On 7/31/13 7:29 PM, Brendan Eich wrote:
The answer in pre-membrane Firefox was badly: a reference monitor would
walk the DOM "parent" link (not parentNode) and try to find the right
global object, from whose document to get an effective script origin
(essentially).
Indeed. We ended up with some optimizations for getting to the
effective script origin faster (e.g. detecting that the JS object is a
DOM object and having DOM objects always have a pointer to something
that had an origin hanging directly off it), but the upshot was quickly
getting to something that was per-global and hence could usefully
provide the global's origin.
The problem there was performance.
Indeed, at least for same-global object access.
Of course a problem for membranes is performance for access across the
membrane. :(
Back to Mark's original question, in a membrane-less browser your best
bet is to have a very fast security check on every property access or
something. And even a very fast security check is not all that fast
unless you pay a good bit in RAM (e.g. have each JS object hold a
pointer directly to an origin and do a pointer-compare to fast-path
same-global access).
-Boris
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
