- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 17 Jul 2009 00:58:48 +0000 (UTC)
- To: Maciej Stachowiak <mjs@apple.com>
- Cc: Jonas Sicking <jonas@sicking.cc>, Adam Barth <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
On Thu, 16 Jul 2009, Maciej Stachowiak wrote: > On Jul 16, 2009, at 3:08 PM, Jonas Sicking wrote: > > > > I definitely agree you definitely don't want the inner windows > > prototype values if it's a cross-origin window. What you should get is > > less clear to me. > > > > If you should get the outer windows prototype or some sort of blank > > prototype. Personally it'd make the most sense to me if you got a > > blank prototype since that seems like the most consistent behavior. > > Window itself is even more of a special case. What I had in mind is > objects hanging off of Window that are accessible to a limited extent > cross-origin, such as History, or Location, or the postMessage function. > I don't think it would work to give those a blank prototype. And you > can't just give them the prototype chain from their home window because > that would be an XSS violation. HTML5 just says that new History, Location, etc, objects are created for each (inner) Window object. Is this not accurate? What do browsers do? -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 17 July 2009 00:59:24 UTC