- From: Geoffrey Sneddon <gsneddon@opera.com>
- Date: Sun, 17 Jul 2011 21:25:12 +0100
- To: "public-html@w3.org" <public-html@w3.org>, public-script-coord@w3.org
The current text here is: "User agents must raise a SECURITY_ERR exception whenever any properties of a Window object are accessed by scripts whose effective script origin is not the same as the Window object's Document's effective script origin, with the following exceptions…" What is "a Window object"? The Window interface object? The Window interface prototype object? Objects implementing the Window interface? All three? I presume all three… What are "any properties"? Properties defined on "a Window object"? Properties defined on anything in the prototype chain of "a Window object"? Internal properties on those two (obviously not all internal properties can throw, because, e.g., [[Get]] must still work for the exceptions)? What does Object.getPrototypeOf do given a cross-origin window object? Per ECMAScript 5.1 it would seem quite clear that is has to return the Window interface prototype object, but is this desirable? (__proto__ throws SECURITY_ERR, as is fairly obvious, but should accessing [[Prototype]] do so too?) If Object.getPrototypeOf does return the Window interface prototype object, what happens with property accesses on that? What if you create an object with it as the prototype (with Object.create)? What if you access properties on that? -- Geoffrey Sneddon — Opera Software <http://gsnedders.com> <http://opera.com>
Received on Sunday, 17 July 2011 20:25:45 UTC