[whatwg] proposal for a location.domain property
João Eiras
joaoe at opera.com
Fri May 25 04:27:02 PDT 2012
On Thu, 24 May 2012 23:02:00 +0200, Maciej Stachowiak <mjs at apple.com>
wrote:
>
> I agree. Even though there are still legacy features like cookies and
> document.domain that use domain-based security, most of the Web platform
> uses origin-based security, and that has proved to be a sounder model.
> While I acknowledge the use cases for exposing location.domain, it's
> also likely to become an attractive nuisance that pulls developers in
> the wrong direction.
>
Although I understand this opinion and agree with it, the domain based
security checks are used for cross frame interaction, cookies, security
certificates, etc, therefore it has to be specified and documented.
I don't think adding a location.tld property or location.topDomain would
pull developers away from anything. It would just make the legacy domain
based security checks a bit more easy to handle and understand. It's the
specifications and APIs that tell which security model to use, not the
developer.
More information about the whatwg
mailing list