[whatwg] Disabling document.domain setting on iframe at sandbox (especially with allow-same-origin)

David Bruant bruant.d at gmail.com
Wed Aug 21 13:41:40 PDT 2013


Le 21/08/2013 22:20, Boris Zbarsky a écrit :
> On 8/8/13 5:35 PM, Ian Hickson wrote:
>> I'm certainly open to the idea of making document.domain not work in
>> sandboxed <iframe>s. Any objections? Who is ready to implement this?
>
> There seems to be general support for this amongst the Mozilla DOM 
> peers, so I filed https://bugzilla.mozilla.org/show_bug.cgi?id=907892 
> with patch.
Thanks <3

Filed http://code.google.com/p/chromium/issues/detail?id=277084 on the 
Blink side. Let's see what happens.

David



More information about the whatwg mailing list