- From: Boris Zbarsky <bzbarsky@mit.edu>
- Date: Fri, 16 Oct 2015 11:49:06 -0400
- To: Domenic Denicola <d@domenic.me>, Anne van Kesteren <annevk@annevk.nl>
- Cc: Bobby Holley <bholley@mozilla.com>, Cameron McCormack <cam@mcc.id.au>, www-archive <www-archive@w3.org>
On 10/16/15 11:33 AM, Domenic Denicola wrote: > What is the downside of just using the same WindowProxy and Location objects? As I just said to Anne on IRC, the goal of this exercise is to define some properties that: 1) Give us the right security guarantees. 2) Are self-consistent. 3) Don't overconstrain implementation. Because we need to get several UAs with widely divergent security architectures to agree here. The goal is that if your proposal is not black-box distinguishable from the spec, then it's a perfectly fine implementation of the spec. > Otherwise we're going to have to do a willful violation of ES262 with regard to === semantics, if I am understanding correctly. Gecko, with our membrane setup does not need any such violation. I can't speak to other implementation strategies. I'm open to whatever spec language we care to write which allows the variety of implementation strategies we want to allow while providing the guarantees we desire. I'm assuming you have at least skimmed <https://www.w3.org/Bugs/Public/show_bug.cgi?id=20701>. If you have not, you should. Please pay particular attention to abarth's comments, since those have the most to do with the "object per origin" semantics (which are what Blink currently implements) and also pay attention to https://www.w3.org/Bugs/Public/show_bug.cgi?id=20701#c87 and https://www.w3.org/Bugs/Public/show_bug.cgi?id=20701#c105 at the very least. It would be nice to stop retreading the same ground and make forward progress. ;) -Boris
Received on Friday, 16 October 2015 15:49:37 UTC