- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 5 Jun 2007 06:28:36 +0000 (UTC)
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- Cc: "Web APIs WG (public)" <public-webapi@w3.org>
On Tue, 5 Jun 2007, Boris Zbarsky wrote: > > > > I've broadened the allowances in the spec. How about now? > > Now it effectively says "UAs do whatever they want." Compatible with > the real world, and existing UAs, sure. Not that useful to future UA > implementors... But I'm not sure what would be. Neither am I. I'm open to better suggestions. > > I've changed the spec so that if you navigate a top-level browsing > > context whose name has been set using window.name (which is the only > > way to set a name on a top-level browsing context as far as I can > > tell) to a new origin, then the name is reset. > > Why only top-level? The idea is to protect the _new_ page from the previous one. In child or auxiliary browsing contexts, you don't want to have this protection, since those are exactly the cases where there will probably be another site going around and poking at your browsing context anyway. Indeed in the child browsing context case we might want to make window.name only settable by documents in the origin of the the parent browsing context's active document. In the case of auxiliary browsing contexts, you want the window to be directly accessible to the opener, at least until such time as the name changes. > And this doesn't really address the concern I raised about window.name > (and window targeting) seeing names set by some other site when it > opened you in a popup... That wasn't what the bug was about; could you elaborate on this concern further? I'm not sure I remember which it was. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 5 June 2007 06:28:47 UTC