[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters
Boris Zbarsky
bzbarsky at MIT.EDU
Wed Jan 9 12:23:35 PST 2013
On 1/9/13 3:12 PM, Adam Barth wrote:
> As I've stated several times on this thread (any many times over the
> years), my opinion is that we should not expose an asymmetric access
> relation to the web platform.
OK, let's agree to disagree on this one for now.
Do we at least agree that this code:
window.addEventListener.call(otherWindow, "click", function() {});
should throw if and only window and otherWindow are not same-origin (for
some definition of same-origin, now that we have several different
origins involved...)? And if we do, do we agree that this needs to be
specified somewhere?
-Boris
More information about the whatwg
mailing list