W3C home > Mailing lists > Public > public-html@w3.org > July 2011

Re: Window security policy

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Sun, 17 Jul 2011 23:41:13 -0400
Message-ID: <4E23AB59.2070005@mit.edu>
To: Geoffrey Sneddon <gsneddon@opera.com>
CC: "public-html@w3.org" <public-html@w3.org>, public-script-coord@w3.org
On 7/17/11 4:25 PM, Geoffrey Sneddon wrote:
> What is "a Window object"? The Window interface object? The Window
> interface prototype object? Objects implementing the Window interface?
> All three? I presume all three…

You shouldn't be able to get your hands on a cross-origin Window 
interface object.

Arguably, you should also not be able to get your hands on a 
cross-origin Window interface prototype object.  More on this below.

> What are "any properties"? Properties defined on "a Window object"?
> Properties defined on anything in the prototype chain of "a Window
> object"?

Yes.

> Internal properties on those two (obviously not all internal
> properties can throw, because, e.g., [[Get]] must still work for the
> exceptions)?

Good question.

> What does Object.getPrototypeOf do given a cross-origin window object?

This is an excellent question.  In Gecko's current implementation it 
returns a proxy (which implements the security membrane and wraps the 
actual cross-origin prototype object.  Accessing properties on this 
object then throws from the proxy.

But I can see the argument for making it throw too.  Not sure how best 
to spec that if that's desired.

> If Object.getPrototypeOf does return the Window interface prototype
> object, what happens with property accesses on that?

That has to throw, imo.

> What if you create an object with it as the prototype (with Object.create)?

In Gecko this seems to succeed.  But again, good question.

> What if you access properties on that?

Needs to throw, if you can get that far.  In my opinion.

-Boris


>
Received on Monday, 18 July 2011 03:41:48 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:26 UTC