W3C home > Mailing lists > Public > public-script-coord@w3.org > July to September 2015

Re: @@symbol hooks and cross domain frames

From: Allen Wirfs-Brock <allenwb@mozilla.com>
Date: Thu, 9 Jul 2015 09:19:36 -0700
Cc: "public-script-coord@w3.org" <public-script-coord@w3.org>, Adam Klein <adamk@google.com>, Caitlin Potter <caitpotter88@gmail.com>, Brian Terlson <brian.terlson@microsoft.com>
Message-Id: <AC1B712E-60E7-460C-92BD-924FCA063C44@mozilla.com>
To: Erik Arvidsson <arv@google.com>
On Jul 9, 2015, at 6:47 AM, Erik Arvidsson wrote:

> In ES5 the following works:
> 
>  [].concat(windowFromOtherDomain)
> 
> But in ES6 it fails because reading @@isConcatSpreadable throws an
> access denied error.
> 
> Similar issues arise with @@toStringTag and @@hasInstance
> 
> To stay web compatible we are thinking that if these [[Get]]s fail
> their access check we treat the value as undefined.

Sounds, reasonable.  The ES spec. didn't deal with this case because domain access checks is not a concept that is part of ES.

> 
> There might also be similar issues with Get(x, "constructor") and
> @@species but I believe all of them might be better of throwing.

Generally, ES6 has fall-back behaviors for undefined results from such accesses which will result in the use of a default constructor provided from the current Realm (and presumably domain).  Whether or not that is desirable seems very situational.

Allen
Received on Friday, 10 July 2015 09:24:28 UTC

This archive was generated by hypermail 2.3.1 : Friday, 10 July 2015 09:24:28 UTC