Brendan Eich (2013-08-01T02:29:10.000Z)
domenic at domenicdenicola.com (2013-08-09T20:16:47.839Z)
Mark S. Miller wrote: > That's not the hard problem relevant to the current question. Given > two frames both starting at foo.bar.com. While > they're both there, their object graphs become arbitrarily entangled, > which is as it should be. Then, one of them truncates to bar.com. Now they are separate origin iframes. What happens > to their inter-frame pointers, which are now cross-origin pointers? In > a membraneless browser, how are the newly-cross-origin pointers even > distinguished from the same-origin pointers? The answer in pre-membrane Firefox was badly: a reference monitor would walk the DOM "parent" link (not parentNode) and try to find the right global object, from whose document to get an effective script origin (essentially). The problem there was performance. I don't know of fast but incorrect implementations that allowed access where they should not have, but I am old and forgetful (relatively speaking; still have a memory like an elephant :-P). Cc'ing Boris in case he knows more.