- From: Ian Hickson <ian@hixie.ch>
- Date: Sat, 29 Dec 2012 07:40:24 +0000 (UTC)
- To: Andrew Oakley <andrew@ado.is-a-geek.net>
- Cc: whatwg@lists.whatwg.org
On Tue, 6 Nov 2012, Andrew Oakley wrote: > > The specification seems to indicate that a SecurityError exception > should be thrown when the parent, top, window, self and opener > properties of a Window object are access by scripts with a different > effective script origin. Some testing in Chrome, Firefox, IE and Opera > indicates that this is not what the browsers actually do. > > I can't see any reason why we can't allow access to these properties, > should they be in the list of exceptions in section 6.2.1? Yup, thanks. Fixed. > Are there any more properties that should be in the list? Maybe. I haven't tried to explicitly figure out what should be listed, I've mostly been hoping to just hear about what's critical by having people notice it when the spec is wrong. :-) I don't want to add too many things to this list, each one can be a security risk... -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Saturday, 29 December 2012 07:40:58 UTC