bzbarsky at mozilla.com
Thu Aug 1 07:36:44 PDT 2013
On 7/31/13 7:29 PM, Brendan Eich wrote:
> The answer in pre-membrane Firefox was badly: a reference monitor would
> walk the DOM "parent" link (not parentNode) and try to find the right
> global object, from whose document to get an effective script origin
Indeed. We ended up with some optimizations for getting to the
effective script origin faster (e.g. detecting that the JS object is a
DOM object and having DOM objects always have a pointer to something
that had an origin hanging directly off it), but the upshot was quickly
getting to something that was per-global and hence could usefully
provide the global's origin.
> The problem there was performance.
Indeed, at least for same-global object access.
Of course a problem for membranes is performance for access across the
Back to Mark's original question, in a membrane-less browser your best
bet is to have a very fast security check on every property access or
something. And even a very fast security check is not all that fast
unless you pay a good bit in RAM (e.g. have each JS object hold a
pointer directly to an origin and do a pointer-compare to fast-path
More information about the es-discuss