[whatwg] The choice of script global object to use when the script element is moved

On 9/3/10 1:55 PM, Jonas Sicking wrote:
> On Fri, Sep 3, 2010 at 10:47 AM, Adam Barth<w3c at adambarth.com>  wrote:
>> I'm not sure it makes much of a difference from a security point of
>> view.
>
> Agreed. Pages can only move elements between pages that are in the
> same security context anyway so I can't really think of any attacks
> that any of the approaches would enable or disable.

Could it cause script to run from a <script> element that someone sticks 
in a same-origin but sandboxed iframe if the non-sandboxed parent moves 
some part of the DOM out before the parse is done?

-Boris

Received on Friday, 3 September 2010 11:16:04 UTC