- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Mon, 19 Nov 2012 21:46:25 -0500
- To: Ian Hickson <ian@hixie.ch>
- Cc: whatwg <whatwg@lists.whatwg.org>, Matt Wobensmith <mwobensmith@mozilla.com>, Johnny Stenback <jst@mozilla.com>, Bobby Holley <bobbyholley@gmail.com>, Adam Barth <w3c@adambarth.com>
On 11/19/12 8:38 PM, Ian Hickson wrote: > For now I've tightened up the spec so it should be implementable, secure, > and Web-compatible I don't believe it's secure as currently written, actually. Filed https://www.w3.org/Bugs/Public/show_bug.cgi?id=20012 > I'm also curious as to why figuring out the "entry script"'s > characteristics needs to use the stack introspection rather than just > having an event-loop global "first script" variable You can maintain a stack of entry scripts. You can't use a global, because you need to push and pop entry scripts as various things happen (e.g. invoking event listeners sets the entry script to the event listener function's script for the duration of the event listener invocation). There is no such stack of entry scripts in Gecko yet, but we're working on changing that. The thing that _really_ requires stack introspection is when you need to look at the caller script instead of the entry script. Which is what you need to do when performing Location security checks (or indeed, any security checks). -Boris
Received on Tuesday, 20 November 2012 03:40:48 UTC