- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Mon, 5 Nov 2012 16:54:32 -0000
- To: <public-tracking@w3.org>
Received on Monday, 5 November 2012 16:55:08 UTC
Shane, I don't think that will work, because the document origin of the iframes will be different to the top level document origin of the page. i.e. if an iframe embedded in site xyz.com has src=companyxyz.com/resource then JS in the resource (executed in a third-party context) will not be able to set an exception for xyz.com. This is as it should be because otherwise it would be too easy for third-party script to silently create exceptions without the user being aware Script in the window (with doc origin ) companyxyz.com could set up a target exception for xyz.com and vice versa though. Mike
Received on Monday, 5 November 2012 16:55:08 UTC