On Mon, Jan 7, 2013 at 11:17 PM, Bobby Holley bobbyhol...@gmail.com wrote:
On Mon, Jan 7, 2013 at 8:05 PM, Ian Hickson i...@hixie.ch wrote:
On Mon, 7 Jan 2013, Bobby Holley wrote:
Aside from concerns about stack introspection, the main downside of this
approach is that it's a blacklist,
On Tue, 20 Nov 2012, Bobby Holley wrote:
On Tue, Nov 20, 2012 at 9:46 AM, Ian Hickson i...@hixie.ch wrote:
In thinking about this further last night, it struck me that while the
proposed proxy mechanism was IMHO overly complex, there might be a
simpler mechanism that still gets all the
On Mon, Jan 7, 2013 at 12:26 PM, Ian Hickson i...@hixie.ch wrote:
My understanding is that WebKit, old Gecko, and new IE do what the spec
says currently, and old IE, Opera, and new Gecko do the proxying model.
Given the concerns in this thread, I never landed such a change to Gecko.
New Gecko
On Mon, 7 Jan 2013, Bobby Holley wrote:
Aside from concerns about stack introspection, the main downside of this
approach is that it's a blacklist, rather than a whitelist (like our
other security code), so we'll have to be extra careful when
implementing anything new on Location. Please
On Mon, Jan 7, 2013 at 8:05 PM, Ian Hickson i...@hixie.ch wrote:
On Mon, 7 Jan 2013, Bobby Holley wrote:
Aside from concerns about stack introspection, the main downside of this
approach is that it's a blacklist, rather than a whitelist (like our
other security code), so we'll have to be
On 11/20/12 1:23 AM, Ian Hickson wrote:
Could you elaborate in the bug? I've no idea what you think is wrong.
Done, but what's wrong is that the security checks described in the spec
check the origin of the wrong document.
You can maintain a stack of entry scripts. You can't use a global,
On Tue, 20 Nov 2012, Boris Zbarsky wrote:
All you need for script A to be able to call script B as the spec us
currently written is that sometime in the past the effective script
origin of A matched the effective script origin of some script C and
that at some point in the past (possibly
On 11/20/12 2:38 AM, Ian Hickson wrote:
IMHO there's no point us trying to keep things locked down when you set
document.domain.
I believe sites actually rely on a certain amount of lockdown in
situations like this... Adam can fill you in, I'm sure.
But in general, as people work more and
On Tue, Nov 20, 2012 at 9:46 AM, Ian Hickson i...@hixie.ch wrote:
Given the way JavaScript works, I just don't see a sane way to make a
non-symmetric model work. JS just allows too much introspection. Any time
you pass a string from one to the other, you're also passing a way for the
callee
On 11/20/12 12:46 PM, Ian Hickson wrote:
Given the way JavaScript works, I just don't see a sane way to make a
non-symmetric model work.
How does JavaScript work in your mind? We have a good amount of
experience making a non-symmetric model work in Gecko, for what it's worth.
Any time you
On Thu, 8 Nov 2012, Bobby Holley wrote:
The current spec for the Location object doesn't match reality. At the
moment, the spec says that Location is a per-Window object that
describes the associated Document. However, in our testing, it appears
that none of the user-agents (Gecko, WebKit,
On 11/19/12 8:38 PM, Ian Hickson wrote:
For now I've tightened up the spec so it should be implementable, secure,
and Web-compatible
I don't believe it's secure as currently written, actually. Filed
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20012
I'm also curious as to why figuring
On Mon, 19 Nov 2012, Boris Zbarsky wrote:
On 11/19/12 8:38 PM, Ian Hickson wrote:
For now I've tightened up the spec so it should be implementable,
secure, and Web-compatible
I don't believe it's secure as currently written, actually. Filed
On 11/08/2012 07:19 PM, Bobby Holley wrote:
The current spec for the Location object doesn't match reality. At the
moment, the spec says that Location is a per-Window object that describes
the associated Document. However, in our testing, it appears that none of
the user-agents (Gecko, WebKit,
On Thu, Nov 8, 2012 at 10:21 PM, Boris Zbarsky bzbar...@mit.edu wrote:
On 11/8/12 6:09 PM, Adam Barth wrote:
I don't think I quite understand what you mean, but the way this works
in WebKit is that each Window object has its own Location object.
That's not how it works in Presto and Trident,
On Fri, Nov 9, 2012 at 9:30 AM, Adam Barth w...@adambarth.com wrote:
On Thu, Nov 8, 2012 at 10:21 PM, Boris Zbarsky bzbar...@mit.edu wrote:
You presumably have a solution for this situation for the WindowProxy
case,
right? Certainly Gecko does, and we would be using the same solution for
On Fri, Nov 9, 2012 at 12:06 PM, Bobby Holley bobbyhol...@gmail.com wrote:
On Fri, Nov 9, 2012 at 11:33 AM, Adam Barth w...@adambarth.com wrote:
That was my opinion for a while, too, but I eventually decided it was
necessary in Gecko.
Can you explain why you think it is necessary? In
On Fri, Nov 9, 2012 at 9:43 AM, Bobby Holley bobbyhol...@gmail.com wrote:
On Fri, Nov 9, 2012 at 9:30 AM, Adam Barth w...@adambarth.com wrote:
On Thu, Nov 8, 2012 at 10:21 PM, Boris Zbarsky bzbar...@mit.edu wrote:
You presumably have a solution for this situation for the WindowProxy
case,
On Fri, Nov 9, 2012 at 11:33 AM, Adam Barth w...@adambarth.com wrote:
That was my opinion for a while, too, but I eventually decided it was
necessary in Gecko.
Can you explain why you think it is necessary? In WebKit, the
WindowProxy is the only object that has this magic.
As noted, the
On Fri, Nov 9, 2012 at 12:17 PM, Adam Barth w...@adambarth.com wrote:
I don't think the average web developer will hit this case because it
depends on interacting with the Location object in an inactive
document.
Agreed.
Maybe I didn't receive your email.
Here's a link to it in the
On Fri, Nov 9, 2012 at 12:26 PM, Bobby Holley bobbyhol...@gmail.com wrote:
On Fri, Nov 9, 2012 at 12:17 PM, Adam Barth w...@adambarth.com wrote:
I don't think the average web developer will hit this case because it
depends on interacting with the Location object in an inactive
document.
On 11/9/12 2:05 PM, Adam Barth wrote:
The approach we use in WebKit is quite simple---we just perform an
access check before doing any sensitive operations.
The issue in Gecko, as I understand, is that security checks from C++
code require introspecting running JS to figure out what the
The current spec for the Location object doesn't match reality. At the
moment, the spec says that Location is a per-Window object that describes
the associated Document. However, in our testing, it appears that none of
the user-agents (Gecko, WebKit, Trident, Presto) do this [1]. Instead, all
On Thu, Nov 8, 2012 at 10:19 AM, Bobby Holley bobbyhol...@gmail.com wrote:
The current spec for the Location object doesn't match reality. At the
moment, the spec says that Location is a per-Window object that describes
the associated Document. However, in our testing, it appears that none of
On 11/8/12 6:09 PM, Adam Barth wrote:
I don't think I quite understand what you mean, but the way this works
in WebKit is that each Window object has its own Location object.
That's not how it works in Presto and Trident, as far as we can tell
based on testing with ==. In those, each
25 matches
Mail list logo