[whatwg] Location object identity and navigation behavior
Boris Zbarsky
bzbarsky at MIT.EDU
Mon Nov 19 18:46:25 PST 2012
On 11/19/12 8:38 PM, Ian Hickson wrote:
> For now I've tightened up the spec so it should be implementable, secure,
> and Web-compatible
I don't believe it's secure as currently written, actually. Filed
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20012
> I'm also curious as to why figuring out the "entry script"'s
> characteristics needs to use the stack introspection rather than just
> having an event-loop global "first script" variable
You can maintain a stack of entry scripts. You can't use a global,
because you need to push and pop entry scripts as various things happen
(e.g. invoking event listeners sets the entry script to the event
listener function's script for the duration of the event listener
invocation).
There is no such stack of entry scripts in Gecko yet, but we're working
on changing that.
The thing that _really_ requires stack introspection is when you need to
look at the caller script instead of the entry script. Which is what
you need to do when performing Location security checks (or indeed, any
security checks).
-Boris
More information about the whatwg
mailing list