Re: UNS: Re: frame.cookie: useless, security risk

On Thu, 24 Jan 2008 17:26:28 +0100, <tep4i6o02@sneakemail.com> wrote:
> How can it be impossible to distinguish between the paths of windows and  
> running script, when it is commonplace to distinguish between the  
> domains of the windows? Or does the security model allow one to inject  
> scripts into another window (in the same domain), so they run from there?

Yes, the security model allows that. (And we're tied to that model due to  
deployed content :-))


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Thursday, 24 January 2008 16:38:20 UTC