Re: WebIDL and prototype chains

On Thu, Jul 16, 2009 at 2:59 PM, Maciej Stachowiak<mjs@apple.com> wrote:
>
> On Jul 16, 2009, at 10:45 AM, Adam Barth wrote:
>
>> When a browser creates an instance of a DOM object defined by an
>> WebIDL interface, the browser must choose where to connect it's
>> prototype chain.  For example, consider this case (where frames[0] is
>> a same-origin child frame):
>>
>> var doc = frames[0].document;
>>
>> 1) To which global object's prototypes ought |doc| connect to, the
>> parent frame running the script or the child frame from which we
>> obtained the document?
>>
>> 2) Where is this behavior specified?  If the behavior is currently not
>> specified, which spec ought to contain the requirements?
>>
>> My best guess is that the prototype chain ought to connect to the
>> child's prototype (because the document "is owned by" the child frame)
>> and that the WebIDL spec ought to include this requirement (because
>> WebIDL explains how to reify abstract DOM interfaces in ECMAScript).
>>
>> Thoughts?
>
> One thing to note: any object or method that is exposed cross-origin should
> specifically *not* have this behavior. Instead, it should create a separate
> interface object in every frame that accesses the property. window.history,
> window.location and window.postMessage are examples that require this
> treatment. Web IDL needs to give a hook to other specs so they can specify
> that cross-origin properties need to get this different treatment.

I definitely agree you definitely don't want the inner windows
prototype values if it's a cross-origin window. What you should get is
less clear to me.

If you should get the outer windows prototype or some sort of blank
prototype. Personally it'd make the most sense to me if you got a
blank prototype since that seems like the most consistent behavior.

/ Jonas

Received on Thursday, 16 July 2009 22:09:57 UTC