W3C home > Mailing lists > Public > whatwg@whatwg.org > December 2012

Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Sat, 15 Dec 2012 22:06:38 -0500
Message-ID: <50CD3ABE.6040007@mit.edu>
To: whatwg@lists.whatwg.org
On 12/15/12 8:33 PM, Jonas Sicking wrote:
> An "easy" solution would be to just return null for .contentDocument
> in the case of cross-origin iframes.

Even if that were web-compatible (which is not obvious), that doesn't 
solve the problem of doing the same sort of thing with .contentWindow.

-Boris
Received on Sunday, 16 December 2012 03:07:07 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:50 UTC