[Bug 14502] Why do we want to taint on style set and not on style use? from bugzilla@jessica.w3.org on 2011-10-25 (public-html-bugzilla@w3.org from October 2011)

From: <bugzilla@jessica.w3.org>
Date: Tue, 25 Oct 2011 06:03:42 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1RIa6w-0001xV-Lo@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=14502

--- Comment #6 from Boris Zbarsky <bzbarsky@mit.edu> 2011-10-25 06:03:41 UTC ---
Note that as far as I can tell right now the spec says to use the document
origin, not the effective script origin, for the security check.  So per spec,
document.domain should have no effect.  That's not the case in Gecko right now,
I'm pretty sure.  Again, no idea what other UAs do.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Tuesday, 25 October 2011 06:03:46 UTC