On 16/12/12 9:34 PM, David Bruant wrote:
WebIDL needs to embed in some way the notion of origin to enable
throwing for security reasons in the right places.
One idea would be to add an [OriginAware] extended attribute:
* On operations (like in Boris case), an origin check would be performed
before calling the core of the operation
Why would this need to be on specific operations and not just be
enforced on every operation? Is it that we want to avoid the overhead
of origin checking if we know that calling the operation does not leak
information? Or it it that only a limited set of objects is exposed
cross origin anyway, so we only need to check those?
* On attributes, both the getter and setter would throw if "this" is not
of the right origin.
* On interfaces, it would apply to everything (might be necessary for
Window and Document)
For the actual wording of the check, we could either have a "security
check" that is performed at the right time in #es-operations etc. and
which HTML defines to do the origin checking, or we can make Web IDL
aware of origins itself, and then HTML would define what origin
different objects come from.
