Hi, One more thing - Do you agree that there's a DOM (traversal) ambiguity here? parent.someObject can refer both to a JS object with that name, or a child element. -Ory On Mon, Aug 18, 2008 at 3:57 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote: > Ory Segal wrote: > >> As my previous email mentioned, the child cannot set/get any objects on >> the parent, but it can still query for their existence, which means that: >> >> if ( parent.someObject ) >> >> will still return TRUE/FALSE. >> > > As it happens, the child _can_ in fact get a property off the parent window > if that property is another frame. At least in some UAs. That seems like a > security bug; I wonder whether it can be fixed without breaking the web... > > -Boris >Received on Monday, 18 August 2008 13:19:19 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:40:19 GMT