W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2013

Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

From: James Graham <jgraham@opera.com>
Date: Wed, 9 Jan 2013 23:25:57 +0100 (CET)
To: Boris Zbarsky <bzbarsky@MIT.EDU>
Message-ID: <alpine.DEB.2.02.1301092324440.11354@sirius>
Cc: whatwg <whatwg@lists.whatwg.org>, Ian Hickson <ian@hixie.ch>, Adam Barth <w3c@adambarth.com>
On Wed, 9 Jan 2013, Boris Zbarsky wrote:

> On 1/9/13 4:12 PM, Adam Barth wrote:
>>>    window.addEventListener.call(otherWindow, "click", function() {});
>> 
>> This example does not appear to throw an exception in Chrome.  It
>> appears to just returns undefined without doing anything (except
>> logging a security error to the debug console).
>
> Hmm.  I may be able to convince that turning security errors like this into 
> silent no-ops returning undefined is ok, but throwing an exception seems like 
> a much better idea to me if you're going to completely not do what you were 
> asked to do...  The other option introduces hard-to-debug bugs.

FWIW I have run into this behaviour in WebKit in the context of using the 
platform, and I considered it very user-hostile.
Received on Wednesday, 9 January 2013 22:26:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:12 GMT