W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

Re: WebIDL and prototype chains

From: Maciej Stachowiak <mjs@apple.com>
Date: Thu, 16 Jul 2009 17:50:58 -0700
Cc: Adam Barth <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
Message-id: <B84FE509-F1DE-4D39-9E13-0036C4491A9C@apple.com>
To: Jonas Sicking <jonas@sicking.cc>

On Jul 16, 2009, at 3:08 PM, Jonas Sicking wrote:

>
> I definitely agree you definitely don't want the inner windows
> prototype values if it's a cross-origin window. What you should get is
> less clear to me.
>
> If you should get the outer windows prototype or some sort of blank
> prototype. Personally it'd make the most sense to me if you got a
> blank prototype since that seems like the most consistent behavior.
>

Window itself is even more of a special case. What I had in mind is  
objects hanging off of Window that are accessible to a limited extent  
cross-origin, such as History, or Location, or the postMessage  
function. I don't think it would work to give those a blank prototype.  
And you can't just give them the prototype chain from their home  
window because that would be an XSS violation.

Regards,
Maciej
Received on Friday, 17 July 2009 00:51:44 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:32 GMT