- From: David Singer <singer@apple.com>
- Date: Thu, 20 Nov 2014 00:12:56 +0100
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Mike O'Neill <michael.oneill@baycloud.com>, Tracking Protection Working Group <public-tracking@w3.org>
so, we just want ‘script origin’ not ‘effective’? > On Nov 19, 2014, at 14:47 , Anne van Kesteren <annevk@annevk.nl> wrote: > > On Wed, Nov 12, 2014 at 3:39 PM, Mike O'Neill > <michael.oneill@baycloud.com> wrote: >> As I understand it, in HTML5 the "effective script origin" of a document is the same as the document's "origin" unless the attribute document.domain is changed. > > That's correct. > > >> I don't know why Anne says document.domain should be avoided for new features, though I take his word for it. Maybe he can explain? > > Setting document.domain is a very expensive operation (it changes > which global objects can reach each other) and weakens security > guarantees. With postMessage() it is also no longer required > functionality. It is however still supported due to legacy content. > Tying new features to effective script origin essentially incentives > developers to use document.domain, which would be bad as we hope to > eventually be able to remove it. > > I'll try to get "effective script origin" renamed to "legacy origin" > or some such to make this more immediately apparent. > > > -- > https://annevankesteren.nl/ David Singer Manager, Software Standards, Apple Inc.
Received on Wednesday, 19 November 2014 23:13:33 UTC