[whatwg] SecurityError with parent, top, window, self and opener members of Window
Ian Hickson
ian at hixie.ch
Fri Dec 28 23:40:24 PST 2012
On Tue, 6 Nov 2012, Andrew Oakley wrote:
>
> The specification seems to indicate that a SecurityError exception
> should be thrown when the parent, top, window, self and opener
> properties of a Window object are access by scripts with a different
> effective script origin. Some testing in Chrome, Firefox, IE and Opera
> indicates that this is not what the browsers actually do.
>
> I can't see any reason why we can't allow access to these properties,
> should they be in the list of exceptions in section 6.2.1?
Yup, thanks. Fixed.
> Are there any more properties that should be in the list?
Maybe. I haven't tried to explicitly figure out what should be listed,
I've mostly been hoping to just hear about what's critical by having
people notice it when the spec is wrong. :-) I don't want to add too many
things to this list, each one can be a security risk...
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list