- From: João Eiras <joao.eiras@gmail.com>
- Date: Wed, 15 Jan 2014 18:18:12 +0100
- To: www-dom@w3.org
On Wed, Jan 15, 2014 at 4:34 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote: > On 1/15/14 8:00 AM, João Eiras wrote: >> >> From what I understood, if I have some navigation action from A to B >> with a data uri, B will inherit the origin from A > > > How are you doing the navigation, exactly? > top.document.getElementsByTagName('iframe')[...].src="data:..."; >> Is there any >> situation where the script would be in a different origin from A ? The >> only thing I came up with was fiddling with document.domain > > > I believe that's correct for the origin bits. > > But note that there are things other than origin that we may want to inherit > here. For example, CSP settings. > Hum... I did not understand the answer. Again "How can a script in B trigger a navigation in A while having a different origin? What's the setup between A and B ?" > >> have A still, have a third C document in an iframe which runs in a >> sub-domain >> of A, assign document.domain and run a script in C which tells A to >> navigate to the data uri. > > > I think that testcase is backwards. You want to run a script in C (whether > triggered by A or not) and that script directly navigates B. In that > situation B will alias the origin of C. > Well, that's what I said: C would tell A to navigate B (actually A is too much there, C would navigate B). > >> In what other ways is this possible to test ? What's the use case for >> this ? > > > The use case for data: URIs aliasing origins at all? Or for the specific > determination of which origin to alias when you're navigated from JS and the > callstack has stackframes from different origins? > The second question please. I think the first one is pretty standard and understood by now.
Received on Wednesday, 15 January 2014 17:19:23 UTC