[Bug 22346] Security: Check origins when invoking a method, getter, or setter on an object using the property descriptor of another from bugzilla@jessica.w3.org on 2016-01-19 (public-script-coord@w3.org from January to March 2016)

From: <bugzilla@jessica.w3.org>
Date: Tue, 19 Jan 2016 15:17:35 +0000
To: public-script-coord@w3.org
Message-ID: <bug-22346-3890-Lf2vmDOAIX@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22346

--- Comment #18 from Anne <annevk@annevk.nl> ---
I'm not sure what the right behavior is. I wish I was a little more confident,
but I'm mostly still struggling with the material here.

For crossOriginProperties it seems problematic since the active document
changes which means that certain named properties need to change too ("the
browsing context name of any child browsing context of the active document
whose name is not the empty string"). Not sure about the map.

Would it be better to store this on Document, along with all the other "global"
state we store there?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Tuesday, 19 January 2016 15:17:41 UTC