[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

Boris Zbarsky bzbarsky at MIT.EDU
Wed Jan 9 12:23:35 PST 2013


On 1/9/13 3:12 PM, Adam Barth wrote:
> As I've stated several times on this thread (any many times over the
> years), my opinion is that we should not expose an asymmetric access
> relation to the web platform.

OK, let's agree to disagree on this one for now.

Do we at least agree that this code:

   window.addEventListener.call(otherWindow, "click", function() {});

should throw if and only window and otherWindow are not same-origin (for 
some definition of same-origin, now that we have several different 
origins involved...)?  And if we do, do we agree that this needs to be 
specified somewhere?

-Boris




More information about the whatwg mailing list