W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2013

Re: [whatwg] `window.location.origin` in sandboxed IFrames.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 10 Jan 2013 13:13:30 +0100
Message-ID: <CADnb78jyevxGm0-fLxG1CSnEdFatEorMhwD9yV2rJ_7fO_p1Zw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: whatwg@whatwg.org, Adam Barth <w3c@adambarth.com>
On Thu, Jan 10, 2013 at 12:17 AM, Mike West <mkwst@google.com> wrote:
> Adam explained that WebKit currently treats the 'origin' attribute as
> the origin of the document's location, not the origin of the
> document[1]. This is generally benign, but surprised me in the
> sandboxed case.
>
> What should the expected behavior in this case be? Given the way that
> MessageEvent sets the origin of a message from a sandboxed frame to
> the string "null", that seems like a reasonable option here as well.
>
> WDYT?
>
> [1]: https://bugs.webkit.org/show_bug.cgi?id=106488#c1

Given that location.origin is defined by http://url.spec.whatwg.org/
once the dust of integrating URL into HTML settles, having
URLUtils.origin reflect the Document's origin when URLUtils is
implemented by Location would be very weird.

If you want the origin of a Document we could introduce
Document.origin I suppose.


-- 
http://annevankesteren.nl/
Received on Thursday, 10 January 2013 12:13:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:12 GMT