- From: Bobby Holley <bobbyholley@gmail.com>
- Date: Fri, 9 Nov 2012 09:43:54 -0800
- To: Adam Barth <w3c@adambarth.com>
- Cc: whatwg <whatwg@lists.whatwg.org>, Matt Wobensmith <mwobensmith@mozilla.com>, Boris Zbarsky <bzbarsky@mit.edu>, Johnny Stenback <jst@mozilla.com>
On Fri, Nov 9, 2012 at 9:30 AM, Adam Barth <w3c@adambarth.com> wrote: > On Thu, Nov 8, 2012 at 10:21 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote: > > You presumably have a solution for this situation for the WindowProxy > case, > > right? Certainly Gecko does, and we would be using the same solution for > > Location if we tie the lifetime of a Location to the lifetime of a > > WindowProxy. > > The WindowProxy is a special, magical object because references to it > magically change which JavaScript object they refer to over time. If > possible, I would like to avoid infecting other objects with its > magic. > That was my opinion for a while, too, but I eventually decided it was necessary in Gecko. Right now, the Location object is the only object whose security characteristics are not guaranteed to match its global, which is a major pain point for us. I think the current spec language would be the most ideal approach, but as noted I doubt it'll fly on the web. FWIW, this turned out to be much simpler to implement than I thought. We've already worked out where we need to put the logic to make WindowProxy update appropriately, and we already had code to move objects like Location between scopes (which we needed to do for document.write). I'd imagine WebKit has the former, though I'm not sure about the latter. bholley
Received on Friday, 9 November 2012 18:08:31 UTC