{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreidekuv6gprvbldxt5l6zuiakuklpxgfakjujs4ruvguighlklmpve",
"uri": "at://did:plc:uzai4vzxm37suvnjiwfzi63w/app.bsky.feed.post/3mjawfjbdfnh2"
},
"path": "/posts/structured-messaging.html",
"publishedAt": "2026-05-18T04:52:19.121Z",
"site": "https://www.terracrypt.net",
"tags": [
"Structurally fixing injection bugs",
"here"
],
"textContent": "I just had a realization on a walk this morning that feels obvious in hindsight, but that I figured I should write down somewhere. I've been thinking about object-capability messaging apps for a while now, and something that's been bugging me is: how do you represent messages such that you can safely embed a capability in a message?\n\nAnd I feel a little bit silly having not really internalized the connection until now, because I had all the pieces this whole time, but the answer is: you represent the message as structured data, not as a string! With techniques like those in Structurally fixing injection bugs, if your data is in a structured format, you can stick an object reference right in the middle of it in the same way you would put one in any other data structure. For a concrete example, assume you create the following message as a quasiquoted s-expression, with `lamp` in the environment:\n\n\n (Hi Alice! Here's a capability to my lamp: ,lamp)\n\nAnd in Alice's UI, this might be rendered as:\n\nHi Alice! Here's a capability to my lamp:\n\nOffice Lamp\n\nThere are more complexities to consider here, of course. What do you do with a capability you receive from someone via a message? Do you aggregate them together into a wallet of sorts? How do you detect what sort of capability you've received so you can show a meaningful UI for interacting with it? But this little insight cleared up a bit of confusion I had about how you might build this sort of thing.\n\nAlso: I wrote this blog post in Skribe format, because that involves writing a structured document. Gives me a better idea of what that might feel like. You can see the source code of this post here!",
"title": "A brief aside on structured messaging",
"updatedAt": "2026-04-11T14:29:00.000Z"
}