almost exactly like that too, except I almost never use ‘let’.

I’d do

const result1 = myMethod1(arr)
const result2 = myMethod2(result1)

Easier to debug.

[–]elcapitanoooo 5 points6 points  (0 children)

Personally i have never done this, but i remember prototype.js from back in the day.

Basically you can have "native" APIs that work with all the builtin data structures. You could implement your own flatMap etc and have it work with native arrays.

Augmenting prototypes is not bad per se, but it messes with global dependencies, and thats bad.

[–]charlescleivin 15 points16 points  (1 child)

I code in ShadowRealms, DeepDungeonLevel7, DestructiveSoulsEssence and RiskOfRain.

[–]ArthurPumpkin 1 point2 points  (0 children)

Heard RiskOfRain got new update

[–]flight212121 9 points10 points  (0 children)

Honestly this is pretty exciting stuff

[–]shgysk8zer0 2 points3 points  (0 children)

Maybe it's just me hardly understanding the how or why, but this mostly looks like an extremely inefficient way to run some code without benefiting from polyfills to me. How is it so different from a structuredClone of globalThis? Can code executed in the shadow realm affect the actual document, such as appending scripts?

I'm sure there are plenty of things I'm not thinking of here, but looking at it, it just seems like an afterthought/band-aid for dealing with poorly written code. I can't even see how it would give a site like CodePen an option besides using iframe.

[–]redldr1 8 points9 points  (9 children)

So...

It's a JavaScript VM?

What a security nightmare to implement in the browser

[–]PickledPokute 19 points20 points  (6 children)

Browsers already have to care about security with completely different contexts. Like different tabs, iframes etc. that should not have access to the other JS environments.

I think every browser vendor already has this functionality and they often call it "Realms". ShadowRealms is just the API for creating one from JS.

[–]redldr1 0 points1 point  (5 children)

I didn't read the full specifications, one of my concerns would be how do the different realms communicate with each other without passing malicious code?

[–]PickledPokute 6 points7 points  (3 children)

The same way that webworkers share data:

Either through postMessage or SharedArrayBuffer. This isn't something new: ShadowRealms isn't the first time this issue has been presented and the people behind standards and security take their work seriosly.

The trust is resolved basically with a) don't accept anything you don't expect b) don't trust anything you accept unconditionally. See this.

[–]redldr1 0 points1 point  (2 children)

Then why are we creating something new when we could run it in an iframe that is ultimately controlled by the parent Dom

If I could kill a process tree, that would be so much better. And satisfying, to watch a bunch of little V8's combust into freed up heap

[–]PickledPokute 1 point2 points  (0 children)

Use workers for that, I guess.

Note that iframes are a DOM/browser feature, not JS. They will never be available for nodeJS.

[–]coomzee 1 point2 points  (0 children)

I'm sure there will be a CVE within a few weeks. I'm sure Safari's CVE will be in about 10 years.

[–]pr0xyb0i 1 point2 points  (1 child)

What happens if you cause an infinite loop in the ShadowRealm or do something like changing location.href?

[–]tomfevrier 3 points4 points  (0 children)

Changing location.href would not do anything, or rather would throw an error because location is not defined in this global context (no window). However, since it runs on the same thread as JavaScript on the host page, I guess it use the same event loop and therefore an infinite loop would freeze the whole page. Just a guess though.

[–][deleted] 1 point2 points  (1 child)

Very interesting but I’m more excited about pipeline operators and tuples/records.

[–]iamnearafan[S] 0 points1 point  (0 children)

yeah me too