[whatwg] The choice of script global object to use when the script element is moved
Anne van Kesteren
annevk at opera.com
Wed Sep 8 02:24:01 PDT 2010
On Wed, 08 Sep 2010 11:20:30 +0200, Adam Barth <w3c at adambarth.com> wrote:
> The goal of AllowedScripts is not to limit a privilege to a subset of
> an origin. Rather, the goal is to prevent an attacker who can inject
> markup into a document from executing script. Put another way, if
> you're already executing script, then it's not trying to withhold any
> privileges.
Fair enough. I guess if one page gets compromised all else that is same
origin is lost anyway.
--
Anne van Kesteren
http://annevankesteren.nl/
More information about the whatwg
mailing list