W3C home > Mailing lists > Public > public-tracking@w3.org > November 2012

Re: ACTION-314: Draft non-normative examples of how a multi-domain site technically can ask for exceptions

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Mon, 5 Nov 2012 16:54:32 -0000
To: <public-tracking@w3.org>
Message-ID: <09ba01cdbb76$3b110a80$b1331f80$@baycloud.com>


I don't think that will work, because the document origin of the iframes
will be different to the top level document origin of the page. i.e. if an
iframe embedded in site xyz.com has src=companyxyz.com/resource then JS in
the resource (executed in a third-party context) will not be able to set an
exception for xyz.com. This is as it should be because otherwise it would be
too easy for third-party script to silently create exceptions without the
user being aware 


Script in the window (with doc origin ) companyxyz.com could set up a target
exception for xyz.com and vice versa though.



Received on Monday, 5 November 2012 16:55:08 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:00 UTC