Realm, schmealm!

Boris Zbarsky bzbarsky at mozilla.com
Thu Aug 1 07:36:44 PDT 2013


On 7/31/13 7:29 PM, Brendan Eich wrote:
> The answer in pre-membrane Firefox was badly: a reference monitor would
> walk the DOM "parent" link (not parentNode) and try to find the right
> global object, from whose document to get an effective script origin
> (essentially).

Indeed.  We ended up with some optimizations for getting to the 
effective script origin faster (e.g. detecting that the JS object is a 
DOM object and having DOM objects always have a pointer to something 
that had an origin hanging directly off it), but the upshot was quickly 
getting to something that was per-global and hence could usefully 
provide the global's origin.

> The problem there was performance.

Indeed, at least for same-global object access.

Of course a problem for membranes is performance for access across the 
membrane.  :(

Back to Mark's original question, in a membrane-less browser your best 
bet is to have a very fast security check on every property access or 
something.  And even a very fast security check is not all that fast 
unless you pay a good bit in RAM (e.g. have each JS object hold a 
pointer directly to an origin and do a pointer-compare to fast-path 
same-global access).

-Boris


More information about the es-discuss mailing list