So the proposal as I understand it is: For Location: - The getters for everything on URLUtils imported by Location must throw SecurityError if the incumbent script has an effective script origin that's not the same as the Location object's associated Document's browsing context's active document's effective script origin. - The setters for everything on URLUtils imported by Location other than 'href' must throw SecurityError if the incumbent script has an effective script origin that's not the same as the Location object's associated Document's browsing context's active document's effective script origin. - All the methods on Location other than replace() must throw SecurityError when called if the incumbent script has an effective script origin that's not the same as the Location object's associated Document's browsing context's active document's effective script origin. - The href setter and the replace() method must throw SecurityError when called if the incumbent script's script browsing context is not allowed to navigate the Location object's associated Document's browsing context. - When the incumbent script's effective script origin is different than a Location object's associated Document's effective script origin, the user agent must act as if the Location object is an Alien Object. For Window: - The getters for everything on Window except those Exempted Properties listed below must throw SecurityError if the incumbent script has an effective script origin that's not the same as the Window object's Document's effective script origin. - The setters for everything on Window must throw SecurityError if the incumbent script has an effective script origin that's not the same as the Window object's Document's effective script origin. - All the methods on Window except those in the Exempted Properties list below must throw SecurityError when called if the incumbent script has an effective script origin that's not the same as the Window object's Document's effective script origin. - When the incumbent script's effective script origin is different than a Window object's Document's effective script origin, the user agent must act as if the Window object is an Alien Object. - The Exempted Properties are: The location attribute The postMessage() method The window attribute The frames attribute The self attribute The top attribute The parent attribute The opener attribute The closed attribute The close() method The blur() method The focus() method Any supported property names that refer to other browsing contexts and that do not have a name that clashes with a property that is defined on the Window object itself (e.g. "history") For both: - An Alien Object must: * promote all the members found on its prototypes, including supported property indices and supported property names if any, to "own" properties on the object itself. * act as if any changes to that object's properties, getters, setters, etc, were not present (i.e. can't see custom properties and changes from the object's "home" origin). * act as if all the properties of that object had their [[Enumerable]] attribute set to false. * have their prototype set to null. * throw a SecurityError for any attempt to set or configure a property on the object. * act as if all objects returned by members of that object (including, for instance, function objects) were themselves Alien Objects.