direct_proxies "problem"

Boris Zbarsky bzbarsky at
Tue Jan 8 21:57:50 PST 2013

On 1/9/13 12:54 AM, Brendan Eich wrote:
> Boris and I talked more 1:1 -- it is not clear when a direct proxy can
> be safely "cast" to its target. The internal proxies Gecko uses are
> known implementations where this is safe (with a security check).

And the reason it's safe is that when you then get the object back out 
again via WebIDL APIs we'll make sure to wrap it in the appropriate 
security membrane on the way out as needed.  That's obviously not 
something we can easily do for scripted proxies.

And specifically, it's not clear what the behavior should be when there 
are two different scripted proxies for the same WebIDL object.  Say it's 
a DOM node.  One of the proxies gets passed to appendChild.  When later 
getting that node out of the DOM with .firstChild, what should be handed 
back?  The proxy that was passed in, the JS object that proxy was 
wrapping, something else (e.g. an exception is thrown)?


More information about the es-discuss mailing list