Quick questions & comments.
* load/parse: when does parse return --- when the document is parsed,
when it is finished loading, or when the document is closed? If the
first, it is not clear to me why the stack is popped, or why the stack
is not needed for operations while the document is open.
* canAccess/mapMeet(stack): I don't understand what windows are on the
stack. If load pops the window when done loading, there normally
wouldn't be more than one window on stack. If load doesn't pop window
until document is closed, then stack would grow when either a link
accessed or a subsidiary dialog/window is opened. But in that case it
is not clear why access should be restricted by all the prior windows on
the stack. Even in the case where an application opens a dialog, the
dialog may have additional trust that the parent window does not have
(e.g., after entering password), so it seems like it should not
necessarily be restricted by parent.
Maybe rather than windows there is some notion of a library or component
that would be on stack. Maybe a javascript file would be such a
library. Then the stack would be extended with the principle of the
library whenever a call was made, and popped when that call returns.
That way the permission of a library does not normally exceed the
permission of its callers, though there needs to be a way to override
this within libraries that access particular resources. (This is more
like the current Java security architecture [1].)
* minor: it's a little confusing that ',' is used for both parameter
tuple separation and sequence separation, but ';' is used for the latter
in javascript. [At first I thought sequences were multiple value
tuples. Then I thought comma works like Javascript, but javascript
handling of comma is a little obscure to someone who hasn't used it:
var x = 2; x = ++x, 5*x; x
---> returns first value 3, not 15, though
var x = 2; x = (++x, 5*x); x
--> returns last value, 15.] So value of load(w,s) would be value of
first expression, stack.push(w), not last expression, stack.pop().
Maybe parentheses are in order around definition of load, even though in
this particular case they should return the same value, w, in either
case (if push and pop are like in javascript arrays).
* minor: need to specify what matches scheme and hostname, maybe with a
regex [some urls have embedded urls, so scheme should not be (.*)]
* minor: in grammar, missing quotes on '<', '>', '</', and '/>'
[1]
http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-spec.doc4.html#24646
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
