- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 13 Jun 2012 22:06:31 -0400
- To: whatwg@lists.whatwg.org
On 6/13/12 7:44 PM, Michal Zalewski wrote:
> The degree of separation between browsing contexts is intuitive in the
> case of Chrome
Except it's not, because Chrome will sometimes put things in the same
process when they could have gone in different ones, based on whatever
heuristics it uses for deciding whether it's spawned enough processes.
> Let's assume that there is no Chrome-style process isolation, and that
> this is only implemented as not giving the target=_unrelated document
> the ability to traverse window.opener. If the document's opener lives
> in an already-named window (perhaps unwittingly), it won't be
> prevented from acquiring the handle via open('',
> '<name_of_that_window>'), right?
The spec needs to require that this be prevented....
-Boris
Received on Thursday, 14 June 2012 02:07:52 UTC