On 8/2/13 10:35 PM, Ian Hickson wrote: > Honestly, though, at the point > where you're able to trick a similar-origin site into changing > document.domain so you can attack it document.domain was not involved in any way in the cross-site issues I've pointed out to you recently. -Boris