- From: David Burns <dburns@mozilla.com>
- Date: Wed, 05 Nov 2014 10:04:50 +0000
- To: public-browser-tools-testing@w3.org
On 05/11/2014 02:00, James Graham wrote:
> On 03/11/14 18:22, Sam Uong wrote:
>> Is the origin domain the same as "document.domain"? For both Chrome and
>> Firefox (both of which support CSP) I get the domain of the page that
>> I'm at when I run ExecuteScript("return document.domain;"). So it looks
>> like both drivers execute scripts from self.
> The origin you care about here is the "effective script origin".
>
> HTML has hooks for all of this stuff. You need to call the hooks in the
> right way, depending on what WebDriver is supposed to do. I *assume* it
> just calls a script in the script execution environment of the selected
> Window, but other possibilities are imaginable (I didn't check the spec).
>
> Check with Hixie for the exact form of the spell you need to cast to
> make this work.
>
>
I have spoken to the CSP editors about this and we should be fine. There
is a note that UAs can allow scripts through and we should be able to
use that. I will update the spec to point to that part of the spec.
David
Received on Wednesday, 5 November 2014 10:05:17 UTC