[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters
Adam Barth
w3c at adambarth.com
Wed Jan 9 13:33:57 PST 2013
On Wed, Jan 9, 2013 at 1:28 PM, Ian Hickson <ian at hixie.ch> wrote:
> On Wed, 9 Jan 2013, Adam Barth wrote:
>> The Document interface (which is what we started this thread discussing)
>> is never visible across origins and so does not have any of these
>> complexities.
>
> Actually Document objects can be visible across origins per spec, but none
> of their properties ever are.
For what it's worth, that doesn't appear to be necessary for web
compatibility. Any time WebKit would return a Document to a script in
another origin, WebKit returns null instead.
Adam
More information about the whatwg
mailing list