- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Mon, 02 Apr 2012 18:18:10 -0400
- To: Ian Hickson <ian@hixie.ch>
- CC: Simon Pieters <simonp@opera.com>, Cameron McCormack <cam@mcc.id.au>, public-webapps@w3.org, "public-script-coord@w3.org" <public-script-coord@w3.org>
On 4/2/12 6:15 PM, Ian Hickson wrote: > Interesting. When speccing this stuff years ago, I do not recall coming > across any browser other than Opera that had any security checks on > objects other than the few that the spec talks about. For what it's worth, I believe Gecko does the checks today too, on some properties. Just not all of them. It's a bit ad-hoc, because there are multiple sets of DOM bindings involved, unfortunately. > In general, unless there's a good security reason to do the checks, I > think we'd be better off not doing them here. Having the checks can be > expensive; it means at a minimum an extra pointer comparison and branch > before each member access, which seems like a lot of expensive checking > for something that really doesn't matter that much. I agree; I'm going to run this by the security folks to see what they think. -Boris
Received on Monday, 2 April 2012 22:18:42 UTC