bzbarsky at mozilla.com
Tue Jan 8 21:57:50 PST 2013
On 1/9/13 12:54 AM, Brendan Eich wrote:
> Boris and I talked more 1:1 -- it is not clear when a direct proxy can
> be safely "cast" to its target. The internal proxies Gecko uses are
> known implementations where this is safe (with a security check).
And the reason it's safe is that when you then get the object back out
again via WebIDL APIs we'll make sure to wrap it in the appropriate
security membrane on the way out as needed. That's obviously not
something we can easily do for scripted proxies.
And specifically, it's not clear what the behavior should be when there
are two different scripted proxies for the same WebIDL object. Say it's
a DOM node. One of the proxies gets passed to appendChild. When later
getting that node out of the DOM with .firstChild, what should be handed
back? The proxy that was passed in, the JS object that proxy was
wrapping, something else (e.g. an exception is thrown)?
More information about the es-discuss