- From: Ian Hickson <ian@hixie.ch>
- Date: Mon, 15 Jun 2009 16:56:56 +0000 (UTC)
- To: Erik Wilde <dret@berkeley.edu>
- Cc: "public-geolocation@w3.org" <public-geolocation@w3.org>
On Mon, 15 Jun 2009, Erik Wilde wrote: > > that's really great to hear! and does that policy apply to 3rd party > scripts (i.e., not just iframes) as well? It's not practically possible to limit anything to a per-script basis in HTML, sadly. A script from one origin running in the context of a second origin is able to generate a script from that second origin easily, and there's not really any way to detect this. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 15 June 2009 16:57:30 UTC