W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Same-origin checking for media elements

From: Robert O'Callahan <robert@ocallahan.org>
Date: Wed, 12 Nov 2008 17:02:02 +1300
Message-ID: <11e306600811112002t7d536743r10a07391e9264f4a@mail.gmail.com>
On Wed, Nov 12, 2008 at 4:22 PM, Tim Starling <tstarling at wikimedia.org>wrote:

> JavaScript already has measures along the lines of (2), in the context
> of frames. The information a script can obtain about a frame from a
> different origin is carefully restricted. I think that a similar
> solution would be best. It has the advantage of consistency and proven
> security.
>

I would say it has a history of proven *insecurity*. Look at clickjacking
for example.

Anyway, having discussed this with Hixie and Maciej and others a bit on
#whatwg, things seem to be leaning towards option 2.

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20081112/32e9ef54/attachment.htm>
Received on Tuesday, 11 November 2008 20:02:02 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC