- From: <bugzilla@jessica.w3.org>
- Date: Thu, 11 Feb 2016 16:37:35 +0000
- To: public-script-coord@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29386 --- Comment #1 from Anne <annevk@annevk.nl> --- The conclusion from that bug seems to be that we don't pass around Window, only WindowProxy. Places that accept a WindowProxy as input would be UIEvent and MessageEvent. As far as I can tell no security check is needed for that. We might also to prevent Window from being accepted or returned anywhere syntax-wise, so folks always end up with WindowProxy if they were not paying attention. Web IDL does need to make sure that "perform a security check" happens on the Window object, not the WindowProxy, as I mentioned. Together with https://github.com/whatwg/html/pull/638 I'm hopeful we'll finally have a solid baseline in standards for these objects. Some iteration is likely still required, but it should be much better than before. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Thursday, 11 February 2016 16:37:43 UTC