[whatwg] postMessage: event.source allows navigation of sender

On Feb 7, 2008 10:59 AM, Hallvord R M Steen wrote:
>
> Have a look at section 4.7.4.1. Security which reads:
>
> User agents must raise a security exception whenever any of the
> members of a Location object are accessed by scripts whose origin is
> not the same as the Location object's associated Document's origin,
> with the following exceptions:
> * The href setter

Oops! My bad, missed the exceptions...

-- 
Thomas Broyer

Received on Thursday, 7 February 2008 05:42:45 UTC