W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2008

[whatwg] postMessage: event.source allows navigation of sender

From: Thomas Broyer <t.broyer@gmail.com>
Date: Thu, 7 Feb 2008 14:42:45 +0100
Message-ID: <a9699fd20802070542y360aed50yf2af81cce57936ee@mail.gmail.com>
On Feb 7, 2008 10:59 AM, Hallvord R M Steen wrote:
>
> Have a look at section 4.7.4.1. Security which reads:
>
> User agents must raise a security exception whenever any of the
> members of a Location object are accessed by scripts whose origin is
> not the same as the Location object's associated Document's origin,
> with the following exceptions:
> * The href setter

Oops! My bad, missed the exceptions...

-- 
Thomas Broyer
Received on Thursday, 7 February 2008 05:42:45 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:39 UTC