W3C home > Mailing lists > Public > public-pua@w3.org > October 2012

RE: Draft ideas: private and shared JS contexts with different DOM views.

From: Fred Andrews <fredandw@live.com>
Date: Sat, 27 Oct 2012 00:09:51 +0000
Message-ID: <BLU002-W8176C3A592299144B227E6AA7D0@phx.gbl>
To: "public-pua@w3.org" <public-pua@w3.org>

An implementation of a 'shared DOM' is looking non-trivial, so I'll rework the draft
to keep the Private and Shared contexts in separate effective origins.

Then the existing infrastructure for enforcing the 'same origin' restrictions can be
used to keep the Private and Shared contexts apart.  For Firefox they will be in
separate compartments with separate global objects and some extra flags will be
added to the principle.

The Shared context can forward content to the Private context by posting a message,
but the reverse would be be allowed.   This should be adequate for some AJAX designs.

It's still not clear if two separate binary flags will be add, one for the Private and one
for the Shared context restrictions, but if so then this would also add a third restricted
context with both sets of restrictions applied (no clear yet if this would be useful).

I still hope to get  a more coherent proposal out before the meetings next week.


> One approach to passing state between these contexts is a shared DOM that
> has different views from each context.  A shared context would be able to write
> to the DOM and the change could be seen in the private context.  A change
> made to the DOM from a private context would be flagged as tainted and would
>not be seen from the shared context.

Received on Saturday, 27 October 2012 00:10:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:36:06 UTC