W3C home > Mailing lists > Public > www-archive@w3.org > October 2015

Re: Defining exotic objects in IDL, HTML, or both?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 16 Oct 2015 11:16:20 +0200
Message-ID: <CADnb78jtCrGSBNqjG0N7xDwfpkU-JpUsiD6YckH7Qf8xz6fiig@mail.gmail.com>
To: Bobby Holley <bholley@mozilla.com>
Cc: Boris Zbarsky <bzbarsky@mit.edu>, Domenic Denicola <d@domenic.me>, Cameron McCormack <cam@mcc.id.au>, www-archive <www-archive@w3.org>
On Tue, Oct 13, 2015 at 7:21 PM, Bobby Holley <bholley@mozilla.com> wrote:
> To be clear, there's no concept of 'wrapping' in the cross-origin spec.
> Instead, the spec talks about 'minting' a fresh per-origin object to
> represent a 'concept' (Window or Location).

I don't understand how we can mint fresh objects yet also expect those
objects to === each other if they proxy the same underlying
object/concept.


> That was mostly outside the scope of the cross-origin object summit, IIRC.
> We defined things in terms of Window, not WindowProxy, and assumed that
> WindowProxy would do its magic and forward somehow. Note that WindowProxy is
> another one of those access points that might give you a reference
> (implicitly) to a cross-origin object.

Since WindowProxy is the object that is exposed to JavaScript wouldn't
it be better to handle all the security logic there? And similarly
redefine Location somehow to also handle all the security logic?

https://bugzilla.mozilla.org/show_bug.cgi?id=1214375 suggests that
separating between same-origin and cross-origin objects is not
necessarily helpful.


-- 
https://annevankesteren.nl/
Received on Friday, 16 October 2015 09:16:47 UTC

This archive was generated by hypermail 2.3.1 : Friday, 16 October 2015 09:16:48 UTC