W3C home > Mailing lists > Public > public-script-coord@w3.org > July to September 2015

Re: @@symbol hooks and cross domain frames

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Thu, 09 Jul 2015 14:53:56 -0400
Message-ID: <559EC344.2020003@mit.edu>
To: Erik Arvidsson <arv@google.com>, "public-script-coord@w3.org" <public-script-coord@w3.org>
CC: Adam Klein <adamk@google.com>, Caitlin Potter <caitpotter88@gmail.com>, Allen Wirfs-Brock <allenwb@mozilla.com>, Brian Terlson <brian.terlson@microsoft.com>, Bobby Holley <bholley@mozilla.com>
On 7/9/15 9:47 AM, Erik Arvidsson wrote:
> In ES5 the following works:
>
>    [].concat(windowFromOtherDomain)
>
> But in ES6 it fails because reading @@isConcatSpreadable throws an
> access denied error.

Good catch.

We should consider just making @@isConcatSpreadable on a cross-origin 
window work and return undefined.  This doesn't require any chances to 
ES, just to the DOM-defined behavior of cross-origin windows, and should 
give us the desired behavior, right?

> Similar issues arise with @@toStringTag and @@hasInstance

I think @@toStringTag should also simply return undefined on a 
cross-origin window.  This will give us the desired behavior of "[object 
Object]".

@@hasInstance can just throw; I can't see any use cases for having a 
cross-origin window on the _right-hand_ side of instanceof, which is 
where the @@hasInstance call happens.

> There might also be similar issues with Get(x, "constructor") and
> @@species but I believe all of them might be better of throwing.

I think throwing for those is eminently reasonable.

-Boris
Received on Thursday, 9 July 2015 18:54:28 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 9 July 2015 18:54:29 UTC