A minor random thought related to that design: Using integer IDs, as Gecko does, raises the possibility of a bug, possibly even a security bug, where a rogue IFRAME is able to render itself at the wrong place in the tree. In Gecko, preventing a compromised process from doing an attack like that requires explicit code to track which IDs have been issued to a process and checking to make sure it doesn't use an ID we didn't give it. Obviously it would be much better to use an object-capability approach, but of course we can't do that in Gecko. So it would be nice if Rust+Servo can provide a robust cross-task object-capability-ID abstraction for use in situations like this.
Rob -- Jtehsauts tshaei dS,o n" Wohfy Mdaon yhoaus eanuttehrotraiitny eovni le atrhtohu gthot sf oirng iyvoeu rs ihnesa.r"t sS?o Whhei csha iids teoa stiheer :p atroa lsyazye,d 'mYaonu,r "sGients uapr,e tfaokreg iyvoeunr, 'm aotr atnod sgaoy ,h o'mGee.t" uTph eann dt hwea lmka'n? gBoutt uIp waanndt wyeonut thoo mken.o w * * _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
