sudofox's journal

Austin Burk's journal, where I share little snippets of my writing, code, and dreams.

Do not quench the Holy Spirit

This entry is for July 24th (backdated)

Code

I continued to look into what led to the changes that broke Hatena Star. I started to argue for the update of the iframe sandbox attribute to add a new value (or modify an existing one) to specify that iframes should be permitted to prompt the user for confirmation/input/alert.

I argued this on the 23rd:

Here's a quick list of functionality that's broken across the Internet as a result of this going out:

- Removal of this functionality also removes the _only_ way to prevent clickjacking when a feature implementation requires placement of an iframe in an untrusted parent. The framing of action buttons for external services is common, with layouts that make adding in DOM-based confirmation modals infeasible (you can't fit an informative modal inside a 60x24 button).

- Depending on what the confirm() is for, it can have effects such as breaking navigate-away confirmations (such as "keep your changes?) blockers for iframed editors, which is common on blogging platforms that permit custom URLs. Anything else that requires confirmation will automatically receive False, so this change is essentially automatically making a user's decision for them ("No") when they might have wanted to answer otherwise.

- Every so often I use a web-based IDE to quickly test bits of code. My preferred one is now broken.

The push to protect users from themselves or confusing "x site says this..." is understandable, but there are a lot of valid use-cases for this functionality. For cases where there's ads triggering dialogs it's understandable, but there really should be a way to say "yes, I want the frame to be able to trigger dialogs". Luckily, we have a standardized way to change how certain actions in iframes are permitted/restricted: the `sandbox` attribute. Where dialogs are necessary for proper functioning, developers can specify the sandbox attribute to permit them across different origins, but they'll be blocked otherwise by default.

I also wrote this on the whatwg github issue I'd opened. It feels a bit like I'm fighting a losing battle. I wrote:

The concern I'm raising is that the removal of this functionality causes enough breakage due to real use cases without easily available alternatives that I think there hasn't been enough time to avoid that breakage by finding an alternative, such as moving trusted operations from untrusted parents out of the flow (like opening a popup window).

I've been developing around this functionality for a while and I can't say I've ever seen deprecation/removal warnings in the console from iframe alerts/confirms/prompts before. The first knowledge of this came from troubleshooting broken core functionality.

An argument can be made that trusted user actions should be made after a user consent flow has been completed (e.g. OAuth), but this doesn't make sense when you can't implicitly trust the parent page (in this case, hosted by the same org, but with user-supplied theming and JavaScript) but still need to implement shared functionality. In other words, this one little thing enabled sandboxing while still permitting platform-wide actions across different blogs.

The counter-argument seems to be that iframes should cooperate with their parent window to perform a confirmation. Obviously this presents a large amount of extra work in most cases just to prompt for confirmation/input. It also doesn't work in an untrusted parent situation, such as with Hatena Star. I continued:

Moving beyond the "who does what, when" thing, there's still the gaping hole of "untrusted parent, trusted child" situations (where the user needs to confirm their action without permitting the parent page being able to do it for them) or the implementation of navigation guards. Was there any discussion of a sandbox attribute value to say that "yes, the content of this iframe needs dialogs to function properly"?

The whole nature of dialogs being blocking and being able to provide a way to receive user input that can't be masked/disguised by the DOM are two of their biggest strengths. And the reason that's a strong suit? Human decision-making itself is a blocking operation: you don't continue until you've made your decision.

TL;DR: This whole thing operates on a "trusted parent, untrusted child" model. The considerations do not seem to have been made for the "trusted child, untrusted parent" model. This is the perfect case for a new addition to the sandbox attribute.

 In response, I was told that "untrusted parent, trusted child" is not a model "supported by the web". Putting that text in quotes is a bit iffy since I guess these are the people that make those decisions. The response in full:

"Trusted child, untrusted parent" isn't a model that's supported by the web as the user can only make informed trust decisions relative to the contents of the address bar.

There's many situations in which iframes are needed to make many different systems work together. Salesforce is chock full of them. I plan to continue to pursue this.

(CC id:motemen)

Clearing the air

In my life, there's people that I've hurt, and there's people who have hurt me. I reached out to two people to try to make right, following the previous sermon on 'clearing the air'. It's gone okay so far. It makes me feel a bit better.

