- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 7 Aug 2013 21:18:24 +0000 (UTC)
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- Cc: whatwg@lists.whatwg.org
On Tue, 6 Aug 2013, Boris Zbarsky wrote: > > There are two somewhat-orthogonal concerns here: > > 1) Where do the security checks live? > 2) Where do the indexed properties live? Oh, interesting. I hadn't considered moving the indexed properties, only moving the security checks. We could indeed move the indexed properties to WindowProxy, while leaving the security checks (which apply to non-indexed properties only) on Window. This would still address my concern, which is that if we move the security checks to WindowProxy, and then break the invariant whereby you can't actually get to a cross-origin Window directly, you would suddenly have a security hole. Would it address your concerns? (I'm not sure I 100% understand what those are yet, i.e. why you want this moved.) The difficulty with moving just the indexed properties are that "length" would now be on a different object than what it describes. Also, it would complicate the WindowProxy magic -- now, instead of it just being a proxy, it would be a proxy except for certain properties. Can you elaborate on what the problem is with the current approach? -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 7 August 2013 21:18:53 UTC