- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Thu, 08 Aug 2013 15:20:53 -0400
- To: Ian Hickson <ian@hixie.ch>
- Cc: whatwg@lists.whatwg.org
On 8/8/13 2:50 PM, Ian Hickson wrote: > I'd go further -- I wouldn't expose WindowProxy to other languages at all Yes, I thought that was more or less what I said. You still need an object to represent navigation contexts, of course. > My point is that either way, if we do this, that means all the security > checks have to be on Window, not WindowProxy. I think that depends on the language and how it represents objects, whether untrusted code in that language is even a concept, etc. For example, the C++ bindings for Window in browsers presumably do not perform security checks of any sort... The security checks in the spec right now are very much JS-as-it's-practiced-on-the-web specific. A different language, possibly with a different security model, would want different checks. -Boris
Received on Thursday, 8 August 2013 19:21:20 UTC