W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2012

[whatwg] Proposal: location.parentOrigin

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Wed, 4 Apr 2012 22:15:27 -0700
Message-ID: <CALx_OUCMFr+wyyCXWyvzKj_Xm863oJiCYRqn9vJui8+2WB45bw@mail.gmail.com>
I can think of some fringe scenarios where disclosing parent origins
may be somewhat undesirable. One example may be a "double-bagged"
advertisement, where the intent is to not tell the advertiser about
the top-level page the ad is embedded on (visited site -> <iframe>
pointing to the ad provider site -> <iframe> with embedded advertiser
content).

Not sure if there's anything more convincing, but perhaps it's
desirable to obtain constent from parents before populating the array
(e.g. <iframe discloseorigin=yes>). If a member of the chain doesn't
consent, the corresponding element of the array is null / undefined /
an empty string?

/mz
Received on Wednesday, 4 April 2012 22:15:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:07 GMT