[webkit-dev] ExecState::thisObject()
Adam Barth
abarth at webkit.org
Mon Jul 13 15:18:38 PDT 2009
On Mon, Jul 13, 2009 at 2:26 PM, Maciej Stachowiak<mjs at apple.com> wrote:
> For the few cases where
> cross-origin access is allowed, we would *not* want to expose the home
> window's prototype chain. So for Window.postMessage for instance,
> cross-origin access need to give you a distinct wrapper.
That's correct. In fact, Firefox had this exact bug as recently as a year ago.
Adam
More information about the webkit-dev
mailing list