- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Fri, 07 Dec 2012 15:00:12 -0500
- To: public-script-coord@w3.org
On 12/7/12 2:43 PM, David Bruant wrote: > I've just been thinking about this question more. Consider: > * a WindowProxy instance w proxies to windowA > * A non-configurable property 'whatever' is set on windowA through w > (value is not important, but non-configurability is) > * WindowProxy proxies to a different windowB object > > is 'whatever' a property of windowB? of the WindowProxy object itself? It has to be windowB to avoid cross-site information leakage.... > If HTML5 expects that there is no 'whatever' property after the target > change, we might be having a problem. It's not what HTML5 expects that matters per se. It's what's necessary for basic web security. :( -Boris
Received on Friday, 7 December 2012 20:00:47 UTC