Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

On Wed, 9 Jan 2013, Boris Zbarsky wrote:

> On 1/9/13 4:12 PM, Adam Barth wrote:
>>>    window.addEventListener.call(otherWindow, "click", function() {});
>> 
>> This example does not appear to throw an exception in Chrome.  It
>> appears to just returns undefined without doing anything (except
>> logging a security error to the debug console).
>
> Hmm.  I may be able to convince that turning security errors like this into 
> silent no-ops returning undefined is ok, but throwing an exception seems like 
> a much better idea to me if you're going to completely not do what you were 
> asked to do...  The other option introduces hard-to-debug bugs.

FWIW I have run into this behaviour in WebKit in the context of using the 
platform, and I considered it very user-hostile.

Received on Wednesday, 9 January 2013 22:26:29 UTC