- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Sun, 28 Sep 2008 22:48:31 -0400
- To: Adam Barth <w3c@adambarth.com>
- CC: HTML WG <public-html@w3.org>
Adam Barth wrote: > What are the all the different string forms? The two I'm aware of are: > > 1) postMessage's origin property > 2) XHR's Origin header You're assuming no one else will make use of these serialization rules? > Browser implementations won't be able to replace same-origin checks > with comparing these strings because of document.domain document.domain just comes down to modifying which origins you compare, for what it's worth. -Boris
Received on Monday, 29 September 2008 02:51:49 UTC