[whatwg] The choice of script global object to use when the script element is moved

Anne van Kesteren annevk at opera.com
Wed Sep 8 02:24:01 PDT 2010


On Wed, 08 Sep 2010 11:20:30 +0200, Adam Barth <w3c at adambarth.com> wrote:
> The goal of AllowedScripts is not to limit a privilege to a subset of
> an origin.  Rather, the goal is to prevent an attacker who can inject
> markup into a document from executing script.  Put another way, if
> you're already executing script, then it's not trying to withhold any
> privileges.

Fair enough. I guess if one page gets compromised all else that is same  
origin is lost anyway.


-- 
Anne van Kesteren
http://annevankesteren.nl/



More information about the whatwg mailing list