[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters
bzbarsky at MIT.EDU
Mon Jan 7 22:46:27 PST 2013
On 1/8/13 1:42 AM, Boris Zbarsky wrote:
>On 1/7/13 11:28 PM, Ian Hickson wrote:
>> The check is the same -- if the Document that is the "this" to
>> which the property is being applied doesn't match the origin of the
>> that is doing the applying, throw SecurityError.
Actually, that's not enough. You have to security-check arguments too.
would be bad. (Note that right now the DOM spec fails to handle this,
which is about what I would expect out of people creating APIs, which is
why I would really prefer we define this on a low level where people
can't screw up by forgetting it.)
More information about the whatwg