Ian Hickson wrote:
I haven't mentioned the 'this' behavior, so right now |this !=== window|, which breaks the invariant that there is no way to actually get hold of a reference to the Window object itself (as opposed to the outer WindowProxy object that forwards to the inner Window object). This requirement would be a violation of ECMAScript 3.1, so if we could get that changed in ES3.1, that would be great. Failing that, it should probably be in the WebIDL JavaScript binding section.
As I recall, in Gecko the keyword |this| evaluates to the outer window. I'm not sure what happens to the implicit |this| that's computed when defining a global function, say.
The reason for this setup was precisely to prevent script from getting a handle to the inner Window. Since we do security checks for cross-site scripting in the outer Window, any ability to pass inner Windows cross-site would be an automatic security hole.
The setup as it exists right now allows scripts that run within a single window and never explicitly touch Window objects to not have to perform security checks on every property access.
You might want to double-check with Blake Kaplan, Brendan Eich, or Johnny Stenback on the above, as well as on how this fits in with ECMAScript 3.1. I seem to recall something about that going by in the bugs when this was being worked on, but Brendan is more likely to recall the details than I am to be able to find them...
-Boris
