Re: [XHR] Constructor behavior seems to be underdefined

On 4/2/12 2:50 AM, Simon Pieters wrote:
> I can find:
>
> "User agents must throw a SecurityError exception whenever any
> properties of a Document object are accessed by scripts whose effective
> script origin is not the same as the Document's effective script origin."
> http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#documents

Yeah.  That sort of language is needed somewhere for all objects, not 
just Documents.

> I don't know how well this matches reality though.

Reasonably well, last I checked, for window and document.

> It seems the spec forbids access to iframe.contentWindow.document but
> allows iframe.contentDocument.

Yes.  That's largely what implementations do...

-Boris

Received on Monday, 2 April 2012 13:40:10 UTC