W3C home > Mailing lists > Public > whatwg@whatwg.org > December 2012

Re: [whatwg] SecurityError with parent, top, window, self and opener members of Window

From: Ian Hickson <ian@hixie.ch>
Date: Sat, 29 Dec 2012 07:40:24 +0000 (UTC)
To: Andrew Oakley <andrew@ado.is-a-geek.net>
Message-ID: <Pine.LNX.4.64.1212290738510.16292@ps20323.dreamhostps.com>
Cc: whatwg@lists.whatwg.org
On Tue, 6 Nov 2012, Andrew Oakley wrote:
>
> The specification seems to indicate that a SecurityError exception 
> should be thrown when the parent, top, window, self and opener 
> properties of a Window object are access by scripts with a different 
> effective script origin.  Some testing in Chrome, Firefox, IE and Opera 
> indicates that this is not what the browsers actually do.
> 
> I can't see any reason why we can't allow access to these properties, 
> should they be in the list of exceptions in section 6.2.1?

Yup, thanks. Fixed.


> Are there any more properties that should be in the list?

Maybe. I haven't tried to explicitly figure out what should be listed, 
I've mostly been hoping to just hear about what's critical by having 
people notice it when the spec is wrong. :-) I don't want to add too many 
things to this list, each one can be a security risk...

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Saturday, 29 December 2012 07:40:58 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:50 UTC