W3C home > Mailing lists > Public > public-html-comments@w3.org > January 2008

Re: UNS: Re: frame.cookie: useless, security risk

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 24 Jan 2008 17:41:45 +0100
To: tep4i6o02@sneakemail.com, public-html-comments@w3.org
Message-ID: <op.t5f0nvv764w2qv@annevk-t60.oslo.opera.com> 

On Thu, 24 Jan 2008 17:26:28 +0100, <tep4i6o02@sneakemail.com> wrote:
> How can it be impossible to distinguish between the paths of windows and  
> running script, when it is commonplace to distinguish between the  
> domains of the windows? Or does the security model allow one to inject  
> scripts into another window (in the same domain), so they run from there?

Yes, the security model allows that. (And we're tied to that model due to  
deployed content :-))


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Thursday, 24 January 2008 16:38:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:29:55 GMT