- From: Daniel Ehrenberg <notifications@github.com>
- Date: Tue, 17 Nov 2020 03:17:07 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/542/728861238@github.com>
@atanassov > @leobalter or @littledan what are the new communication channels that will be possible with having this new capability? Having read the explainer and security questionnaire I couldn't find a clear answer if they will be less or more compared to what is available today. > For example, could some nested realm that happen to be cross origin be able to leak/get information from the top level document that's not possible today? Also, if I create a real in one scope with mutation observers etc. and pass it to another realm could that become leaky? > Again, I'm sure this is probably already answered somewhere but it wasn't obvious or easy for understand. Any pointers appreciated. Realms do not create new communication channels. A cross-origin Realm is not very useful--it acts generally like any other sort of cross-origin object (you can't call functions) and does not expose new information from documents. This isn't really documented anywhere since it's not a meaningful use case, and falls out of the rest of the semantics. I'm having trouble understanding the MutationObserver issue better. A Realm will keep its parent document alive, but I'm not sure what you mean by "in one scope with mutation observers". What is the leak you're concerned about? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/542#issuecomment-728861238
Received on Tuesday, 17 November 2020 11:17:19 UTC