W3C home > Mailing lists > Public > public-script-coord@w3.org > April to June 2013

Re: resolving references when object from other security context is in scope

From: Hallvord Reiar Michaelsen Steen <hallvord@opera.com>
Date: Fri, 07 Jun 2013 14:05:48 +0200
To: public-script-coord@w3.org
Message-ID: <1e7f94edd6b4b3134aab92772e96ed72@opera.com>
> Also, defining new variables in the with block that previously exist  
> neither in the global scope nor in the IFRAME's shows inconsistency across  
> browsers:
> with(iframe.contentWindow){
>      previouslyUndefinedVariable='test';
> }
> Those browsers that throw for the second sample above also throw for this.  
> (This does seem a bit concerning because in those browsers this can be  

> used to spy on what *names* another site has defined in its JS.

Just to clarify this, I didn't proof read enough before sending: it's the browsers that *do not* throw for the second sample above and allow defining new variables in the parent scope if they don't exist in the other origin scope I'm concerned about..

Hallvord R. M. Steen
Core tester, Opera Software
Received on Friday, 7 June 2013 12:06:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:13 UTC