W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2013

Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 9 Jan 2013 13:33:57 -0800
Message-ID: <CAJE5ia-O3k=-krGrFXBR55DO4-jhnUYCk3NKu2u=L7YC4FwCpQ@mail.gmail.com>
To: Ian Hickson <ian@hixie.ch>
Cc: whatwg <whatwg@lists.whatwg.org>, Boris Zbarsky <bzbarsky@mit.edu>
On Wed, Jan 9, 2013 at 1:28 PM, Ian Hickson <ian@hixie.ch> wrote:
> On Wed, 9 Jan 2013, Adam Barth wrote:
>> The Document interface (which is what we started this thread discussing)
>> is never visible across origins and so does not have any of these
>> complexities.
>
> Actually Document objects can be visible across origins per spec, but none
> of their properties ever are.

For what it's worth, that doesn't appear to be necessary for web
compatibility.  Any time WebKit would return a Document to a script in
another origin, WebKit returns null instead.

Adam
Received on Wednesday, 9 January 2013 21:34:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:12 GMT