W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2012

Re: [XHR] Constructor behavior seems to be underdefined

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Mon, 02 Apr 2012 09:39:31 -0400
Message-ID: <4F79AC13.4060204@mit.edu>
To: Simon Pieters <simonp@opera.com>
CC: Cameron McCormack <cam@mcc.id.au>, public-webapps@w3.org, "public-script-coord@w3.org" <public-script-coord@w3.org>
On 4/2/12 2:50 AM, Simon Pieters wrote:
> I can find:
>
> "User agents must throw a SecurityError exception whenever any
> properties of a Document object are accessed by scripts whose effective
> script origin is not the same as the Document's effective script origin."
> http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#documents

Yeah.  That sort of language is needed somewhere for all objects, not 
just Documents.

> I don't know how well this matches reality though.

Reasonably well, last I checked, for window and document.

> It seems the spec forbids access to iframe.contentWindow.document but
> allows iframe.contentDocument.

Yes.  That's largely what implementations do...

-Boris
Received on Monday, 2 April 2012 13:40:07 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:51 GMT