In order to fully implement the semantics of perform a security check in WebIDL2JS for use in JSDOM, it’s necessary to be able to get the realm of the caller.
I propose to extend FunctionDeclarationInstantiation with:
9.2.10 FunctionDeclarationInstantiation ( func, argumentsList )
- If argumentsObjectNeeded is true, then
- Call env.InitializeBinding("arguments", ao).
This would add a non‑enumerable
callerGlobal property to the
arguments object, which refers to the
An option would be to only do that if
func has the
[[CaptureCallerGlobal]] internal slot set to
true, which would be done by the
@captureCallerGlobal built‑in decorator.
Isn't this a security problem? For sandboxes
We have generally been trying to remove ways for functions to introspect on their caller. I don't think it would be a good idea to add a new one.
Also, as a general matter, is there more motivation than "there is one algorithm in the HTML standard which is not implementable in pure JS"? I don't think that alone would be a sufficient reason to add this.