- From: gaz Heyes <gazheyes@gmail.com>
- Date: Tue, 15 Feb 2011 08:46:07 +0000
- To: "sird@rckc.at" <sird@rckc.at>
- Cc: public-web-security@w3.org
Received on Tuesday, 15 February 2011 08:53:45 UTC
On 15 February 2011 07:18, sird@rckc.at <sird@rckc.at> wrote: > I wish that JS Workers were completely isolated, and with no XHR, it would > be a nice feature (maybe as an extra argument marking the code as > untrusted). > > Anyway, what about a JS Worker triggered from a sandboxed iframe? > Would a sandboxed iframe allow same origin XHR urls? You'd need to stop that but even so the point is that defineProperty should be able to disable properties of an object that you know nothing about or that can change in time
Received on Tuesday, 15 February 2011 08:53:45 UTC