- From: <bugzilla@jessica.w3.org>
- Date: Tue, 25 Oct 2011 05:35:55 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=14502
Ian 'Hixie' Hickson <ian@hixie.ch> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |adrianba@microsoft.com,
| |franko@microsoft.com,
| |tross@microsoft.com
--- Comment #5 from Ian 'Hixie' Hickson <ian@hixie.ch> 2011-10-25 05:35:53 UTC ---
Any opinions from other browser vendors? (Opera, Microsoft?) I don't really see
much of an argument one way or the other. Doing it early seems cleaner from a
security perspective and may be imperceptibly more efficient (especially if the
pattern is used more than once). Doing it later is more forwards-looking.
The earlier point about document.domain is an interesting one. Once
document.domain is set, all future uses of images will be tainted (since the
effective origin of a document after document.domain is set can never match the
origin of an image), so one way that this would affect things today is when
document.domain is set between the pattern being initialised and the pattern
being used. I think this is a non-issue from a security perspective, and it
does seem like if you've been using a pattern and reading it that it would be
weird for it to suddenly stop working.
I think personally I would lean towards what the spec has now, but I'm happy to
change it if the majority of browsers want to change it.
--
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Tuesday, 25 October 2011 05:35:56 UTC