W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

Re: WebIDL and prototype chains

From: Maciej Stachowiak <mjs@apple.com>
Date: Thu, 16 Jul 2009 17:50:58 -0700
Cc: Adam Barth <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
Message-id: <B84FE509-F1DE-4D39-9E13-0036C4491A9C@apple.com>
To: Jonas Sicking <jonas@sicking.cc>

On Jul 16, 2009, at 3:08 PM, Jonas Sicking wrote:

> I definitely agree you definitely don't want the inner windows
> prototype values if it's a cross-origin window. What you should get is
> less clear to me.
> If you should get the outer windows prototype or some sort of blank
> prototype. Personally it'd make the most sense to me if you got a
> blank prototype since that seems like the most consistent behavior.

Window itself is even more of a special case. What I had in mind is  
objects hanging off of Window that are accessible to a limited extent  
cross-origin, such as History, or Location, or the postMessage  
function. I don't think it would work to give those a blank prototype.  
And you can't just give them the prototype chain from their home  
window because that would be an XSS violation.

Received on Friday, 17 July 2009 00:51:44 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 February 2015 14:36:37 UTC