- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 26 Sep 2007 14:55:36 +0200
- To: "Maciej Stachowiak" <mjs@apple.com>
- Cc: "Web API WG (public)" <public-webapi@w3.org>
On Tue, 25 Sep 2007 22:55:53 +0200, Maciej Stachowiak <mjs@apple.com> wrote: > I'm not sure offhand if baseURI is the right way to determine the > security domain. While setting document.domain does not apply, frames or > windows initially loaded with about:blank or no URI at all generally get > the security domain of their parent frame or opener respectively. I am > not certain if this is also supposed to be reflected in baseURI in all > cases, but in any case it doesn't in Safari (<iframe src="about:blank"> > gets a baseURI of about:blank). So I don't think the spec can define the > browsing context's origin without reference to HTML. Thanks. So it say the that the origin of the Document object associated with the Window pointer is the origin of the request. With a reference to HTML5 to see what the origin of such a Document object actually is. Or should it simply be the origin of the script? -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Wednesday, 26 September 2007 12:55:57 UTC