[whatwg] Thoughts on recent WhatWG blog post

Brett Zamir brettz9 at yahoo.com
Mon Feb 7 16:36:21 PST 2011 

On 2/8/2011 1:33 AM, Adam van den Hoven wrote:
> Hey guys,
>
> I was reading the blog today and something I read (
> http://blog.whatwg.org/whatwg-extensibility) prompted me to signup to the
> list and get involved again. What follows is not exactly well thought out
> but I'm hoping that it will spark something.
>
> window.atob() and window.btoa() feel wrong, so does
> window.crypto.getRandomUint8Array(length), not because they're not useful
> but because there is no answer to 'what does converting binary data to a
> base 64 string have to do with window?' beyond 'nothing but where else would
> it go?'.
>
> In reality all these belong to javascript, but modifying JS to include them
> is not feasible. Also, what if I don't want to do crypto in my code, why
> should I have all that lying around (not that its a hardship but why pollute
> the global namespace)?
>
> I think that we would all be better served if we were to introduce something
> like CommonJS to the browser, or perhaps a modified version of the require()
> method. This would allow us to move the crytpo and the atob/btoa into
> specific modules which could be loaded using:
>
> <script>
> var my_crypto = window.require( 'html:crypto' ); //or however you wanted to
> identify the 'crypto library defined by html'
> var my_util = window.require( 'html:util' ); // my_util.atob();
> var $ = window.require( '
> https://ajax.googleapis.com/ajax/libs/jquery/2.0.0/jquery.min.js' );
> </script>
I really like this approach of using require() for namespacing. Besides 
being semantically more accurate, the approach looks to the future as 
well, in that it does not burden the user with needing to avoid names 
which could end up being co-opted by HTML in the future. (Also, just 
because WhatWG may verify names are fairly unique or unique on the 
public web, does not mean they are catching HTML uses off the web and 
for which there could be conflicts; abdicating responsibility for 
effects of such apps just because it is not within the scope of the spec 
would I think be rather shoddy stewardship of a language relied on for 
many purposes.)

Also, whatever the caching behavior, I like the idea of having a simple 
way of importing remote scripts dynamically, without having to define 
some wrapper for XMLHttpRequest ugliness each time one wishes to use 
such a basic feature, such as to ensure one's application stays modular 
(particularly for reusable libraries where the library does not wish to 
burden the user with needing to specify multiple script tags).

The final and even main reason I like and had wanted to suggest this 
approach is because it is neatly compatible with another idea I think 
the web (and off-web) needs: a formal way to import proprietary objects 
(e.g., such as specific browser vendor(s) or browser add-ons might make 
available), with the potential for fallback behavior, with require() 
throwing distinct exceptions such as "NotSupported" (the default for 
unrecognized modules) or "UserRefused" (for privileged features a 
browser or add-on might wish to make available from the web but which a 
user specifically declined).

Maybe a second argument to require() could be specified to allow for an 
asynchronous callback (where one did not wish to keep checking for the 
setting of a particular property or force the user to wait).

Brett

More information about the whatwg mailing list