[whatwg] Location object identity and navigation behavior

Boris Zbarsky bzbarsky at MIT.EDU
Mon Nov 19 18:46:25 PST 2012

On 11/19/12 8:38 PM, Ian Hickson wrote:
> For now I've tightened up the spec so it should be implementable, secure,
> and Web-compatible

I don't believe it's secure as currently written, actually.  Filed 

> I'm also curious as to why figuring out the "entry script"'s
> characteristics needs to use the stack introspection rather than just
> having an event-loop global "first script" variable

You can maintain a stack of entry scripts.  You can't use a global, 
because you need to push and pop entry scripts as various things happen 
(e.g. invoking event listeners sets the entry script to the event 
listener function's script for the duration of the event listener 

There is no such stack of entry scripts in Gecko yet, but we're working 
on changing that.

The thing that _really_ requires stack introspection is when you need to 
look at the caller script instead of the entry script.  Which is what 
you need to do when performing Location security checks (or indeed, any 
security checks).


More information about the whatwg mailing list