[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters
Boris Zbarsky
bzbarsky at MIT.EDU
Wed Jan 9 14:18:28 PST 2013
On 1/9/13 4:33 PM, Adam Barth wrote:
> For what it's worth, that doesn't appear to be necessary for web
> compatibility. Any time WebKit would return a Document to a script in
> another origin, WebKit returns null instead.
The HTML spec requires that property access on documents use effective
script origin for checks.
Effective script origins are mutable.
It is in fact possible to get your hands on a document in a different
effective script origin in WebKit (thanks, document.domain).
Just saying,
Boris
More information about the whatwg
mailing list