W3C home > Mailing lists > Public > public-script-coord@w3.org > July to September 2012

Spec for location object needs to make some properties unforgeable; need supporting WebIDL changes

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 25 Sep 2012 01:10:11 -0400
Message-ID: <50613CB3.5030302@mit.edu>
To: whatwg <whatwg@lists.whatwg.org>, "public-script-coord@w3.org" <public-script-coord@w3.org>
Turns out, some things care about at least the .href and .toString of 
Location objects for security-check purposes.  So they need to be 
unforgeable.  But of course WebIDL doesn't provide a way to make 
anything other than readonly attributes unforgeable.  It seems like it 
needs to.

In terms of current UA behavior for Location, it is full of weird.  The 
only interoparable part seems to be that href and toString can't be 
effectively redefined.

In IE and Gecko, neither can any of the other IDL properties of Location 
objects.  So we have indications that making everything on this 
interface unforgeable is sufficiently web-compatible.

Specifically, on the attached testcase, I see the following behavior:

   * toString is not an own prop, is a configurable prop on the proto,
     but defineProperty on the object for it fails with an exception due
     to it not being configurable(!)
   * href is a non-configurable own prop
   * assign/replace/reload are normal props on the proto
   * The rest are normal accessor props on the object itself.


   * toString is a non-configurable readonly own prop
   * href is a non-configurable own prop for which defineProperty
     silently does nothing.
   * assign/replace/reload are just like toString
   * The rest are "normal" data props on the object, except
     defineProperty does not change the value, which it should
     for normal props.


   * toString is a non-configurable readonly own prop and also a
     non-configurable writable prop on the proto.  Except
     location.hasOwnProperty("toString") returns false.
   * href is a non-configurable readonly own prop
   * assign/replace/reload are just like toString except writable, so
     defineProperty can change the value.
   * The rest are all readonly non-configurable props on the object


   * It's all weird, because location is actually a bizarro proxy object
     (e.g. it has no __proto__ property, returns weird stuff that can't
     be stringified from Object.getPrototypeOf()).
   * The key part is that trying to redefine _any_ of the properties
     that live on Location.prototype on the location object itself is
     disallowed in Gecko.


   * All properties throw when getting property descriptors on location
   * Some properties are configurable on the proto and some are not.
   * All properties throw when trying to redefine.  Including non-IDL
     properties.  Setting expandos works fine, though.
   * All properties claim to not be own properties.


Received on Tuesday, 25 September 2012 05:13:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:07 UTC