Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters from Adam Barth on 2013-01-09 (public-whatwg-archive@w3.org from January 2013)

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 9 Jan 2013 13:33:57 -0800
To: Ian Hickson <ian@hixie.ch>
Cc: whatwg <whatwg@lists.whatwg.org>, Boris Zbarsky <bzbarsky@mit.edu>
Message-ID: <CAJE5ia-O3k=-krGrFXBR55DO4-jhnUYCk3NKu2u=L7YC4FwCpQ@mail.gmail.com>

On Wed, Jan 9, 2013 at 1:28 PM, Ian Hickson <ian@hixie.ch> wrote:
> On Wed, 9 Jan 2013, Adam Barth wrote:
>> The Document interface (which is what we started this thread discussing)
>> is never visible across origins and so does not have any of these
>> complexities.
>
> Actually Document objects can be visible across origins per spec, but none
> of their properties ever are.

For what it's worth, that doesn't appear to be necessary for web
compatibility.  Any time WebKit would return a Document to a script in
another origin, WebKit returns null instead.

Adam

Received on Wednesday, 9 January 2013 21:34:56 UTC