- From: Bobby Holley <bobbyholley@gmail.com>
- Date: Fri, 9 Nov 2012 12:06:55 -0800
- To: Adam Barth <w3c@adambarth.com>
- Cc: whatwg <whatwg@lists.whatwg.org>, Matt Wobensmith <mwobensmith@mozilla.com>, Boris Zbarsky <bzbarsky@mit.edu>, Johnny Stenback <jst@mozilla.com>
On Fri, Nov 9, 2012 at 11:33 AM, Adam Barth <w3c@adambarth.com> wrote: > > That was my opinion for a while, too, but I eventually decided it was > > necessary in Gecko. > > Can you explain why you think it is necessary? In WebKit, the > WindowProxy is the only object that has this magic. > As noted, the Location object is the only object whose security characteristics don't match its scope. This requires a lot of extra goop in our compartment-based security model, and the goop is brittle (recently forcing us to release two out-of-band updates, 16.0.1 and 16.0.2). We've got enough belt-and-suspenders code now that I'm not particularly worried, but I still want to make Location just like any other object from a security perspective. If UAs were consistent or the spec matched reality, this would be a different story. But given that we probably need to change the spec to either the Trident/Presto model or the Gecko/WebKit model, I support the former, because we've historically had problems implementing the latter securely. Do you feel that it would be difficult to implement the former securely in WebKit? Also, FWIW, from the perspective of an average web-developer, IMO it makes much more semantic sense to have one Location per WindowProxy if the Location object describes the WindowProxy. But I doubt many people touch this stuff in practice. We don't want to move objects between scopes. That causes many > security complications that we don't want to deal with. > Are you able to just update references, like you do with WindowProxy? That's essentially what we're doing. We actually create a new object in the new scope and update all the old references to point to it. > Can you answer the questions in my previous email? > Which ones? AFAICT Boris answered all of them except for the testcase thing (which I answered). Did I miss some? Cheers, bholley
Received on Friday, 9 November 2012 20:48:37 UTC