On 9/3/14, 8:31 AM, Mike West wrote: > Ok. That sounds reasonable. I suppose an attacker who had already gotten > a frame onto a page could embed a frame in that frame that could iterate > through possible URLs. Since we already expose origins via > `window.location.ancestorOrigins` For some values of "we". It's not clear to me that "we" actually wants to expose that information cross-origin.... -BorisReceived on Wednesday, 3 September 2014 15:07:52 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:40 UTC