Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Define security around Window, WindowProxy, and Location properly
This is a relative large change to the way Window, WindowProxy, and Location objects work, at least from a standards perspective. This should more closely match implementations and define all their relevant security details. A rough summary of the changes: * Window indexed getters have moved to WindowProxy. * WindowProxy is now a JavaScript exotic object and it handles all the security aspects for Window so Window can become an ordinary object. * Cross-origin named properties for Window are now exposed (though on WindowProxy). * Location is now an exotic object with all its internal methods overridden to handle the cross-origin security aspects. * Location no longer uses Unforgeable on the interface, allowing that to be removed from IDL. (It moved to all of its properties instead and the remaining details are defined through prose.) This should also address these bugs: * https://www.w3.org/Bugs/Public/show_bug.cgi?id=20701 * https://www.w3.org/Bugs/Public/show_bug.cgi?id=21674 * https://www.w3.org/Bugs/Public/show_bug.cgi?id=22346 * https://www.w3.org/Bugs/Public/show_bug.cgi?id=27128 * https://www.w3.org/Bugs/Public/show_bug.cgi?id=27502
- Loading branch information