Realm, schmealm!

Brendan Eich brendan at mozilla.com
Thu Aug 1 13:27:48 PDT 2013


Boris Zbarsky wrote:
> On 8/1/13 1:50 PM, Brendan Eich wrote:
>> How so? Can you give an example where Gecko doesn't do what the spec 
>> says?
>
> Gecko revokes access to properties of all objects when you change 
> document.domain, but per spec only access to properties of Window and 
> Document should be revoked.
>

Ok, but Hixie was contrasting with a process-isolated implementation. It 
seems that would have to revoke everything too, or do remote proxies, or 
something.

I agree the spec is too much about "intersection semantics" or "the 
least that can be required based on browsers" (in 2008? Has nothing 
evolved?). We should talk about what to spec that's agreeable to the 
majors and better for security.

/be


More information about the es-discuss mailing list