W3C home > Mailing lists > Public > public-script-coord@w3.org > January to March 2016

[Bug 29386] Account for WindowProxy (window proxy)

From: <bugzilla@jessica.w3.org>
Date: Thu, 11 Feb 2016 16:37:35 +0000
To: public-script-coord@w3.org
Message-ID: <bug-29386-3890-8TWPGMABON@http.www.w3.org/Bugs/Public/>

--- Comment #1 from Anne <annevk@annevk.nl> ---
The conclusion from that bug seems to be that we don't pass around Window, only
WindowProxy. Places that accept a WindowProxy as input would be UIEvent and
MessageEvent. As far as I can tell no security check is needed for that.

We might also to prevent Window from being accepted or returned anywhere
syntax-wise, so folks always end up with WindowProxy if they were not paying

Web IDL does need to make sure that "perform a security check" happens on the
Window object, not the WindowProxy, as I mentioned.

Together with https://github.com/whatwg/html/pull/638 I'm hopeful we'll finally
have a solid baseline in standards for these objects. Some iteration is likely
still required, but it should be much better than before.

You are receiving this mail because:
You are on the CC list for the bug.
Received on Thursday, 11 February 2016 16:37:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:25 UTC