ggaren at apple.com
Mon Jul 13 14:28:17 PDT 2009
>> I discussed this a bit with Darin and Geoff, and we came to the
>> conclusion that the correct fix is to have each JS DOMObject store
>> a JSGlobalObject pointer and augment the toJS methods to pass a
>> global object instead of an ExecState (close to you #1).
> You probably mean "in addition to" rather than "instead of".
We talked about "instead of".
We think the JSGlobalObject will render the ExecState irrelevant,
since the ExecState was only used to access the heap, which
JSGlobalObject can do, and to select a prototype, which this fix will
> (As a side note, I'm not sure this is really a security issue, since
> we're primarily talking about same-origin access here. For the few
> cases where cross-origin access is allowed, we would *not* want to
> expose the home window's prototype chain. So for Window.postMessage
> for instance, cross-origin access need to give you a distinct
Yeah, probably not a security issue.
More information about the webkit-dev