[webkit-dev] [V8] It's time for V8Proxy to come to Jesus

Adam Barth abarth at webkit.org
Sun Jul 5 05:19:14 PDT 2009


On Sat, Jul 4, 2009 at 9:13 PM, Maciej Stachowiak<mjs at apple.com> wrote:
> If you have specific ideas about changes to the JS bindings we can go over
> them soon. The general idea of factoring out a separate class to handle
> security policy seems good. "Manager" is one of the things in class names I
> tend to be allergic to. Instead of "SecurityManager" I would consider names
> like "SameOriginPolicy" or "SameOriginAuditor" or something like that
> (assuming the main security-related thing it does is enforce the same-origin
> policy).

The same-origin policy itself mostly handled by the SecurityOrigin
class in WebCore proper.  The main purpose I plan for this new class
is to understand the mapping between the current state of the
JavaScript engine (the ExecState in JSC terms) and a security context
(be it a Frame, a Document, or a SecurityOrigin) and how to get useful
information from these objects (e.g., how to call
SecurityOrigin::canAccess, log the warning message, etc).  Maybe
JSSecurityContext would be a better name?

> In general I can do lunch meetings in SF with some advance notice, but this
> coming week is probably out, at least for me, due to various prior
> commitments. (I think we have a tentative plan to have lunch with some
> Chrome folks at Apple's Cupertino campus though.)

Ok.  I might pester you via email or IRC then.  :)

Adam


More information about the webkit-dev mailing list