- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 13 Feb 2009 03:15:42 +0000 (UTC)
On Sat, 31 Jan 2009, Boris Zbarsky wrote: > > Ian Hickson wrote: > > I haven't mentioned the 'this' behavior, so right now |this !=== > > window|, which breaks the invariant that there is no way to actually > > get hold of a reference to the Window object itself (as opposed to the > > outer WindowProxy object that forwards to the inner Window object). > > This requirement would be a violation of ECMAScript 3.1, so if we > > could get that changed in ES3.1, that would be great. Failing that, it > > should probably be in the WebIDL JavaScript binding section. > > As I recall, in Gecko the keyword |this| evaluates to the outer window. > I'm not sure what happens to the implicit |this| that's computed when > defining a global function, say. > > The reason for this setup was precisely to prevent script from getting a > handle to the inner Window. Since we do security checks for cross-site > scripting in the outer Window, any ability to pass inner Windows > cross-site would be an automatic security hole. > > The setup as it exists right now allows scripts that run within a single > window and never explicitly touch Window objects to not have to perform > security checks on every property access. > > You might want to double-check with Blake Kaplan, Brendan Eich, or > Johnny Stenback on the above, as well as on how this fits in with > ECMAScript 3.1. I seem to recall something about that going by in the > bugs when this was being worked on, but Brendan is more likely to recall > the details than I am to be able to find them... I've pinged Brendan about this, but on the short term, I've put the requirement in HTML5, so that we don't lose it. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 12 February 2009 19:15:42 UTC