I just had a realization on a walk this morning that feels obvious in hindsight, but that I figured I should write down somewhere. I've been thinking about object-capability messaging apps for a while now, and something that's been bugging me is: how do you represent messages such that you can safely embed a capability in a message?

And I feel a little bit silly having not really internalized the connection until now, because I had all the pieces this whole time, but the answer is: you represent the message as structured data, not as a string! With techniques like those in Structurally fixing injection bugs, if your data is in a structured format, you can stick an object reference right in the middle of it in the same way you would put one in any other data structure. For a concrete example, assume you create the following message as a quasiquoted s-expression, with lamp in the environment:

(Hi Alice! Here's a capability to my lamp: ,lamp)

And in Alice's UI, this might be rendered as:

There are more complexities to consider here, of course. What do you do with a capability you receive from someone via a message? Do you aggregate them together into a wallet of sorts? How do you detect what sort of capability you've received so you can show a meaningful UI for interacting with it? But this little insight cleared up a bit of confusion I had about how you might build this sort of thing.

Also: I wrote this blog post in Skribe format, because that involves writing a structured document. Gives me a better idea of what that might feel like. You can see the source code of this post here!