[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters
Ian Hickson
ian at hixie.ch
Wed Jan 9 16:42:15 PST 2013
On Wed, 9 Jan 2013, James Graham wrote:
> On Wed, 9 Jan 2013, Boris Zbarsky wrote:
> > On 1/9/13 4:12 PM, Adam Barth wrote:
> > > > window.addEventListener.call(otherWindow, "click", function()
> > > > {});
> > >
> > > This example does not appear to throw an exception in Chrome. It
> > > appears to just returns undefined without doing anything (except
> > > logging a security error to the debug console).
> >
> > Hmm. I may be able to convince that turning security errors like this
> > into silent no-ops returning undefined is ok, but throwing an
> > exception seems like a much better idea to me if you're going to
> > completely not do what you were asked to do... The other option
> > introduces hard-to-debug bugs.
>
> FWIW I have run into this behaviour in WebKit in the context of using
> the platform, and I considered it very user-hostile.
Yeah, we should throw SecurityError exception in these cases IMHO.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list