- From: Fred Andrews <fredandw@live.com>
- Date: Sat, 27 Oct 2012 00:09:51 +0000
- To: "public-pua@w3.org" <public-pua@w3.org>
- Message-ID: <BLU002-W8176C3A592299144B227E6AA7D0@phx.gbl>
An implementation of a 'shared DOM' is looking non-trivial, so I'll rework the draft to keep the Private and Shared contexts in separate effective origins. Then the existing infrastructure for enforcing the 'same origin' restrictions can be used to keep the Private and Shared contexts apart. For Firefox they will be in separate compartments with separate global objects and some extra flags will be added to the principle. The Shared context can forward content to the Private context by posting a message, but the reverse would be be allowed. This should be adequate for some AJAX designs. It's still not clear if two separate binary flags will be add, one for the Private and one for the Shared context restrictions, but if so then this would also add a third restricted context with both sets of restrictions applied (no clear yet if this would be useful). I still hope to get a more coherent proposal out before the meetings next week. cheers Fred > One approach to passing state between these contexts is a shared DOM that > has different views from each context. A shared context would be able to write > to the DOM and the change could be seen in the private context. A change > made to the DOM from a private context would be flagged as tainted and would >not be seen from the shared context.
Received on Saturday, 27 October 2012 00:10:18 UTC