Since dynamic import is a core part of the JS language, with dedicated syntax (`import` is not a plain function, but a fixed syntactic form), it would seem to fall under the new, underlined JS exception in the first section of https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere.
On Sat, Oct 20, 2018 at 3:54 AM L. David Baron <dba...@dbaron.org> wrote: > On Thursday 2018-10-18 07:45 -0700, Jon Coppeard wrote: > > Do other browser engines implement this? > > > > Chrome shipped this in 63, Safari in 11.1, and it's in development in > Edge. > > > > web-platform-tests: > > > > > https://github.com/web-platform-tests/wpt/tree/master/html/semantics/scripting-1/the-script-element/module/dynamic-import > > > > Is this feature restricted to secure contexts? > > > > No, it's not restricted as it's part of script execution and works > everywhere that is allowed. > > Part of the idea behind restricting things to secure contexts is > that we will have to add secure context tests to areas where they > aren't currently present. So being part of script execution doesn't > seem to be to be an adequate reason for not restricting. > > Have both Chrome and Safari shipped it without a secure context > restriction? (If not, we should probably restrict. If so... it's > perhaps a more interesting question -- maybe we shouldn't, or maybe > it should depend on current usage levels.) > > -David > > -- > 𝄞 L. David Baron http://dbaron.org/ 𝄂 > 𝄢 Mozilla https://www.mozilla.org/ 𝄂 > Before I built a wall I'd ask to know > What I was walling in or walling out, > And to whom I was like to give offense. > - Robert Frost, Mending Wall (1914) > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
