[whatwg] Window and WindowProxy

Boris Zbarsky bzbarsky at MIT.EDU
Thu Aug 8 12:20:53 PDT 2013

On 8/8/13 2:50 PM, Ian Hickson wrote:
> I'd go further -- I wouldn't expose WindowProxy to other languages at all

Yes, I thought that was more or less what I said.

You still need an object to represent navigation contexts, of course.

> My point is that either way, if we do this, that means all the security
> checks have to be on Window, not WindowProxy.

I think that depends on the language and how it represents objects, 
whether untrusted code in that language is even a concept, etc.

For example, the C++ bindings for Window in browsers presumably do not 
perform security checks of any sort...

The security checks in the spec right now are very much 
JS-as-it's-practiced-on-the-web specific.  A different language, 
possibly with a different security model, would want different checks.


More information about the whatwg mailing list