- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 09 Jan 2013 17:24:34 -0500
- To: Adam Barth <w3c@adambarth.com>
- Cc: whatwg <whatwg@lists.whatwg.org>, Ian Hickson <ian@hixie.ch>
On 1/9/13 5:19 PM, Adam Barth wrote: > Those checks are neither required for compatibility nor security. The > spec might say to perform the checks, but they aren't needed to build > a secure, compatible browser. OK. So what checks do you believe are required, then? Just effective script origin checks on Window? I would really appreciate it if you would actually describe the security model you think the spec should have instead of us having to guess what parts you think are needed and which parts you think are not needed, with more gotchas and details all the time. -Boris
Received on Wednesday, 9 January 2013 22:25:03 UTC