Sermon notes

Speaker: John Oswalt

Ephesians 1:13

Five times, Paul asks, "What is the guarantee of our salvation? What is the evidence?" (It's the presence of the Holy Spirit in our lives)

When we say "I accept Jesus Christ as my savior", something supernatural happens: We receive the Holy Spirit!

Throughout the Bible, the Holy Spirit is symbolized by.... a flame 🔥

Lamps in which olive oil is poured, and is set on fire: that's the Holy Spirit

Revelation 1:17

"[...] and the seven lampstands are the seven churches."

How do we keep the lamp burning?

What can threaten the flame? Four things...

1) You can grieve the Spirit (Ephesians 4:29)

Do not let any unwholesome talk come out of your mouths, but only what is helpful for building others up according to their needs, that it may benefit those who listen. And do not grieve the Holy Spirit of God, with whom you were sealed for the day of redemption. Get rid of all bitterness, rage and anger, brawling and slander, along with every form of malice. Be kind and compassionate to one another, forgiving each other, just as in Christ God forgave you.

How do we grieve the Spirit in our relationships with other people? Particularly...with our mouths. What breaks have been introduced with hostile words, anger?

"O Holy Spirit, cleanse our mouths."

Don't use your mouth to tear them down...use your mouth to build them up!

What comes out of our mouth is a reflection of what's inside. Think of the lamp and how the purity of its fuel (olive oil) affects what it puts out.

2) You can quench the Spirit (1 Thessalonians 5:16)

Rejoice always, pray continually, give thanks in all circumstances; for this is God’s will for you in Christ Jesus. Do not quench the Spirit. Do not treat prophecies with contempt but test them all; hold on to what is good, reject every kind of evil.

How do we not quench the Spirit?

THE POSITIVES

Rejoice! Rejoice in all things.

But...how? How am I supposed to rejoice? My life is a pool of darkness, the world has fallen into disrepair.

The lamp does not depend on the darkness. It depends on the oil that's inside! So, rejoice always! Pray about everything!

Pray about everything...? Uh..?

Yes! Throughout the day, be in such intimate contact that you can breathe a prayer in a moment's notice.

Give thanks *in* everything. *In* everything, there is reason for thanks... if we're properly related to the oil giver.

THE NEGATIVES

Don't put out your enthusiasm. Don't let anything dampen your enthusiasm for Jesus.

Learn to hear His voice. (Don't despise prophecies, but test everything.)

There are voices everywhere. We must learn to tell when it's God's voice.

As the light touch of the rein will turn a well-trained horse, so should the light touch of the Holy Spirit guide us in the right direction.

You can quench the Spirit by...
- Blocking your ears
- Refusing to rejoice
- Harboring a bitter, thankless spirit

3) You can resist the Spirit (Acts 7:51-53)

“You stiff-necked people! Your hearts and ears are still uncircumcised. You are just like your ancestors: You always resist the Holy Spirit! Was there ever a prophet your ancestors did not persecute? They even killed those who predicted the coming of the Righteous One. And now you have betrayed and murdered him— you who have received the law that was given through angels but have not obeyed it.”

4) You can insult the Spirit (Hebrews 10:26)

If we deliberately keep on sinning after we have received the knowledge of the truth, no sacrifice for sins is left, but only a fearful expectation of judgment and of raging fire that will consume the enemies of God. Anyone who rejected the law of Moses died without mercy on the testimony of two or three witnesses. How much more severely do you think someone deserves to be punished who has trampled the Son of God underfoot, who has treated as an unholy thing the blood of the covenant that sanctified them, and who has insulted the Spirit of grace?

Insult: to treat in a callous and contemptuous way

This is the person who has departed so far off and down the path... "That stuff was a bunch of nonsense"

God loves us all and always...but we can still destroy our receivers and can no longer hear His grace.

...

The Unpardonable Sin: the person who has known the Lord, and loved Him, and served Him with joy, and ultimately goes down a road...

Loss of faith is rarely a blowout....it is usually a slow leak.

"Lord Jesus, am I grieving you in any way? By my words?

Lord Jesus, am I quenching you in any way? By my actions?

Lord Jesus, put your purest oil into me, and let the flame of my life stand up straight and bright!

Put me on your lampstand with the other lamps around, and let us shine, burning brightly as possible!"

***

When we step out, publicly and visibly, to speak out for our faith, something is sealed that the Devil can't touch.