Re: [whatwg] Window and WindowProxy from Boris Zbarsky on 2013-08-06 (public-whatwg-archive@w3.org from August 2013)

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 06 Aug 2013 14:46:45 -0400
To: whatwg@lists.whatwg.org
Message-ID: <52014495.8070609@mit.edu>

On 8/6/13 2:30 PM, Ian Hickson wrote:
> I think there are other invariants that make them equivalent that are
> relevant here. In particular:
>
> D) When a Window is a script's global object, that script is always going
>     to be same-origin with the Window

Ah, yes.  Yes, that one is important too.  ;)

> I think actually invariants A and B are mooted by invariant D. That is, if
> they weren't true, we'd still be ok, because the security check is always
> going to be safe given D.

Invariants A is needed because otherwise the behavior of objects with 
indexed properties (wherein they disallow adding indexed properties to 
them) would conflict with the ES-spec behavior of "var".

Invariant B is needed because otherwise you could look up a property 
named "0" on a Window directly, and if the indexed props live on the 
WindowProxy you would unexpectedly get undefined instead of the first 
child window.

Neither one of those is about the security check situation, afaict.

> But if invariant D was broken, then it seems like A and B would become
> problematic if we moved the security checks to the WindowProxy rather than
> to the Window.

Yes, agreed.

There are two somewhat-orthogonal concerns here:

1)  Where do the security checks live?
2)  Where do the indexed properties live?

> If invariant C is broken, e.g. because in some new language we don't have
> a WindowProxy and instead return the real Window for the current Document,
> or whatnot, whenever you access the Window object, it seems like we'd also
> actually want the security checks on Window.

Yes.

> Do these last two points affect your conclusions?

I don't think they affect what I want to happen for indexed properties. 
  That part is actually more important to me right now than the much 
more underspecified security check story; I expect as we fully specify 
the security checks in terms of the MOP (which we need to do) it'll 
become more obvious whether they need to live on the Window or the 
WindowProxy or both....

> It doesn't seem like that much more prose, at least, not if we're keeping
> the same level of precision. (If we want more, that's a different matter.)

Oh, I want more precision for sure.  ;)

> What do other vendors think?

I'd love to know this too.

> but since it's a one-off object, maybe it's not worth it.

I don't think it's worth it at all, frankly.

-Boris

Received on Tuesday, 6 August 2013 18:47:11 UTC