[whatwg] Location object identity and navigation behavior

Adam Barth w3c at adambarth.com
Fri Nov 9 12:17:59 PST 2012

On Fri, Nov 9, 2012 at 12:06 PM, Bobby Holley <bobbyholley at gmail.com> wrote:
> On Fri, Nov 9, 2012 at 11:33 AM, Adam Barth <w3c at adambarth.com> wrote:
>> > That was my opinion for a while, too, but I eventually decided it was
>> > necessary in Gecko.
>> Can you explain why you think it is necessary?  In WebKit, the
>> WindowProxy is the only object that has this magic.
> As noted, the Location object is the only object whose security
> characteristics don't match its scope. This requires a lot of extra goop in
> our compartment-based security model, and the goop is brittle (recently
> forcing us to release two out-of-band updates, 16.0.1 and 16.0.2). We've got
> enough belt-and-suspenders code now that I'm not particularly worried, but I
> still want to make Location just like any other object from a security
> perspective.
> If UAs were consistent or the spec matched reality, this would be a
> different story. But given that we probably need to change the spec to
> either the Trident/Presto model or the Gecko/WebKit model, I support the
> former, because we've historically had problems implementing the latter
> securely. Do you feel that it would be difficult to implement the former
> securely in WebKit?

That depends on the questions I asked earlier.

> Also, FWIW, from the perspective of an average web-developer, IMO it makes
> much more semantic sense to have one Location per WindowProxy if the
> Location object describes the WindowProxy. But I doubt many people touch
> this stuff in practice.

I don't think the average web developer will hit this case because it
depends on interacting with the Location object in an inactive

>> We don't want to move objects between scopes.  That causes many
>> security complications that we don't want to deal with.
> Are you able to just update references, like you do with WindowProxy?

That's the magic I don't want to proliferate.

> That's
> essentially what we're doing. We actually create a new object in the new
> scope and update all the old references to point to it.
>> Can you answer the questions in my previous email?
> Which ones? AFAICT Boris answered all of them except for the testcase thing
> (which I answered). Did I miss some?

Maybe I didn't receive your email.  I gave some example code and asked
which values were printed:

Consider the following case:

== Document A ==
Object.prototype.foo = "A1";
window.location.bar = "A2";

function f() {
  var loc = window.location;
  print(loc.foo); // print is a magic function that lets me see this value

== Document B ==
Object.prototype.foo = "B1";
window.location.bar = "B2";

1) Document A is displayed in browsing context X.
2) Browsing context X is navigated and now displays document B.
3) Function f is called.

What values are printed?


More information about the whatwg mailing list