Realm, schmealm!

ian at hixie.ch ian at hixie.ch
Thu Aug 1 14:21:55 PDT 2013


(apologies for the people on the to: and cc: lines getting dupes, I wanted 
to resend this to make sure it was in the archives and seen by the others 
on the list)

On Thu, 1 Aug 2013, Brendan Eich wrote:
> > 
> > That actually gets you closer to what the spec says (closer to the 
> > legacy model) than the Gecko approach,
> 
> How so? Can you give an example where Gecko doesn't do what the spec 
> says?

The difference between the model I described and the Gecko model is that 
the isolation is amongst groups of similar-origin browsing contexts, so 
document.domain doesn't cause a problem. That is, two sibling iframes at 
http://victim.example.com:80 and http://hostile.example.com:81 would be in 
the same process, not isolated from each other. It's essentially the model 
described in the spec, implemented with Gecko-style defense-in-depth.


> How about the non-enumerable thing? That doesn't really protect anything 
> in ES5 era, and as Allen says it doesn't protect against guessed-name 
> probing.

I'm not sure what this refers to. Can you elaborate?

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'


More information about the es-discuss mailing list