mjs at apple.com
Mon Jul 13 14:26:16 PDT 2009
On Jul 13, 2009, at 2:18 PM, Sam Weinig wrote:
> I discussed this a bit with Darin and Geoff, and we came to the
> conclusion that the correct fix is to have each JS DOMObject store a
> JSGlobalObject pointer and augment the toJS methods to pass a global
> object instead of an ExecState (close to you #1).
You probably mean "in addition to" rather than "instead of".
(As a side note, I'm not sure this is really a security issue, since
we're primarily talking about same-origin access here. For the few
cases where cross-origin access is allowed, we would *not* want to
expose the home window's prototype chain. So for Window.postMessage
for instance, cross-origin access need to give you a distinct wrapper.)
More information about the webkit-dev