[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

Adam Barth w3c at adambarth.com
Wed Jan 9 12:12:33 PST 2013


On Wed, Jan 9, 2013 at 11:59 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 1/9/13 2:30 PM, Adam Barth wrote:
>> As a consequence, I would recommend that you do not use asymmetric
>> access relations in features that you would like other browser vendors
>> to implement in the future.
>
> Browsers have asymmetric access relations all the time; they just have some
> of the code in C++.

I'm not sure I understand how that relates to the topic we're
discussing, which is the observable behavior of the web platform.

> The question is why this should be restricted to C++ code.

Actually, we're working on removing this ability from our C++ code as
well with the goal of reducing the frequency of implementation errors
in the same-origin policy.

As I've stated several times on this thread (any many times over the
years), my opinion is that we should not expose an asymmetric access
relation to the web platform.

Adam



More information about the whatwg mailing list