W3C home > Mailing lists > Public > public-html@w3.org > July 2011

Re: Window security policy

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Mon, 18 Jul 2011 10:30:29 -0400
Message-ID: <4E244385.50607@mit.edu>
To: Geoffrey Sneddon <gsneddon@opera.com>
CC: public-html@w3.org
On 7/18/11 10:20 AM, Geoffrey Sneddon wrote:
> To impl it in spec terms you'd have to have accessing [[Prototype]]
> throw, no?

Depending on how exactly proxies end up specified...

> My understanding is that [[Prototype]] being object or null (and not a
> SpecOp) means that it must be one of those two, even for host objects.
> Or are host objects allowed to have different value type domains for
> internal properties? My reading of ES5.1 is that they aren't allowed to.

ES5.1 really doesn't consider the case of multiple globals with 
proxy-based security membranes at all.  I believe in the case of Gecko 
implementation terms what actually happens here is that there's a 
proxy-based membrane which can do whatever the heck it wants to.... (in 
that it can trap arbitrary things, not just the set of things scripted 
proxies can trap).

-Boris
Received on Monday, 18 July 2011 14:30:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:17:36 GMT