On Jul 13, 2009, at 2:18 PM, Sam Weinig wrote:
I discussed this a bit with Darin and Geoff, and we came to the
conclusion that the correct fix is to have each JS DOMObject store a
JSGlobalObject pointer and augment the toJS methods to pass a global
object instead of an ExecState (close to you #1).
You probably mean "in addition to" rather than "instead of".
- Maciej
(As a side note, I'm not sure this is really a security issue, since
we're primarily talking about same-origin access here. For the few
cases where cross-origin access is allowed, we would *not* want to
expose the home window's prototype chain. So for Window.postMessage
for instance, cross-origin access need to give you a distinct wrapper.)
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev