- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 12 Feb 2009 22:28:47 -0800
On Thu, Feb 12, 2009 at 7:15 PM, Ian Hickson <ian at hixie.ch> wrote: > On Sat, 31 Jan 2009, Boris Zbarsky wrote: >> >> Ian Hickson wrote: >> > I haven't mentioned the 'this' behavior, so right now |this !=== >> > window|, which breaks the invariant that there is no way to actually >> > get hold of a reference to the Window object itself (as opposed to the >> > outer WindowProxy object that forwards to the inner Window object). >> > This requirement would be a violation of ECMAScript 3.1, so if we >> > could get that changed in ES3.1, that would be great. Failing that, it >> > should probably be in the WebIDL JavaScript binding section. >> >> As I recall, in Gecko the keyword |this| evaluates to the outer window. >> I'm not sure what happens to the implicit |this| that's computed when >> defining a global function, say. >> >> The reason for this setup was precisely to prevent script from getting a >> handle to the inner Window. Since we do security checks for cross-site >> scripting in the outer Window, any ability to pass inner Windows >> cross-site would be an automatic security hole. >> >> The setup as it exists right now allows scripts that run within a single >> window and never explicitly touch Window objects to not have to perform >> security checks on every property access. >> >> You might want to double-check with Blake Kaplan, Brendan Eich, or >> Johnny Stenback on the above, as well as on how this fits in with >> ECMAScript 3.1. I seem to recall something about that going by in the >> bugs when this was being worked on, but Brendan is more likely to recall >> the details than I am to be able to find them... > > I've pinged Brendan about this, but on the short term, I've put the > requirement in HTML5, so that we don't lose it. cc'ing a couple of people that are intimately familiar with how the split-window implementation works in gecko. / Jonas
Received on Thursday, 12 February 2009 22:28:47 UTC