W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2012

Re: [whatwg] Location object identity and navigation behavior

From: Bobby Holley <bobbyholley@gmail.com>
Date: Fri, 9 Nov 2012 12:06:55 -0800
Message-ID: <CAKBxTc+AmYLr2VB4g+VFB2qF8hUcZ1ujTSbHjwj-wsKaAqdbtw@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: whatwg <whatwg@lists.whatwg.org>, Matt Wobensmith <mwobensmith@mozilla.com>, Boris Zbarsky <bzbarsky@mit.edu>, Johnny Stenback <jst@mozilla.com>
On Fri, Nov 9, 2012 at 11:33 AM, Adam Barth <w3c@adambarth.com> wrote:

> > That was my opinion for a while, too, but I eventually decided it was
> > necessary in Gecko.
> Can you explain why you think it is necessary?  In WebKit, the
> WindowProxy is the only object that has this magic.

As noted, the Location object is the only object whose security
characteristics don't match its scope. This requires a lot of extra goop in
our compartment-based security model, and the goop is brittle (recently
forcing us to release two out-of-band updates, 16.0.1 and 16.0.2). We've
got enough belt-and-suspenders code now that I'm not particularly worried,
but I still want to make Location just like any other object from a
security perspective.

If UAs were consistent or the spec matched reality, this would be a
different story. But given that we probably need to change the spec to
either the Trident/Presto model or the Gecko/WebKit model, I support the
former, because we've historically had problems implementing the latter
securely. Do you feel that it would be difficult to implement the former
securely in WebKit?

Also, FWIW, from the perspective of an average web-developer, IMO it makes
much more semantic sense to have one Location per WindowProxy if the
Location object describes the WindowProxy. But I doubt many people touch
this stuff in practice.

We don't want to move objects between scopes.  That causes many
> security complications that we don't want to deal with.

Are you able to just update references, like you do with WindowProxy?
That's essentially what we're doing. We actually create a new object in the
new scope and update all the old references to point to it.

> Can you answer the questions in my previous email?

Which ones? AFAICT Boris answered all of them except for the testcase thing
(which I answered). Did I miss some?

Received on Friday, 9 November 2012 20:48:37 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:48 UTC