[whatwg] Disabling document.domain setting on iframe at sandbox (especially with allow-same-origin)
David Bruant
bruant.d at gmail.com
Wed Aug 21 13:41:40 PDT 2013
Le 21/08/2013 22:20, Boris Zbarsky a écrit :
> On 8/8/13 5:35 PM, Ian Hickson wrote:
>> I'm certainly open to the idea of making document.domain not work in
>> sandboxed <iframe>s. Any objections? Who is ready to implement this?
>
> There seems to be general support for this amongst the Mozilla DOM
> peers, so I filed https://bugzilla.mozilla.org/show_bug.cgi?id=907892
> with patch.
Thanks <3
Filed http://code.google.com/p/chromium/issues/detail?id=277084 on the
Blink side. Let's see what happens.
David
More information about the whatwg
mailing list