- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 9 Jan 2013 22:28:37 +0100
- To: Boris Zbarsky <bzbarsky@mit.edu>
- Cc: whatwg@lists.whatwg.org
On Tue, Jan 8, 2013 at 7:46 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote: > Actually, that's not enough. You have to security-check arguments too. > Otherwise this: > > document.createTreeWalker(crossFrameDoc, etc); > > would be bad. (Note that right now the DOM spec fails to handle this, which > is about what I would expect out of people creating APIs, which is why I > would really prefer we define this on a low level where people can't screw > up by forgetting it.) You didn't file a bug on this I think. I did think HTML handled this already though which is why it is not addressed in the DOM specification. -- http://annevankesteren.nl/
Received on Wednesday, 9 January 2013 21:29:04 UTC