945322 - We should use long-long to specify timestamps

Status: RESOLVED WONTFIX

(Core Graveyard :: DOM: Contacts, defect)

Description

[Julien Wajsberg [:julienw]]

See Bug #939302 for more information.

Boris is saying we should not use Date in our idl. Since these structs are stored on the heap, that means that they value they're holding can just become garbage any time a GC happens.

He strongly recommends, in this order of checkins:

1) Using a numeric timestamp here, not a Date object.
2) Not using xpidl dictionaries.
3) Not using JSAPI directly, because any attempt to do so will generally go wrong.


I think we should just use 1.

Boris, since the Contacts API is using WebIDL, is it less serious than in bug 939302? Or is it basically the same?

Comment 1

[Jason Smith [:jsmith]]

Why is this sec-critical?

Comment 2

[Julien Wajsberg [:julienw]]

I cloned from bug 939302 (I assumed: same bug, same consequences), feel free to fix it if this needs to be evaluated again.

Comment 3

[Boris Zbarsky [:bzbarsky]]

Contacts is implemented in JS, not in C++, right?  So there shouldn't be these issues of having JS values on the stack or heap that are not being traced...

The reason to not use Dates is because Date is going to be removed from WebIDL, or at least deprecated.

Comment 4

[Julien Wajsberg [:julienw]]

Ok thanks then it's not security-sensitive and we can remove the security-sensitive flag (except if the comment 0 is pointing too hard to the other problem).

Comment 5

[Boris Zbarsky [:bzbarsky]]

I think this isn't sec-sensitive, yeah.  Just an API design issue.

Comment 6

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Date objects in general has all sorts of issues. So we shouldn't use them in APIs. See long thread here:

http://esdiscuss.org/topic/frozen-date-objects

Comment 7

[Sylvestre Ledru [:Sylvestre]]

DOM: Contacts isn't used anymore. 
Closing all remaining bugs.