Accessible global object 'self'

Table of Contents

  1. Introduction
    1. Motivation
    2. HTML and the WindowProxy
    3. SES interaction
  2. 1 Other Properties of the Global Object (18.4 )
    1. 1.1 self

Introduction

This spec introduces self, a writable, configurable property of the global object which has the global object as its value. This name should be familiar for developers, as it is already available as part of HTML, but this proposal brings it into availability for all ECMAScript code.

Motivation

It is difficult to write portable ECMAScript code which accesses the global object. On the web, it is accessible as window or self or frames; on Node.js, it is global; neither of those is available in a shell like V8's d8. In sloppy mode, it is this; in strict code within a function, that can still be accessed by new Function('return this'), but that form is inaccessible with some CSP settings. Below is some code from the wild to get the global object, passed in as the single argument to an IIFE, which works for most cases but won't actually work in d8 when in strict mode inside a function (it could be fixed using the new Function trick): 

// If we're in a browser, the global namespace is named 'window'. If we're
// in node, it's named 'global'. If we're in a shell, 'this' might work.
})(typeof window !== "undefined"
   ? window
   : (typeof process === 'object' &&
      typeof require === 'function' &&
      typeof global === 'object')
     ? global
     : this);

HTML and the WindowProxy

In HTML5, the global object is separated into the Window and the WindowProxy. New attributes are set on the Window, but top-level this has the identity of the WindowProxy. The WindowProxy forwards all object operations to the underlying Window, but as the page changes, the global object maintains the same identity while the underlying Window is swapped out.

ES2015 does not account for the Window/WindowProxy structure, and simply refers to "the global object" directly. This specification does the same. If the ECMAScript specification is changed for top-level this to account for WindowProxy, then the change should also apply to the definition of self.

SES interaction

For Secure ECMAScript, it is important that all references to the global object be spoof-able and capable of being locked down, so that each context gets its own shadow global context. Additionally, references to the global object should not be reachable from other ECMAScript intrinsic objects, which SES would like to simply recursively freeze. In this proposal, self is a writable, configurable property of the global object, so it should meet SES requirements.

1Other Properties of the Global Object (18.4 )

1.1self

The initial value of the "self" property of the global object is the global object.

This property has the attributes {[[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }.