- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Sun, 17 Jul 2011 23:41:13 -0400
- To: Geoffrey Sneddon <gsneddon@opera.com>
- CC: "public-html@w3.org" <public-html@w3.org>, public-script-coord@w3.org
On 7/17/11 4:25 PM, Geoffrey Sneddon wrote: > What is "a Window object"? The Window interface object? The Window > interface prototype object? Objects implementing the Window interface? > All three? I presume all three… You shouldn't be able to get your hands on a cross-origin Window interface object. Arguably, you should also not be able to get your hands on a cross-origin Window interface prototype object. More on this below. > What are "any properties"? Properties defined on "a Window object"? > Properties defined on anything in the prototype chain of "a Window > object"? Yes. > Internal properties on those two (obviously not all internal > properties can throw, because, e.g., [[Get]] must still work for the > exceptions)? Good question. > What does Object.getPrototypeOf do given a cross-origin window object? This is an excellent question. In Gecko's current implementation it returns a proxy (which implements the security membrane and wraps the actual cross-origin prototype object. Accessing properties on this object then throws from the proxy. But I can see the argument for making it throw too. Not sure how best to spec that if that's desired. > If Object.getPrototypeOf does return the Window interface prototype > object, what happens with property accesses on that? That has to throw, imo. > What if you create an object with it as the prototype (with Object.create)? In Gecko this seems to succeed. But again, good question. > What if you access properties on that? Needs to throw, if you can get that far. In my opinion. -Boris >
Received on Monday, 18 July 2011 03:41:45 UTC