On Jul 13, 2009, at 2:18 PM, Sam Weinig wrote:


I discussed this a bit with Darin and Geoff, and we came to the conclusion that the correct fix is to have each JS DOMObject store a JSGlobalObject pointer and augment the toJS methods to pass a global object instead of an ExecState (close to you #1).

You probably mean "in addition to" rather than "instead of".

 - Maciej

(As a side note, I'm not sure this is really a security issue, since we're primarily talking about same-origin access here. For the few cases where cross-origin access is allowed, we would *not* want to expose the home window's prototype chain. So for Window.postMessage for instance, cross-origin access need to give you a distinct wrapper.)

_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev

Reply via email to