- From: Mark S. Miller <erights@google.com>
- Date: Sun, 19 Feb 2012 12:26:43 -0800
- To: Boris Zbarsky <bzbarsky@mit.edu>
- Cc: public-script-coord@w3.org
- Message-ID: <CABHxS9jVTR_oEzYRZ=Mwp4ZzEWoCTTpT9aR2V4Ki8xr385zBKQ@mail.gmail.com>
On Sun, Feb 19, 2012 at 11:37 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 2/19/12 6:12 AM, Mark S. Miller wrote:
>
>> Is this true for same origin iframes? I have always assumed that mixing
>> heaps between same origin iframes results in unmediated direct
>> object-to-object access.
>>
>
> It does in Gecko right now, but that's a bug that we're fixing.
>
> The reason it's a bug is that "same origin" is not a time-invariant
> concept. So you can't actually have unmediated direct access across
> iframes.
I've wondered about that. So if frames A and B are currently of the same
origin and mix heaps, and frame A truncates its origin, they are now of
different origins? What happens to all the pointers between them once that
happens? The normal premise is that if they are different origins then they
are prevented from obtaining most accesses to each other's objects in the
first place. I suppose this is the point you're making: In order to revoke
such now-inappropriate access, you have to mediate all inter-frame pointers.
But I'm still confused. Doesn't the origin truncation force a reload,
resulting in a fresh set of objects in the new origin? Shouldn't we still
consider the earlier objects to be of the earlier origin?
--
Cheers,
--MarkM
Received on Sunday, 19 February 2012 20:27:11 UTC