W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: Origin-scoped cache/cookie/storage context

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 15 Jan 2014 10:05:38 -0500
Message-ID: <52D6A3C2.3050608@mit.edu>
To: public-webappsec@w3.org
On 1/15/14 4:23 AM, Anne van Kesteren wrote:
> It seems that if a site opts into this better security model, we could
> go and disable document.domain...

Yes, please.  We've already done that in sandboxed iframes....

-Boris
Received on Wednesday, 15 January 2014 15:06:07 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC