W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

Re: WebIDL and prototype chains

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 17 Jul 2009 00:58:48 +0000 (UTC)
To: Maciej Stachowiak <mjs@apple.com>
Cc: Jonas Sicking <jonas@sicking.cc>, Adam Barth <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
Message-ID: <Pine.LNX.4.62.0907170057400.12284@hixie.dreamhostps.com>
On Thu, 16 Jul 2009, Maciej Stachowiak wrote:
> On Jul 16, 2009, at 3:08 PM, Jonas Sicking wrote:
> > 
> > I definitely agree you definitely don't want the inner windows 
> > prototype values if it's a cross-origin window. What you should get is 
> > less clear to me.
> > 
> > If you should get the outer windows prototype or some sort of blank 
> > prototype. Personally it'd make the most sense to me if you got a 
> > blank prototype since that seems like the most consistent behavior.
> Window itself is even more of a special case. What I had in mind is 
> objects hanging off of Window that are accessible to a limited extent 
> cross-origin, such as History, or Location, or the postMessage function. 
> I don't think it would work to give those a blank prototype. And you 
> can't just give them the prototype chain from their home window because 
> that would be an XSS violation.

HTML5 just says that new History, Location, etc, objects are created for 
each (inner) Window object. Is this not accurate? What do browsers do?

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 17 July 2009 00:59:24 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 13:55:28 UTC