[whatwg] Location object identity and navigation behavior
Boris Zbarsky
bzbarsky at MIT.EDU
Tue Nov 20 10:50:59 PST 2012
On 11/20/12 12:46 PM, Ian Hickson wrote:
> Given the way JavaScript works, I just don't see a sane way to make a
> non-symmetric model work.
How does "JavaScript work" in your mind? We have a good amount of
experience making a non-symmetric model work in Gecko, for what it's worth.
> Any time you pass a string from one to the other, you're also passing a way for the
> callee to call back into the caller, for example (via the string's
> methods).
Spidermonkey effectively copies strings when passing across globals; the
callee never gets the caller's actual string. The methods the callee
sees on strings are its own methods, not the callers.
> Passing any sort of structured objects similarly means passing
> mehods.
In the case of Gecko, what the caller gets in this case is a proxy for
the actual object which enforces security invariants like "only
properties on a whitelist are exposed" for cases when the security check
is asymmetric. This is handled completely on the underlying JS
implementation level; individual callers don't have to do anything
special to be safe this way.
> We have mechanisms for safe passing of data from one context to another,
> such as postMessage(). Doing it by having one-way glass in JS just seems
> like asking for trouble.
postMessage doesn't work unless both sides are cooperating...
> Yeah, like running getters with the ability to abort them if they don't
> return promptly.
Perhaps, yes. ;) I agree that debuggers have all sorts of weird going
on, obviously!
> But your underlying point, that we can't rely on the entry script and the
> real origin, is sound. In particular, anything that's to be affected by
> document.domain has to use the calling script, not the entry script, and
> has to use the effective origin, not the real origin. It would be useful
> if someone (other than me) were to review the spec's uses of the term
> "entry script" and "origin" and verify that the checks all make sense.
I'll see what I can do about finding someone for this. Might be a few
weeks given holidays and whatnot, obviously.
I'll let Bobby handle the Location parts of this. ;)
-Boris
More information about the whatwg
mailing list