On Mon, Jul 13, 2009 at 4:59 PM, Maciej Stachowiak<m...@apple.com> wrote: > If security is one motivation for this work, then I'd like us to understand > the pattern we want to use for cross-origin-accessible objects. Should they > use the "home global object" prototype but protect it from mutation or > access to extended properties, should they use the prototype of the > referencing frame (lexical global object) or something else?
I can study this question, but I believe Firefox solves this problem by having cross-origin viewers of these properties see a "fresh" copy of the object that isn't === the object as seen by same-origin viewers. The fresh copy ignores any changes the page might has made to the object and has a prototype chain connects to the viewer's prototypes. If two different cross-origin viewers look at the same object, they each see fresh copies. > Doing the change incrementally seems wise, if it is feasible to do so. Maybe > even a patch demonstrating how it would work for a single class could be a > good way to evaluate the change. Perhaps separate trailblazing examples > could be given for both an ordinary class and one that is cross-origin > accessible. Sounds like a plan. Thanks for all your input on this topic. Adam _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
