W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2012

Re: [whatwg] Proposal for Links to Unrelated Browsing Contexts

From: James Graham <jgraham@opera.com>
Date: Thu, 14 Jun 2012 13:04:28 +0200
Message-ID: <4FD9C53C.7050609@opera.com>
To: Boris Zbarsky <bzbarsky@MIT.EDU>, whatwg@lists.whatwg.org
On 06/14/2012 04:06 AM, Boris Zbarsky wrote:
> On 6/13/12 7:44 PM, Michal Zalewski wrote:
>> The degree of separation between browsing contexts is intuitive in the
>> case of Chrome
>
> Except it's not, because Chrome will sometimes put things in the same
> process when they could have gone in different ones, based on whatever
> heuristics it uses for deciding whether it's spawned enough processes.
>
>> Let's assume that there is no Chrome-style process isolation, and that
>> this is only implemented as not giving the target=_unrelated document
>> the ability to traverse window.opener. If the document's opener lives
>> in an already-named window (perhaps unwittingly), it won't be
>> prevented from acquiring the handle via open('',
>> '<name_of_that_window>'), right?
>
> The spec needs to require that this be prevented....

So AFAICT the spec does require that this is prevented for unrelated 
browsing contexts, except in the case where the two are same-origin 
which is allowed but with some fuzzy condition about "[if] the user 
agent determines that the two browsing contexts are related enough that 
it is ok if they reach each other". As far as I can tell only Gecko 
implements that and it seems reasonable that others wouldn't want to 
have behaviour that requires multiple event loops to interact (assuming 
one event loop per unit of related browsing context).

Therefore I think that part of the spec should be changed to only reuse 
the same named window within a single unit of related browsing context.
Received on Thursday, 14 June 2012 11:06:37 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:43 UTC