- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 09 Jan 2013 15:23:35 -0500
- To: Adam Barth <w3c@adambarth.com>
- Cc: whatwg <whatwg@lists.whatwg.org>, Ian Hickson <ian@hixie.ch>
On 1/9/13 3:12 PM, Adam Barth wrote:
> As I've stated several times on this thread (any many times over the
> years), my opinion is that we should not expose an asymmetric access
> relation to the web platform.
OK, let's agree to disagree on this one for now.
Do we at least agree that this code:
window.addEventListener.call(otherWindow, "click", function() {});
should throw if and only window and otherWindow are not same-origin (for
some definition of same-origin, now that we have several different
origins involved...)? And if we do, do we agree that this needs to be
specified somewhere?
-Boris
Received on Wednesday, 9 January 2013 20:24:45 UTC