W3C home > Mailing lists > Public > public-script-coord@w3.org > October to December 2012

Re: New ES6 draft is available

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 07 Dec 2012 15:00:12 -0500
Message-ID: <50C24ACC.9040505@mit.edu>
To: public-script-coord@w3.org
On 12/7/12 2:43 PM, David Bruant wrote:
> I've just been thinking about this question more. Consider:
> * a WindowProxy instance w proxies to windowA
> * A non-configurable property 'whatever' is set on windowA through w
> (value is not important, but non-configurability is)
> * WindowProxy proxies to a different windowB object
>
> is 'whatever' a property of windowB? of the WindowProxy object itself?

It has to be windowB to avoid cross-site information leakage....

> If HTML5 expects that there is no 'whatever' property after the target
> change, we might be having a problem.

It's not what HTML5 expects that matters per se.  It's what's necessary 
for basic web security.  :(

-Boris
Received on Friday, 7 December 2012 20:00:47 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 May 2013 19:30:08 UTC