- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 19 Sep 2012 03:19:44 +0000 (UTC)
- To: Justin Lebar <justin.lebar@gmail.com>
- Cc: WHAT Working Group <whatwg@whatwg.org>
On Tue, 18 Sep 2012, Justin Lebar wrote: > > The issue isn't a history.back() which crosses origins -- that seems > fine -- but rather calling history.back() on a cross-origin window. > (Sorry that wasn't clear.) Aah, ok. The spec already says that's not allowed. You can't get to the History object of a cross-origin Window: http://www.whatwg.org/specs/web-apps/current-work/#security-window (I forget what the story is if you get a History object from a same-origin Window, then have the browsing context navigated, then use the History object you kept around... I expect it is supposed to work much as if you were to call it on the new, cross-origin, History object, though.) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 19 September 2012 03:20:10 UTC