W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2013

Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 08 Jan 2013 08:16:12 -0500
Message-ID: <50EC1C1C.8050704@mit.edu>
To: Ian Hickson <ian@hixie.ch>
Cc: whatwg@lists.whatwg.org
On 1/8/13 2:16 AM, Ian Hickson wrote:
> I don't know about Document, but I can definitely think of APIs where it
> makes sense to be passing Window objects from other origins.

Yeah, I can see exceptions for Window, possibly.

> But if there's only one API that takes any of these four object types
> currently (I couldn't find any that took Document or Window in the HTML
> spec in a cursory look) then maybe it's not worth the bother. Wack a mole
> isn't _so_ bad if it's one mole a decade.

Actually, it is.  In a whack a mole situation every single API added to 
the platform has to be carefully audited to make sure it doesn't 
introduce a mole.  Which it won't be, because there are just not enough 
people qualified to do such an audit...

-Boris
Received on Tuesday, 8 January 2013 13:16:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:12 GMT