[whatwg] Location object identity and navigation behavior
Bobby Holley
bobbyholley at gmail.com
Mon Nov 12 14:03:25 PST 2012
Per various IRC discussions, it sounds like Gecko is going to align with
Trident and Presto here, and that WebKit probably isn't going to align
unless there's a compat issue or unless the implementation becomes simpler
for them somehow.
On Fri, Nov 9, 2012 at 6:39 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 11/9/12 2:05 PM, Adam Barth wrote:
>
>> The approach we use in WebKit is quite simple---we just perform an
>> access check before doing any sensitive operations.
>>
>
> The issue in Gecko, as I understand, is that security checks from C++ code
> require introspecting running JS to figure out what the right actor
> ("subject") origin for the security check is. This is somewhat fragile
> because it's easy to accidentally interpose other things that look like
> running JS between the caller and callee in many cases. Note that this
> problem would be even worse for a self-hosted (implemented in JS)
> implementation of something like Location...
>
> The upshot is that instead we aim to do security checks at points where
> control crosses from one origin to another, and use proxies to enforce the
> security invariants involved.
>
> Bobby knows more about this than I do, so I'll let him correct any
> inaccuracies.
>
>
> This access check is required in any case because the underlying Location
>> object is
>> visible across origins.
>>
>
> In Gecko, it's actually not. A proxy is visible.
>
> One thing I'd like is some comment from Opera and Microsoft about what
> their situation is, since implementing what WebKit does would mean both of
> those changing. This is probably the wrong venue to get hold of Microsoft
> for an official statement, sadly. :(
>
> -Boris
>
More information about the whatwg
mailing list