W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2013

Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 9 Jan 2013 12:12:33 -0800
Message-ID: <CAJE5ia_qnA7Lf=5PRB5bdWQshsMKSrajq60miAkqmj4e6f_bqQ@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: whatwg <whatwg@lists.whatwg.org>, Ian Hickson <ian@hixie.ch>
On Wed, Jan 9, 2013 at 11:59 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 1/9/13 2:30 PM, Adam Barth wrote:
>> As a consequence, I would recommend that you do not use asymmetric
>> access relations in features that you would like other browser vendors
>> to implement in the future.
>
> Browsers have asymmetric access relations all the time; they just have some
> of the code in C++.

I'm not sure I understand how that relates to the topic we're
discussing, which is the observable behavior of the web platform.

> The question is why this should be restricted to C++ code.

Actually, we're working on removing this ability from our C++ code as
well with the goal of reducing the frequency of implementation errors
in the same-origin policy.

As I've stated several times on this thread (any many times over the
years), my opinion is that we should not expose an asymmetric access
relation to the web platform.

Adam
Received on Wednesday, 9 January 2013 20:24:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:12 GMT