- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 26 Sep 2007 15:56:44 +0200
- To: "Boris Zbarsky" <bzbarsky@mit.edu>
- Cc: "Maciej Stachowiak" <mjs@apple.com>, "Web API WG (public)" <public-webapi@w3.org>
On Wed, 26 Sep 2007 15:51:45 +0200, Boris Zbarsky <bzbarsky@MIT.EDU> wrote: > Anne van Kesteren wrote: >> Thanks. So it say the that the origin of the Document object associated >> with the Window pointer is the origin of the request. With a reference >> to HTML5 to see what the origin of such a Document object actually is. >> Or should it simply be the origin of the script? > > Those are possibly different origins when someone is doing something > like: > > window.frames[0].XMLHttpRequest > > right? I agree that it's important to decide which origin to use in > this case. Yes. If I get all this stuff correctly a script could be running on bar.com using the XMLHttpRequest from another frame which is on foo.bar.com. Depending on which definition is used it can either access bar.com or foo.bar.com content (but not both), right? -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Wednesday, 26 September 2007 13:57:06 UTC