This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 29386 - Account for WindowProxy (window proxy)
Summary: Account for WindowProxy (window proxy)
Alias: None
Product: WebAppsWG
Classification: Unclassified
Component: WebIDL (show other bugs)
Version: unspecified
Hardware: PC All
: P2 normal
Target Milestone: ---
Assignee: Cameron McCormack
QA Contact: public-webapps-bugzilla
Depends on:
Reported: 2016-01-20 14:56 UTC by Anne
Modified: 2019-02-25 16:13 UTC (History)
3 users (show)

See Also:


Description Anne 2016-01-20 14:56:42 UTC
According to bz IDL needs to account for WindowProxy. When operations are passed a WindowProxy, the security check needs to be performed on the underlying Window.

Bug 27128 has some ideas and ramblings, though mostly I think we want to pass the actual Window object to the "perform a security check" operation when given a WindowProxy.

Per the tentative plan is that the Window can be found on the WindowProxy's [[Window]] internal slot.
Comment 1 Anne 2016-02-11 16:37:35 UTC
The conclusion from that bug seems to be that we don't pass around Window, only WindowProxy. Places that accept a WindowProxy as input would be UIEvent and MessageEvent. As far as I can tell no security check is needed for that.

We might also to prevent Window from being accepted or returned anywhere syntax-wise, so folks always end up with WindowProxy if they were not paying attention.

Web IDL does need to make sure that "perform a security check" happens on the Window object, not the WindowProxy, as I mentioned.

Together with I'm hopeful we'll finally have a solid baseline in standards for these objects. Some iteration is likely still required, but it should be much better than before.
Comment 2 Anne 2016-06-10 07:46:12 UTC
I don't plan on contributing text to IDL for now. Resetting assignee to default.
Comment 3 Domenic Denicola 2019-02-25 16:13:31 UTC