- From: Mike West <notifications@github.com>
- Date: Tue, 20 Oct 2015 00:17:13 -0700
- To: heycam/webidl <webidl@noreply.github.com>
Received on Tuesday, 20 October 2015 07:17:42 UTC
@travisleithead: I don't think there are any scenarios in which `isSecureContext` can change for a given document, but there are certainly cases in which two same-origin resources can have different values. Consider the case where the nested frame in example 5 (https://w3c.github.io/webappsec-secure-contexts/#examples-framed) pops up a new window (a la example 2 (https://w3c.github.io/webappsec-secure-contexts/#examples-top-level)), for example. In those cases, the non-secure context could grab an object from the secure context and execute it. I think we want to check the incumbent settings object for that scenario, rather than the settings object associated with the callee's global. --- Reply to this email directly or view it on GitHub: https://github.com/heycam/webidl/pull/65#issuecomment-149459158
Received on Tuesday, 20 October 2015 07:17:42 UTC