Re: ISSUE-187 - What is the right approach to exception handling & ISSUE-185

On 12/2/12 6:28 AM, Mike O'Neill wrote:
> The sentence in 6.4.1 (/The execution of this API and the use of the 
> resulting permission (if granted) use the 'implicit' parameter, when 
> the API is called, the *document origin*. This forms the first part of 
> the duplet in the logical model, and hence in operation will be 
> compared with the *top-level origin*) /makes it clear that only script 
> in the context of the *top-level origin* can register a UGE for the 
> site. If script in third-party embedded iframe makes a SS UGE call, 
> the implicit document origin points to the third-party domain so the 
> exception applies there and not at the parent window's origin.

Can someone clarify? Is this true? A party in an iFrame should be able 
to request a UGE for the top level page context, not the iFrame that 
it's in.

Received on Tuesday, 4 December 2012 15:42:51 UTC