- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 26 Sep 2007 16:30:14 +0200
- To: "Boris Zbarsky" <bzbarsky@mit.edu>
- Cc: "Maciej Stachowiak" <mjs@apple.com>, "Web API WG (public)" <public-webapi@w3.org>
On Wed, 26 Sep 2007 16:06:08 +0200, Boris Zbarsky <bzbarsky@MIT.EDU> wrote: > Anne van Kesteren wrote: >> Yes. If I get all this stuff correctly a script could be running on >> bar.com using the XMLHttpRequest from another frame which is on >> foo.bar.com. Depending on which definition is used it can either access >> bar.com or foo.bar.com content (but not both), right? > > Basically, yes. Hmm, actually, per HTML5 it seems that's impossible because the origin of bar.com and foo.bar.com are not the same and therefore you can't access any members of foo.bar.com from bar.com or vice versa. document.domain can change this I suppose, but doesn't it change the origin as well then for both domains making this not a problem for deciding what the origin is? (It's still relevant of course for determining how to resolve URIs.) -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Wednesday, 26 September 2007 14:30:40 UTC