[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
g.maone at informaction.com
Wed Feb 18 12:38:43 PST 2009
Bil Corry wrote, On 18/02/2009 21.31:
> Boris Zbarsky wrote on 2/18/2009 9:27 AM:
>> And really no different from:
>> if (window != window.top)
>> window.top.location.href = window.location.href;
>> in effect, right? This last already works in all browsers except IE,
>> which is presumably why IE felt the need to add another way to do it.
> Supposedly, a future release of IE8 will fix this (see Issue #4):
I doubt we'll see a "fix" for <iframe security=restricted> ;)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the whatwg