- From: weizman <notifications@github.com>
- Date: Wed, 08 May 2024 04:23:11 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 8 May 2024 11:23:15 UTC
This is awesome, my only input here is to kindly ask to remember not to implement this behaviour for when elements cross realms (such as when an element is being reparented under a different document than its current one).
I believe this was referred in the descritpion:
> "Not allowing atomic moves across documents, which should greatly simplify the security story of this work"
Which is great, just want to emphasize that this is important from the security angle.
Also - cross-document should mean all ways to achieve that, whether by iframe or popups:
```javascript
const child = document.createElement('a');
document.body.appendChild(document.createElement('iframe')).contentDocument.body.append(child);
// OR
open('').document.body.append(child);
```
I assume this is clear already, but thought it's worth mentioning.
--
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/1255#issuecomment-2100352705
You are receiving this because you are subscribed to this thread.
Message ID: <whatwg/dom/issues/1255/2100352705@github.com>
Received on Wednesday, 8 May 2024 11:23:15 UTC