[webkit-dev] ExecState::thisObject()

Adam Barth abarth at webkit.org
Mon Jul 13 15:15:50 PDT 2009


On Mon, Jul 13, 2009 at 1:33 PM, Geoffrey Garen<ggaren at apple.com> wrote:
>>> Is it definitely right for document.body to make a wrapper using
>>> prototypes
>>> from the document's host window, rather than from the accessing
>>> function's
>>> window? What do other browsers do?
>>
>> That's correct.  Other browser's get this case right.
>
> Is there a particular security or other benefit here, or do we just want to
> make this change to match other browsers?

Our current behavior is buggy, unpredictable, and out of spec.  This
has led to security bugs in the past and will lead to security bugs in
the future.  Is there a particular reason to keep our current
behavior?

Adam


More information about the webkit-dev mailing list