[Bug 5850] JS global object from bugzilla@wiggum.w3.org on 2008-07-20 (public-html-bugzilla@w3.org from July 2008)

From: <bugzilla@wiggum.w3.org>
Date: Sun, 20 Jul 2008 00:04:50 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1KKMPy-0000c6-9o@wiggum.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=5850





--- Comment #20 from Ian 'Hixie' Hickson <ian@hixie.ch>  2008-07-20 00:04:50 ---
In fact right now:
   http://www.whatwg.org/specs/web-apps/current-work/#security3
...the spec says that you can't get to window.history if you aren't
same-origin, and the only non-readonly member that you can access cross-origin
is 'location', which the spec forbids anyone from changing the setter of.
(Similarly, cross-origin you can only access Location.href as a setter, and
nobody is allowed to modify that setter.)


-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Sunday, 20 July 2008 00:05:27 UTC