W3C home > Mailing lists > Public > public-html@w3.org > July 2011

Re: Window security policy

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Mon, 18 Jul 2011 10:30:29 -0400
Message-ID: <4E244385.50607@mit.edu>
To: Geoffrey Sneddon <gsneddon@opera.com>
CC: public-html@w3.org
On 7/18/11 10:20 AM, Geoffrey Sneddon wrote:
> To impl it in spec terms you'd have to have accessing [[Prototype]]
> throw, no?

Depending on how exactly proxies end up specified...

> My understanding is that [[Prototype]] being object or null (and not a
> SpecOp) means that it must be one of those two, even for host objects.
> Or are host objects allowed to have different value type domains for
> internal properties? My reading of ES5.1 is that they aren't allowed to.

ES5.1 really doesn't consider the case of multiple globals with 
proxy-based security membranes at all.  I believe in the case of Gecko 
implementation terms what actually happens here is that there's a 
proxy-based membrane which can do whatever the heck it wants to.... (in 
that it can trap arbitrary things, not just the set of things scripted 
proxies can trap).

Received on Monday, 18 July 2011 14:30:58 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:16:15 UTC