[whatwg] Disabling document.domain setting on iframe at sandbox (especially with allow-same-origin)
Boris Zbarsky
bzbarsky at MIT.EDU
Wed Aug 21 13:20:43 PDT 2013
On 8/8/13 5:35 PM, Ian Hickson wrote:
> I'm certainly open to the idea of making document.domain not work in
> sandboxed <iframe>s. Any objections? Who is ready to implement this?
There seems to be general support for this amongst the Mozilla DOM
peers, so I filed https://bugzilla.mozilla.org/show_bug.cgi?id=907892
with patch.
-Boris
More information about the whatwg
mailing list