- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 10 Jan 2013 00:41:05 +0000 (UTC)
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- Cc: whatwg <whatwg@lists.whatwg.org>, Adam Barth <w3c@adambarth.com>
On Wed, 9 Jan 2013, Boris Zbarsky wrote: > On 1/9/13 4:33 PM, Adam Barth wrote: > > For what it's worth, that doesn't appear to be necessary for web > > compatibility. Any time WebKit would return a Document to a script in > > another origin, WebKit returns null instead. > > The HTML spec requires that property access on documents use effective > script origin for checks. > > Effective script origins are mutable. > > It is in fact possible to get your hands on a document in a different > effective script origin in WebKit (thanks, document.domain). Yeah but in that particular situation it's not a big deal to not have the security check as far as I can tell. So if we can just return null instead, it would allow us to remove those checks. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 10 January 2013 00:41:31 UTC