The object origin is always defined by its static scope. That is, global objects always derive their origin from the origin of their document. Similarly, an object local to a function or method derives its origin from the origin of the method. A reference to a variable x in a document d loaded into window w is really w.x and thus derives its object origin from the origin of d. Let y be a local variable to the function foo(), located in a document d in window w. Even when foo() is called from a different window otherWin, e.g., when ``z = w.foo();'' is a line in otherWin, the object origin of y is still determined by its static scope, the origin of d. Note that in ``otherWin.location = "javascript: x = 1;"; ``, the ``"javascript: x = 1;'' part is just a string and not code; thus the static scope of x is within the window otherWin.
Dynamically created documents (e.g., created by document.write) should always inherit origin from the creating window/document.
Here are some examples for code executing in a window w1, loaded from origin o1:
v = foo(x); // o1 remains subject origin // for function ``foo'' v = w2.foo(x); // o1 remains subject origin // for function ``foo'' // foo will execute in w2's scope w2.location = "javascript:foo()"; // o1 remains subject origin // for function ``foo'' // foo will execute within a // top-level stack frame // of a new document in w2. w1.document.write(foo()); // o1 remains subject origin for // function ``foo'' // foo will execute in a new // document in w1, whose origin // is the same as the one of // the current document w2.eval(w1.foo(x)); // subject of this statement is o1 and // thus is subject of foo. // foo will execute in w2's context, // since w2 owns the eval method.
Thus, in this context, the object origin can always be retrieved in one step, by accessing the enclosing scope.