- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 08 Sep 2010 11:24:01 +0200
On Wed, 08 Sep 2010 11:20:30 +0200, Adam Barth <w3c at adambarth.com> wrote: > The goal of AllowedScripts is not to limit a privilege to a subset of > an origin. Rather, the goal is to prevent an attacker who can inject > markup into a document from executing script. Put another way, if > you're already executing script, then it's not trying to withhold any > privileges. Fair enough. I guess if one page gets compromised all else that is same origin is lost anyway. -- Anne van Kesteren http://annevankesteren.nl/
Received on Wednesday, 8 September 2010 02:24:01 UTC