- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 12 Feb 2014 14:51:19 +0000
- To: Mountie Lee <mountie@paygate.net>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Feb 12, 2014 at 2:42 PM, Mountie Lee <mountie@paygate.net> wrote: > On Wed, Feb 12, 2014 at 11:33 PM, Anne van Kesteren <annevk@annevk.nl> > wrote: >> Surely that can be fixed by providing explicit structured clone >> support for this object. > > under the same domain, structured clone is ok. > but under the cross-origin conditions, I'm not sure. It should work. There is no reason for Key objects to be origin-bound and as far as I can tell they are not. The security around messaging structured clones is based on the object-capability model and not origins. -- http://annevankesteren.nl/
Received on Wednesday, 12 February 2014 14:51:46 UTC