[whatwg] Location object identity and navigation behavior

Bobby Holley bobbyholley at gmail.com
Fri Nov 9 12:06:55 PST 2012

On Fri, Nov 9, 2012 at 11:33 AM, Adam Barth <w3c at adambarth.com> wrote:

> > That was my opinion for a while, too, but I eventually decided it was
> > necessary in Gecko.
> Can you explain why you think it is necessary?  In WebKit, the
> WindowProxy is the only object that has this magic.

As noted, the Location object is the only object whose security
characteristics don't match its scope. This requires a lot of extra goop in
our compartment-based security model, and the goop is brittle (recently
forcing us to release two out-of-band updates, 16.0.1 and 16.0.2). We've
got enough belt-and-suspenders code now that I'm not particularly worried,
but I still want to make Location just like any other object from a
security perspective.

If UAs were consistent or the spec matched reality, this would be a
different story. But given that we probably need to change the spec to
either the Trident/Presto model or the Gecko/WebKit model, I support the
former, because we've historically had problems implementing the latter
securely. Do you feel that it would be difficult to implement the former
securely in WebKit?

Also, FWIW, from the perspective of an average web-developer, IMO it makes
much more semantic sense to have one Location per WindowProxy if the
Location object describes the WindowProxy. But I doubt many people touch
this stuff in practice.

We don't want to move objects between scopes.  That causes many
> security complications that we don't want to deal with.

Are you able to just update references, like you do with WindowProxy?
That's essentially what we're doing. We actually create a new object in the
new scope and update all the old references to point to it.

> Can you answer the questions in my previous email?

Which ones? AFAICT Boris answered all of them except for the testcase thing
(which I answered). Did I miss some?


More information about the whatwg mailing list