Re: Proposal: Document.parse() [AKA: Implied Context Parsing]

On Tue, Jun 5, 2012 at 11:02 AM, Adam Barth <> wrote:
>> On Tue, Jun 5, 2012 at 2:10 AM, Adam Barth <> wrote:
>> If you mean
>> I guess that would depend on how we define it.
> By the way, it occurs to me that we can solve these security problems
> if we restrict the syntax to only working when executing inline or via
> <script crossorigin src=...>.  If the script has appropriate CORS
> headers, then it doesn't matter if we leak its contents because
> they're already readable by the document executing the script.

It would also have to be disabled for workers until we have DOM access there...

Anne — Opera Software

Received on Tuesday, 5 June 2012 11:46:13 UTC