- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 14 Jul 2010 14:04:12 -0700
This is well-known http://www.collinjackson.com/research/papers/fp801-jackson.pdf but not a good idea (see Section 4.4): http://www.adambarth.com/papers/2009/barth-weinberger-song.pdf Adam On Wed, Jul 14, 2010 at 2:39 AM, James Graham <jgraham at opera.com> wrote: > Following some discussion of [1], it was pointed out to me that it is > possible to make two pages on separate subdomains communicate without either > setting their document.domain by proxing the communication through pages > that have set their document.domain. There is a demo of this at [2]. > > I'm not sure if this is already well-known nor whether it is harmless or > not. > > [1] > http://my.opera.com/hallvors/blog/2010/07/13/ebay-versus-security-policy-consistency > [2] http://sloth.whyi.org/~jl/cross-domain.html >
Received on Wednesday, 14 July 2010 14:04:12 UTC