Re: Breaking the `opener` relationship. from Mike West on 2017-04-28 (public-webappsec@w3.org from April 2017)

From: Mike West <mkwst@google.com>
Date: Fri, 28 Apr 2017 10:39:29 +0200
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Artur Janc <aaj@google.com>, Alex Russell <slightlyoff@google.com>, Emily Stark <estark@google.com>, Jonathan Watt <jwatt@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKXHy=fmED+RdK71Yvscgp3pfxu01S9g41ELOHWga1XAxwbw7Q@mail.gmail.com>

On Fri, Apr 28, 2017 at 10:26 AM, Anne van Kesteren <annevk@annevk.nl>
wrote:

> On Fri, Apr 28, 2017 at 10:10 AM, Mike West <mkwst@google.com> wrote:
> > `WindowProxy`'s `[[GetOwnProperty]]` uses
> > https://html.spec.whatwg.org/#isplatformobjectsameorigin-(-o-): I'd just
> > stick with that as a determinant of the properties listed in
> > https://html.spec.whatwg.org/#crossoriginproperties-(-o-).
>
> Wouldn't you then fail to address point 7 of the threat model?
>

I thought Emily's proposal prevented point 7 by preventing isolated pages
from setting `document.domain`, but I don't see that in the doc. Emily, am
I just making things up now? :)

Filed https://github.com/WICG/isolation/issues/12 to discuss, as I'd prefer
that approach to increasing the complexity of the `WindowProxy` checks
themselves.

-mike

Received on Friday, 28 April 2017 08:40:24 UTC