[whatwg] Disabling document.domain setting on iframe at sandbox (especially with allow-same-origin)

Boris Zbarsky bzbarsky at MIT.EDU
Wed Aug 21 13:20:43 PDT 2013


On 8/8/13 5:35 PM, Ian Hickson wrote:
> I'm certainly open to the idea of making document.domain not work in
> sandboxed <iframe>s. Any objections? Who is ready to implement this?

There seems to be general support for this amongst the Mozilla DOM 
peers, so I filed https://bugzilla.mozilla.org/show_bug.cgi?id=907892 
with patch.

-Boris



More information about the whatwg mailing list