[v8-dev] Re: [es6] ignore @@isConcatSpreadable if access check fails (issue 1230793002 by caitpotter88@gmail.com)

Mon, 13 Jul 2015 11:26:21 -0700 

On 2015/07/13 at 18:20:59, caitpotter88 wrote:

On 2015/07/13 18:12:49, adamk wrote:
> On 2015/07/11 at 17:09:02, caitpotter88 wrote:
> > On 2015/07/10 17:24:39, adamk wrote:
> > > Just to link discussions together further, the spec-world discussion

about

> this
> > > is taking place at:
> > >
> > >
>

https://lists.w3.org/Archives/Public/public-script-coord/2015JulSep/0022.html

> >
> > Per the discussion in the etherpad, the best thing to do is probably just 
to

> install [Unforgeable] + readonly @@toStringTag/@@isConcatSpreadable/etc
> attributes on cross-origin objects, and ignore the security check.
> >
> > Preferred? Not preferred?
>
> My reading of the etherpad doesn't match this interpretation. In the current > Blink implementation, an [Unforgeable] attribute will have the same value to 
all
> observers (not just cross-origin accesses). The draft "spec" in the etherpad 
> suggests that each access to a frame from another origin generates a new

Window

> object.



[Unforgeable] attributes are non-configurable (which is good, they can't  
be

reconfigured as untrusted accessors) --- the downside is that they live on  
the

instance rather than prototype, but for Window this probably doesn't matter

much. This alone should be enough to ensure that the value is trustworthy  
(after
all, per the etherpad, properties have/return primitive values are able to  
be

whitelisted for cross-origin access).


Making them readonly on top of that hurts the customization a little bit,  
but

maybe goes a step further in making sure they're always safe?

If we use an [Unforgeable] attribute and disabled access checks, we would

definitely need to make it readonly. Which would hurt customization,  
indeed, as

well as being observably different from what Boris described in the thread,

since Object.hasOwnProperty(window, Symbol.isConcatSpreadable) would be  
true for

same-origin windows in Blink but false in Firefox.


That's what I'm getting at, anyway




https://codereview.chromium.org/1230793002/

--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev

--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.























					Reply via email to