On 9/3/14, 8:31 AM, Mike West wrote: > Ok. That sounds reasonable. I suppose an attacker who had already gotten > a frame onto a page could embed a frame in that frame that could iterate > through possible URLs. Since we already expose origins via > `window.location.ancestorOrigins` For some values of "we". It's not clear to me that "we" actually wants to expose that information cross-origin.... -BorisReceived on Wednesday, 3 September 2014 15:07:52 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC