- From: Michal Zalewski <lcamtuf@dione.cc>
- Date: Tue, 30 Sep 2008 15:56:26 +0200 (CEST)
On Wed, 1 Oct 2008, Robert O'Callahan wrote: > I don't think that's secure. The outer page can set the IFRAME's URL to > contain a #xyz fragment identifier That's really covered in the original proposal. Honest :P In a kludgy manner, of course (permitting fragments, but not permitting onload scrolling based on fragments in cross-domain settings), but we thought of this one. /mz
Received on Tuesday, 30 September 2008 06:56:26 UTC