W3C home > Mailing lists > Public > public-html@w3.org > August 2008

Re: DOM traversal ambiguity question

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Sun, 17 Aug 2008 21:51:08 -0400
Message-ID: <48A8D58C.2080002@mit.edu>
To: Ory Segal <orysegal@gmail.com>
CC: public-html@w3.org

Ory Segal wrote:
> ( Note - assuming that the child and the parent documents originate from 
> the same domain
...
> Functionally speaking, the problem is not so severe, but there are 
> security implications to this ambiguity - a malicious parent document 
> (not from the same domain)

I'm not sure how to reconcile those two things.  If the parent is not 
from the same domain, the child can't access things in it, and there is 
no problem, no?

-Boris
Received on Monday, 18 August 2008 01:51:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:22 GMT