You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/consensus_decisions.md
+18Lines changed: 18 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -20,6 +20,8 @@ For more details on the process that lead to these decisions, please refer to th
20
20
The solution for [issue #127](https://github.com/unicode-org/message-format-wg/issues/127).
21
21
Codified in [issue #137](https://github.com/unicode-org/message-format-wg/issues/137) during the [January 2021 meeting](https://github.com/unicode-org/message-format-wg/issues/146) of the working group.
22
22
Discussed and accepted at the [February 2021 meeting](https://github.com/unicode-org/message-format-wg/blob/HEAD/meetings/2021/notes-2021-02-15.md) of the working group.
23
+
-**Consensus 7:**
24
+
Discussed at the [22 September 2021 meeting](https://github.com/unicode-org/message-format-wg/issues/196) of the working group.
23
25
24
26
## 1: Include message references in the data model.
25
27
@@ -67,3 +69,19 @@ The group believes that the known value of this feature can be sufficiently cove
67
69
The cost analysis of the nested selectors feature was performed in the absence of sufficient in-field experience of use in production systems.
68
70
In result, the group's decision to not currently incorporate the feature is based on the lack of sufficient known value that would require them, which the group recognizes may change in the future.
69
71
In result, it is the intent of the group to design MessageFormat 2 in a way that wouldn't prevent future revisions of the standard to be extended with nested selectors feature.
72
+
73
+
## 7: A valid MessageFormat implementation may require all formatting functions to be run without access to the runtime context.
74
+
75
+
**Discussion:**
76
+
It is theoretically possible for formatting functions to become an attack vector to a system,
77
+
as they are often handling user-controlled inputs.
78
+
It is important to ensure that it is possible for an implementation to consider formatting functions as untrusted code,
79
+
while not requiring that this is done.
80
+
An implementation that does limit formatting function access is still expected to
81
+
allow for e.g. message references and other parts of the specification to work.
82
+
83
+
The "runtime context" here refers to information about the current message,
84
+
other available messages,
85
+
the available formatting functions,
86
+
and any arguments or parameters that may have been made available when calling the message formatter.
87
+
The formatting function would in all cases still have access to the explicit values and options with which it was called.
0 commit comments