[whatwg] Same-origin checking for media elements

Robert O'Callahan robert at ocallahan.org
Tue Nov 11 20:02:02 PST 2008


On Wed, Nov 12, 2008 at 4:22 PM, Tim Starling <tstarling at wikimedia.org>wrote:

> JavaScript already has measures along the lines of (2), in the context
> of frames. The information a script can obtain about a frame from a
> different origin is carefully restricted. I think that a similar
> solution would be best. It has the advantage of consistency and proven
> security.
>

I would say it has a history of proven *insecurity*. Look at clickjacking
for example.

Anyway, having discussed this with Hixie and Maciej and others a bit on
#whatwg, things seem to be leaning towards option 2.

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20081112/32e9ef54/attachment-0001.htm>


More information about the whatwg mailing list