- From: Mike West <mkwst@google.com>
- Date: Fri, 24 Oct 2014 21:10:06 +0200
- To: Boris Zbarsky <bzbarsky@mit.edu>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Friday, 24 October 2014 19:10:56 UTC
On Fri, Oct 24, 2014 at 8:48 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote: > On 10/24/14, 7:13 AM, Anne van Kesteren wrote: > >> We might be ready to reconsider this. >> > > For some values of "we"... ;) > > I was wondering though whether >> the API can still be made asynchronous given everyone's out-of-process >> <iframe> aspirations. >> > > Why bother? > > The returned thing is an invariant of the browsing context (and hence of > any Window in that browsing context, etc). So you can just save it when > initially creating the browsing context and then you always have it > in-process when you need it, I think. Chromium's OOP frames work is indeed taking this route: we need synchronous origin checks all over the place, so that team is propagating the frame tree into each renderer, and doing the work to keep it synchronized. Let's see if they're successful! -mike -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 24 October 2014 19:10:56 UTC