W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2013

Re: [whatwg] Window and WindowProxy

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 08 Aug 2013 15:20:53 -0400
Message-ID: <5203EF95.4000404@mit.edu>
To: Ian Hickson <ian@hixie.ch>
Cc: whatwg@lists.whatwg.org
On 8/8/13 2:50 PM, Ian Hickson wrote:
> I'd go further -- I wouldn't expose WindowProxy to other languages at all

Yes, I thought that was more or less what I said.

You still need an object to represent navigation contexts, of course.

> My point is that either way, if we do this, that means all the security
> checks have to be on Window, not WindowProxy.

I think that depends on the language and how it represents objects, 
whether untrusted code in that language is even a concept, etc.

For example, the C++ bindings for Window in browsers presumably do not 
perform security checks of any sort...

The security checks in the spec right now are very much 
JS-as-it's-practiced-on-the-web specific.  A different language, 
possibly with a different security model, would want different checks.

-Boris
Received on Thursday, 8 August 2013 19:21:20 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:23 UTC