<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<!DOCTYPE bugzilla SYSTEM "https://www.w3.org/Bugs/Public/page.cgi?id=bugzilla.dtd">

<bugzilla version="5.0.4"
          urlbase="https://www.w3.org/Bugs/Public/"
          
          maintainer="sysbot+bugzilla@w3.org"
>

    <bug>
          <bug_id>29386</bug_id>
          
          <creation_ts>2016-01-20 14:56:42 +0000</creation_ts>
          <short_desc>Account for WindowProxy (window proxy)</short_desc>
          <delta_ts>2019-02-25 16:13:31 +0000</delta_ts>
          <reporter_accessible>1</reporter_accessible>
          <cclist_accessible>1</cclist_accessible>
          <classification_id>1</classification_id>
          <classification>Unclassified</classification>
          <product>WebAppsWG</product>
          <component>WebIDL</component>
          <version>unspecified</version>
          <rep_platform>PC</rep_platform>
          <op_sys>All</op_sys>
          <bug_status>RESOLVED</bug_status>
          <resolution>MOVED</resolution>
          
          
          <bug_file_loc></bug_file_loc>
          <status_whiteboard></status_whiteboard>
          <keywords></keywords>
          <priority>P2</priority>
          <bug_severity>normal</bug_severity>
          <target_milestone>---</target_milestone>
          
          
          <everconfirmed>1</everconfirmed>
          <reporter name="Anne">annevk</reporter>
          <assigned_to name="Cameron McCormack">cam</assigned_to>
          <cc>d</cc>
    
    <cc>mike</cc>
    
    <cc>public-script-coord</cc>
          
          <qa_contact>public-webapps-bugzilla</qa_contact>

      

      

      

          <comment_sort_order>oldest_to_newest</comment_sort_order>  
          <long_desc isprivate="0" >
    <commentid>124649</commentid>
    <comment_count>0</comment_count>
    <who name="Anne">annevk</who>
    <bug_when>2016-01-20 14:56:42 +0000</bug_when>
    <thetext>According to bz IDL needs to account for WindowProxy. When operations are passed a WindowProxy, the security check needs to be performed on the underlying Window.

Bug 27128 has some ideas and ramblings, though mostly I think we want to pass the actual Window object to the &quot;perform a security check&quot; operation when given a WindowProxy.

Per https://github.com/annevk/html-cross-origin-objects the tentative plan is that the Window can be found on the WindowProxy&apos;s [[Window]] internal slot.</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>124988</commentid>
    <comment_count>1</comment_count>
    <who name="Anne">annevk</who>
    <bug_when>2016-02-11 16:37:35 +0000</bug_when>
    <thetext>The conclusion from that bug seems to be that we don&apos;t pass around Window, only WindowProxy. Places that accept a WindowProxy as input would be UIEvent and MessageEvent. As far as I can tell no security check is needed for that.

We might also to prevent Window from being accepted or returned anywhere syntax-wise, so folks always end up with WindowProxy if they were not paying attention.

Web IDL does need to make sure that &quot;perform a security check&quot; happens on the Window object, not the WindowProxy, as I mentioned.

Together with https://github.com/whatwg/html/pull/638 I&apos;m hopeful we&apos;ll finally have a solid baseline in standards for these objects. Some iteration is likely still required, but it should be much better than before.</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>126722</commentid>
    <comment_count>2</comment_count>
    <who name="Anne">annevk</who>
    <bug_when>2016-06-10 07:46:12 +0000</bug_when>
    <thetext>I don&apos;t plan on contributing text to IDL for now. Resetting assignee to default.</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>129562</commentid>
    <comment_count>3</comment_count>
    <who name="Domenic Denicola">d</who>
    <bug_when>2019-02-25 16:13:31 +0000</bug_when>
    <thetext>https://github.com/heycam/webidl/issues/656</thetext>
  </long_desc>
      
      

    </bug>

</bugzilla>