- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 15 Jan 2014 10:34:15 -0500
- To: www-dom@w3.org
On 1/15/14 8:00 AM, Joćo Eiras wrote: > From what I understood, if I have some navigation action from A to B > with a data uri, B will inherit the origin from A How are you doing the navigation, exactly? > But if that navigation action is triggered by a script, B > will inherit the origin of the Window under which the script ran. Correct ? It will alias the origin and effective script origin of whatever window was incumbent at the point the navigation was triggered. > Is there any > situation where the script would be in a different origin from A ? The > only thing I came up with was fiddling with document.domain I believe that's correct for the origin bits. But note that there are things other than origin that we may want to inherit here. For example, CSP settings. > have A still, have a third C document in an iframe which runs in a sub-domain > of A, assign document.domain and run a script in C which tells A to > navigate to the data uri. I think that testcase is backwards. You want to run a script in C (whether triggered by A or not) and that script directly navigates B. In that situation B will alias the origin of C. > In what other ways is this possible to test ? What's the use case for > this ? The use case for data: URIs aliasing origins at all? Or for the specific determination of which origin to alias when you're navigated from JS and the callstack has stackframes from different origins? -Boris
Received on Wednesday, 15 January 2014 15:34:43 UTC