[whatwg] Location object identity and navigation behavior
bzbarsky at MIT.EDU
Thu Nov 8 22:21:22 PST 2012
On 11/8/12 6:09 PM, Adam Barth wrote:
> I don't think I quite understand what you mean, but the way this works
> in WebKit is that each Window object has its own Location object.
That's not how it works in Presto and Trident, as far as we can tell
based on testing with "==". In those, each WindowProxy has its own
> The location object operates on the current Window for the WindowProxy.
Yes. _That_ all browsers are consistent on, and is totally not what the
spec says right now. In the spec, there is one Location per Window, and
the object operates on the Window it's associated with. The fact that
this does not match any browsers is what makes us suspect the spec is
> In WebKit at least, it would be a security vulnerability to expose
> that would give Document A access to the prototype objects for
> Document B.
You presumably have a solution for this situation for the WindowProxy
case, right? Certainly Gecko does, and we would be using the same
solution for Location if we tie the lifetime of a Location to the
lifetime of a WindowProxy.
P.S. I'll leave it to Matt and Bobby to answer your question about your
testcase with function f(), because while I suspect I know what UAs do
there in practice there is no way to tell without actually testing...
More information about the whatwg