W3C home > Mailing lists > Public > public-html-comments@w3.org > January 2008

Re: UNS: Re: frame.cookie: useless, security risk

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 24 Jan 2008 17:41:45 +0100
To: tep4i6o02@sneakemail.com, public-html-comments@w3.org
Message-ID: <op.t5f0nvv764w2qv@annevk-t60.oslo.opera.com>

On Thu, 24 Jan 2008 17:26:28 +0100, <tep4i6o02@sneakemail.com> wrote:
> How can it be impossible to distinguish between the paths of windows and  
> running script, when it is commonplace to distinguish between the  
> domains of the windows? Or does the security model allow one to inject  
> scripts into another window (in the same domain), so they run from there?

Yes, the security model allows that. (And we're tied to that model due to  
deployed content :-))

Anne van Kesteren
Received on Thursday, 24 January 2008 16:38:20 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:24 UTC