Re: ACTION-314: Draft non-normative examples of how a multi-domain site technically can ask for exceptions from Mike O'Neill on 2012-11-05 (public-tracking@w3.org from November 2012)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Mon, 5 Nov 2012 16:54:32 -0000
To: <public-tracking@w3.org>
Message-ID: <09ba01cdbb76$3b110a80$b1331f80$@baycloud.com>

Shane,

 

I don't think that will work, because the document origin of the iframes
will be different to the top level document origin of the page. i.e. if an
iframe embedded in site xyz.com has src=companyxyz.com/resource then JS in
the resource (executed in a third-party context) will not be able to set an
exception for xyz.com. This is as it should be because otherwise it would be
too easy for third-party script to silently create exceptions without the
user being aware 

 

Script in the window (with doc origin ) companyxyz.com could set up a target
exception for xyz.com and vice versa though.

 

 

Mike

Received on Monday, 5 November 2012 16:55:08 UTC