On Jul 13, 2009, at 5:34 PM, Adam Barth wrote:
On Mon, Jul 13, 2009 at 4:59 PM, Maciej Stachowiak<m...@apple.com>
wrote:
If security is one motivation for this work, then I'd like us to
understand
the pattern we want to use for cross-origin-accessible objects.
Should they
use the "home global object" prototype but protect it from mutation
or
access to extended properties, should they use the prototype of the
referencing frame (lexical global object) or something else?
I can study this question, but I believe Firefox solves this problem
by having cross-origin viewers of these properties see a "fresh" copy
of the object that isn't === the object as seen by same-origin
viewers. The fresh copy ignores any changes the page might has made
to the object and has a prototype chain connects to the viewer's
prototypes. If two different cross-origin viewers look at the same
object, they each see fresh copies.
That pattern sounds workable.
Regards,
Maciej
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
