[whatwg] AllowSeamless feedback

Anne van Kesteren annevk at annevk.nl
Fri Jan 18 05:40:17 PST 2013

On Tue, Jan 15, 2013 at 2:44 PM, Markus Ernst <derernst at gmx.ch> wrote:
> The allow-seamless mechanism is to be triggered at the side of the embedded
> resource, which would also be the one affected by possible security risks
> (if I get this right). The developer of this resource will have to be aware
> of these risks, and avoid to expose critical stuff in pages that allow
> seamless embedding.
> So, would it be possible to generally treat resources that allow seamless
> embedding as same-origin from the security POV?

No. And "AllowSameOrigin" would not work either. Because of scripting
one resource granting such access means exposing the entire origin to


More information about the whatwg mailing list