W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2013

Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 09 Jan 2013 15:23:35 -0500
Message-ID: <50EDD1C7.3090909@mit.edu>
To: Adam Barth <w3c@adambarth.com>
Cc: whatwg <whatwg@lists.whatwg.org>, Ian Hickson <ian@hixie.ch>
On 1/9/13 3:12 PM, Adam Barth wrote:
> As I've stated several times on this thread (any many times over the
> years), my opinion is that we should not expose an asymmetric access
> relation to the web platform.

OK, let's agree to disagree on this one for now.

Do we at least agree that this code:

   window.addEventListener.call(otherWindow, "click", function() {});

should throw if and only window and otherWindow are not same-origin (for 
some definition of same-origin, now that we have several different 
origins involved...)?  And if we do, do we agree that this needs to be 
specified somewhere?

-Boris
Received on Wednesday, 9 January 2013 20:24:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:12 GMT