On 2015/07/13 18:12:49, adamk wrote:
On 2015/07/11 at 17:09:02, caitpotter88 wrote:
> On 2015/07/10 17:24:39, adamk wrote:
> > Just to link discussions together further, the spec-world discussion
about
this
> > is taking place at:
> >
> >
https://lists.w3.org/Archives/Public/public-script-coord/2015JulSep/0022.html
>
> Per the discussion in the etherpad, the best thing to do is probably
just to
install [Unforgeable] + readonly @@toStringTag/@@isConcatSpreadable/etc
attributes on cross-origin objects, and ignore the security check.
>
> Preferred? Not preferred?
My reading of the etherpad doesn't match this interpretation. In the
current
Blink implementation, an [Unforgeable] attribute will have the same value
to
all
observers (not just cross-origin accesses). The draft "spec" in the
etherpad
suggests that each access to a frame from another origin generates a new
Window
object.
[Unforgeable] attributes are non-configurable (which is good, they can't be
reconfigured as untrusted accessors) --- the downside is that they live on
the
instance rather than prototype, but for Window this probably doesn't matter
much. This alone should be enough to ensure that the value is trustworthy
(after
all, per the etherpad, properties have/return primitive values are able to
be
whitelisted for cross-origin access).
Making them readonly on top of that hurts the customization a little bit,
but
maybe goes a step further in making sure they're always safe?
That's what I'm getting at, anyway
https://codereview.chromium.org/1230793002/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
