Mark S. Miller wrote:
It feels a dramatic divergence from the origin-based security model, Indeed! Origin-based security has been a nightmare.
Any access control system with hand-coded access monitoring in a big C++ codebase will be.
In SpiderMonkey + Gecko in Firefox, and probably in other browsers, we actually use OCap under the hood and have for years. In HTML5, the WindowProxy/Window distinction was finally specified, as an ad-hoc instance of OCap membranes.
Any time we deviate from OCap, we regret it for both security bug and access-checking overhead reasons.
/be _______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss