[whatwg] Methods defined for one document called after that document is no longer the one being displayed

Ian Hickson wrote:
> I haven't mentioned the 'this' behavior, so right now |this !=== window|, 
> which breaks the invariant that there is no way to actually get hold of a 
> reference to the Window object itself (as opposed to the outer WindowProxy 
> object that forwards to the inner Window object). This requirement would 
> be a violation of ECMAScript 3.1, so if we could get that changed in 
> ES3.1, that would be great. Failing that, it should probably be in the 
> WebIDL JavaScript binding section.

As I recall, in Gecko the keyword |this| evaluates to the outer window. 
  I'm not sure what happens to the implicit |this| that's computed when 
defining a global function, say.

The reason for this setup was precisely to prevent script from getting a 
handle to the inner Window.  Since we do security checks for cross-site 
scripting in the outer Window, any ability to pass inner Windows 
cross-site would be an automatic security hole.

The setup as it exists right now allows scripts that run within a single 
window and never explicitly touch Window objects to not have to perform 
security checks on every property access.

You might want to double-check with Blake Kaplan, Brendan Eich, or 
Johnny Stenback on the above, as well as on how this fits in with 
ECMAScript 3.1.  I seem to recall something about that going by in the 
bugs when this was being worked on, but Brendan is more likely to recall 
the details than I am to be able to find them...

-Boris

Received on Saturday, 31 January 2009 19:09:22 UTC