[whatwg] Window and WindowProxy
Boris Zbarsky
bzbarsky at MIT.EDU
Thu Aug 8 12:20:53 PDT 2013
On 8/8/13 2:50 PM, Ian Hickson wrote:
> I'd go further -- I wouldn't expose WindowProxy to other languages at all
Yes, I thought that was more or less what I said.
You still need an object to represent navigation contexts, of course.
> My point is that either way, if we do this, that means all the security
> checks have to be on Window, not WindowProxy.
I think that depends on the language and how it represents objects,
whether untrusted code in that language is even a concept, etc.
For example, the C++ bindings for Window in browsers presumably do not
perform security checks of any sort...
The security checks in the spec right now are very much
JS-as-it's-practiced-on-the-web specific. A different language,
possibly with a different security model, would want different checks.
-Boris
More information about the whatwg
mailing list