[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters
James Graham
jgraham at opera.com
Wed Jan 9 14:25:57 PST 2013
On Wed, 9 Jan 2013, Boris Zbarsky wrote:
> On 1/9/13 4:12 PM, Adam Barth wrote:
>>> window.addEventListener.call(otherWindow, "click", function() {});
>>
>> This example does not appear to throw an exception in Chrome. It
>> appears to just returns undefined without doing anything (except
>> logging a security error to the debug console).
>
> Hmm. I may be able to convince that turning security errors like this into
> silent no-ops returning undefined is ok, but throwing an exception seems like
> a much better idea to me if you're going to completely not do what you were
> asked to do... The other option introduces hard-to-debug bugs.
FWIW I have run into this behaviour in WebKit in the context of using the
platform, and I considered it very user-hostile.
More information about the whatwg
mailing list