Re: [XHR] Constructor behavior seems to be underdefined

On 4/2/12 6:15 PM, Ian Hickson wrote:
> Interesting. When speccing this stuff years ago, I do not recall coming
> across any browser other than Opera that had any security checks on
> objects other than the few that the spec talks about.

For what it's worth, I believe Gecko does the checks today too, on some 
properties.  Just not all of them.  It's a bit ad-hoc, because there are 
multiple sets of DOM bindings involved, unfortunately.

> In general, unless there's a good security reason to do the checks, I
> think we'd be better off not doing them here. Having the checks can be
> expensive; it means at a minimum an extra pointer comparison and branch
> before each member access, which seems like a lot of expensive checking
> for something that really doesn't matter that much.

I agree; I'm going to run this by the security folks to see what they think.

-Boris

Received on Monday, 2 April 2012 22:18:42 UTC