Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

On 12/15/12 8:33 PM, Jonas Sicking wrote:
> An "easy" solution would be to just return null for .contentDocument
> in the case of cross-origin iframes.

Even if that were web-compatible (which is not obvious), that doesn't 
solve the problem of doing the same sort of thing with .contentWindow.

-Boris

Received on Sunday, 16 December 2012 03:07:07 UTC