W3C home > Mailing lists > Public > public-script-coord@w3.org > July to September 2015

Re: @@symbol hooks and cross domain frames

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Thu, 16 Jul 2015 20:13:59 -0400
Message-ID: <55A848C7.1060407@mit.edu>
To: Adam Klein <adamk@google.com>
CC: Erik Arvidsson <arv@google.com>, "public-script-coord@w3.org" <public-script-coord@w3.org>, Caitlin Potter <caitpotter88@gmail.com>, Allen Wirfs-Brock <allenwb@mozilla.com>, Brian Terlson <brian.terlson@microsoft.com>, Bobby Holley <bholley@mozilla.com>
On 7/16/15 7:37 PM, Adam Klein wrote:
> Can you sketch this in just slightly more detail? Yes, everything is on
> instances. Additionally, any attempt to [[Get]] a data property
> cross-origin fails.

Looking at https://etherpad.mozilla.org/html5-cross-origin-objects in 
the section describing [[GetOwnProperty]] there's this bit:

   If the property is a value-prop and whitelisted for reading, return
   a property descriptor with |configurable| set to true, |enumerable|
   set to false, |writable| set to false, and |value|to a
   Caller-Appropriate Representation of the Original value.

This is needed to support things like location.replace() cross-origin; 
the [[Get]] of the "replace" property needs to succeed.

I'm just suggesting we use this exact mechanism for @@isConcatSpreadable 
(as in, make that property name "whitelisted for reading"), with the 
"Caller-Appropriate Representation" being the ES value undefined.

-Boris
Received on Friday, 17 July 2015 00:14:31 UTC

This archive was generated by hypermail 2.3.1 : Friday, 17 July 2015 00:14:32 UTC