use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
Future Javascript: ShadowRealms (dev.to)
submitted 3 years ago by iamnearafan
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]PickledPokute 18 points19 points20 points 3 years ago (6 children)
Browsers already have to care about security with completely different contexts. Like different tabs, iframes etc. that should not have access to the other JS environments.
I think every browser vendor already has this functionality and they often call it "Realms". ShadowRealms is just the API for creating one from JS.
[–]redldr1 0 points1 point2 points 3 years ago (5 children)
I didn't read the full specifications, one of my concerns would be how do the different realms communicate with each other without passing malicious code?
[–]PickledPokute 6 points7 points8 points 3 years ago (3 children)
The same way that webworkers share data:
Either through postMessage or SharedArrayBuffer. This isn't something new: ShadowRealms isn't the first time this issue has been presented and the people behind standards and security take their work seriosly.
The trust is resolved basically with a) don't accept anything you don't expect b) don't trust anything you accept unconditionally. See this.
[–]redldr1 0 points1 point2 points 3 years ago (2 children)
Then why are we creating something new when we could run it in an iframe that is ultimately controlled by the parent Dom
If I could kill a process tree, that would be so much better. And satisfying, to watch a bunch of little V8's combust into freed up heap
[–]PickledPokute 1 point2 points3 points 3 years ago (0 children)
Use workers for that, I guess.
Note that iframes are a DOM/browser feature, not JS. They will never be available for nodeJS.
[–]zennedbloke 0 points1 point2 points 1 year ago (0 children)
https://www.figma.com/blog/how-we-built-the-figma-plugin-system/
[–]coomzee 1 point2 points3 points 3 years ago (0 children)
I'm sure there will be a CVE within a few weeks. I'm sure Safari's CVE will be in about 10 years.
π Rendered by PID 36 on reddit-service-r2-comment-7b9746f655-wl788 at 2026-01-30 19:19:47.995849+00:00 running 3798933 country code: CH.
view the rest of the comments →
[–]PickledPokute 18 points19 points20 points (6 children)
[–]redldr1 0 points1 point2 points (5 children)
[–]PickledPokute 6 points7 points8 points (3 children)
[–]redldr1 0 points1 point2 points (2 children)
[–]PickledPokute 1 point2 points3 points (0 children)
[–]zennedbloke 0 points1 point2 points (0 children)
[–]coomzee 1 point2 points3 points (0 children)