The global object in browsers

David-Sarah Hopwood david.hopwood at industrial-designers.co.uk
Sat Feb 21 01:49:05 PST 2009


Ian Hickson wrote:
> Right now ES3 assumes that there is a single global object, which is used 
> at the top of the scope chain and that is returned for "this" in the 
> global scope.
> 
> It is possible to show that this is now what some browsers do:
> 
>    var x = 1;
>    function f() { return x; }
>    var global = this;
>    function g() { return global.x; }
> 
>    // some other page's script takes references to f and g
>    // browser navigates to a new page
> 
>    var x = 2;
> 
> Now, if the other page's script calls f() and g(), it will get different 
> results [...]

Suppose that a browser allocates all JavaScript objects associated with
some unit of content [*], in an arena. When the browser navigates away from
that unit of content, the arena is deallocated; to preserve memory safety,
all references into it from objects that are still live will throw an
exception.

This behaviour has clear advantages for robustness against denial of service
from JavaScript code, both deliberate and inadvertent -- which is a definite
weak spot of current browsers, and a very common cause of complaint from
knowledgeable users. Is there any reason why it should be considered
nonconformant?

[*] Possibly a frame, or consecutive sequence of navigated frames with
    the same origin. What is the minimum granularity for a "unit of content"
    for this would be compatible with the current web?

-- 
David-Sarah Hopwood ⚥





More information about the Es-discuss mailing list