[whatwg] SecurityError with parent, top, window, self and opener members of Window

Ian Hickson ian at hixie.ch
Fri Dec 28 23:40:24 PST 2012


On Tue, 6 Nov 2012, Andrew Oakley wrote:
>
> The specification seems to indicate that a SecurityError exception 
> should be thrown when the parent, top, window, self and opener 
> properties of a Window object are access by scripts with a different 
> effective script origin.  Some testing in Chrome, Firefox, IE and Opera 
> indicates that this is not what the browsers actually do.
> 
> I can't see any reason why we can't allow access to these properties, 
> should they be in the list of exceptions in section 6.2.1?

Yup, thanks. Fixed.


> Are there any more properties that should be in the list?

Maybe. I haven't tried to explicitly figure out what should be listed, 
I've mostly been hoping to just hear about what's critical by having 
people notice it when the spec is wrong. :-) I don't want to add too many 
things to this list, each one can be a security risk...

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'


More information about the whatwg mailing list