- From: James Graham <jgraham@opera.com>
- Date: Wed, 14 Jul 2010 11:39:42 +0200
Following some discussion of [1], it was pointed out to me that it is possible to make two pages on separate subdomains communicate without either setting their document.domain by proxing the communication through pages that have set their document.domain. There is a demo of this at [2]. I'm not sure if this is already well-known nor whether it is harmless or not. [1] http://my.opera.com/hallvors/blog/2010/07/13/ebay-versus-security-policy-consistency [2] http://sloth.whyi.org/~jl/cross-domain.html
Received on Wednesday, 14 July 2010 02:39:42 UTC