W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2013

Re: [whatwg] Disabling document.domain setting on iframe@sandbox (especially with allow-same-origin)

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 02 Aug 2013 22:38:42 -0400
Message-ID: <51FC6D32.6050109@mit.edu>
To: whatwg@lists.whatwg.org
On 8/2/13 10:35 PM, Ian Hickson wrote:
> Honestly, though, at the point
> where you're able to trick a similar-origin site into changing
> document.domain so you can attack it

document.domain was not involved in any way in the cross-site issues 
I've pointed out to you recently.

-Boris
Received on Saturday, 3 August 2013 02:39:11 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:23 UTC