- From: Steve Block <steveblock@google.com>
- Date: Thu, 10 Nov 2011 14:40:58 +0000
- To: Simon Pieters <simonp@opera.com>, public-geolocation <public-geolocation@w3.org>
Hi Simon, Note that the Geolocation spec already specifies that the permission UI should use the host component of the document's URI [1]. We agreed some time ago to use just the host, not the complete origin. I think you're right that it would be good to clarify the behavior in the case where script in one document accesses the Geolocation object in another document. > with "origin" and "entry script" being defined in the HTML spec. Do you mean the W3C HTML5 spec [2] ? If I understand this correctly, under your proposal of using 'entry script', the relevant host for the purposes of Geolocation permissions in your example is that of the outer document. If the code were ... window[0].myGetCurrentPositionWrapper(); then the relevant host would be that of window[0]'s document, ie the document corresponding to the Geolocation object. Thanks, Steve [1] http://dev.w3.org/geo/api/spec-source.html#privacy_for_uas [2] http://dev.w3.org/html5/spec/Overview.html#entry-script ?
Received on Thursday, 10 November 2011 14:41:38 UTC