[webkit-dev] ExecState::thisObject()

Adam Barth abarth at webkit.org
Mon Jul 13 15:18:38 PDT 2009


On Mon, Jul 13, 2009 at 2:26 PM, Maciej Stachowiak<mjs at apple.com> wrote:
> For the few cases where
> cross-origin access is allowed, we would *not* want to expose the home
> window's prototype chain. So for Window.postMessage for instance,
> cross-origin access need to give you a distinct wrapper.

That's correct.  In fact, Firefox had this exact bug as recently as a year ago.

Adam


More information about the webkit-dev mailing list