- From: James Graham <jgraham@opera.com>
- Date: Thu, 14 Jun 2012 13:04:28 +0200
- To: Boris Zbarsky <bzbarsky@MIT.EDU>, whatwg@lists.whatwg.org
On 06/14/2012 04:06 AM, Boris Zbarsky wrote: > On 6/13/12 7:44 PM, Michal Zalewski wrote: >> The degree of separation between browsing contexts is intuitive in the >> case of Chrome > > Except it's not, because Chrome will sometimes put things in the same > process when they could have gone in different ones, based on whatever > heuristics it uses for deciding whether it's spawned enough processes. > >> Let's assume that there is no Chrome-style process isolation, and that >> this is only implemented as not giving the target=_unrelated document >> the ability to traverse window.opener. If the document's opener lives >> in an already-named window (perhaps unwittingly), it won't be >> prevented from acquiring the handle via open('', >> '<name_of_that_window>'), right? > > The spec needs to require that this be prevented.... So AFAICT the spec does require that this is prevented for unrelated browsing contexts, except in the case where the two are same-origin which is allowed but with some fuzzy condition about "[if] the user agent determines that the two browsing contexts are related enough that it is ok if they reach each other". As far as I can tell only Gecko implements that and it seems reasonable that others wouldn't want to have behaviour that requires multiple event loops to interact (assuming one event loop per unit of related browsing context). Therefore I think that part of the spec should be changed to only reuse the same named window within a single unit of related browsing context.
Received on Thursday, 14 June 2012 11:06:37 UTC