[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

James Graham jgraham at opera.com
Wed Jan 9 14:25:57 PST 2013

On Wed, 9 Jan 2013, Boris Zbarsky wrote:

> On 1/9/13 4:12 PM, Adam Barth wrote:
>>>    window.addEventListener.call(otherWindow, "click", function() {});
>> This example does not appear to throw an exception in Chrome.  It
>> appears to just returns undefined without doing anything (except
>> logging a security error to the debug console).
> Hmm.  I may be able to convince that turning security errors like this into 
> silent no-ops returning undefined is ok, but throwing an exception seems like 
> a much better idea to me if you're going to completely not do what you were 
> asked to do...  The other option introduces hard-to-debug bugs.

FWIW I have run into this behaviour in WebKit in the context of using the 
platform, and I considered it very user-hostile.

More information about the whatwg mailing list