[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

Boris Zbarsky bzbarsky at MIT.EDU
Sat Dec 15 19:06:38 PST 2012

On 12/15/12 8:33 PM, Jonas Sicking wrote:
> An "easy" solution would be to just return null for .contentDocument
> in the case of cross-origin iframes.

Even if that were web-compatible (which is not obvious), that doesn't 
solve the problem of doing the same sort of thing with .contentWindow.


More information about the whatwg mailing list