W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2013

Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 10 Jan 2013 00:39:35 +0000 (UTC)
To: Adam Barth <w3c@adambarth.com>
Message-ID: <Pine.LNX.4.64.1301100037480.2101@ps20323.dreamhostps.com>
Cc: whatwg <whatwg@lists.whatwg.org>, Boris Zbarsky <bzbarsky@mit.edu>
On Wed, 9 Jan 2013, Adam Barth wrote:
> On Wed, Jan 9, 2013 at 1:28 PM, Ian Hickson <ian@hixie.ch> wrote:
> > On Wed, 9 Jan 2013, Adam Barth wrote:
> >> The Document interface (which is what we started this thread 
> >> discussing) is never visible across origins and so does not have any 
> >> of these complexities.
> >
> > Actually Document objects can be visible across origins per spec, but 
> > none of their properties ever are.
> 
> For what it's worth, that doesn't appear to be necessary for web 
> compatibility.  Any time WebKit would return a Document to a script in 
> another origin, WebKit returns null instead.

That's interesting. Would other browser vendors be willing to do that? I'm 
certainly eager to make it null if we can get away with it. Would reduce 
the number of objects that need magic from 4 to 3.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 10 January 2013 00:40:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:12 GMT