W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2017

Re: Breaking the `opener` relationship.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 28 Apr 2017 10:26:46 +0200
Message-ID: <CADnb78gLjxCXr64ft3-HPFR=LUQNH4dzNBRxSBoaN2doGg8=zw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Artur Janc <aaj@google.com>, Alex Russell <slightlyoff@google.com>, Emily Stark <estark@google.com>, Jonathan Watt <jwatt@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Apr 28, 2017 at 10:10 AM, Mike West <mkwst@google.com> wrote:
> `WindowProxy`'s `[[GetOwnProperty]]` uses
> https://html.spec.whatwg.org/#isplatformobjectsameorigin-(-o-): I'd just
> stick with that as a determinant of the properties listed in
> https://html.spec.whatwg.org/#crossoriginproperties-(-o-).

Wouldn't you then fail to address point 7 of the threat model?


-- 
https://annevankesteren.nl/
Received on Friday, 28 April 2017 08:27:16 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:22 UTC