[whatwg] Communicating between different-origin frames

Following some discussion of [1], it was pointed out to me that it is 
possible to make two pages on separate subdomains communicate without 
either setting their document.domain by proxing the communication 
through pages that have set their document.domain. There is a demo of 
this at [2].

I'm not sure if this is already well-known nor whether it is harmless or 
not.

[1] 
http://my.opera.com/hallvors/blog/2010/07/13/ebay-versus-security-policy-consistency
[2] http://sloth.whyi.org/~jl/cross-domain.html

Received on Wednesday, 14 July 2010 02:39:42 UTC