- From: João Eiras <joao.eiras@gmail.com>
- Date: Wed, 15 Jan 2014 18:18:12 +0100
- To: www-dom@w3.org
On Wed, Jan 15, 2014 at 4:34 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 1/15/14 8:00 AM, João Eiras wrote:
>>
>> From what I understood, if I have some navigation action from A to B
>> with a data uri, B will inherit the origin from A
>
>
> How are you doing the navigation, exactly?
>
top.document.getElementsByTagName('iframe')[...].src="data:...";
>> Is there any
>> situation where the script would be in a different origin from A ? The
>> only thing I came up with was fiddling with document.domain
>
>
> I believe that's correct for the origin bits.
>
> But note that there are things other than origin that we may want to inherit
> here. For example, CSP settings.
>
Hum... I did not understand the answer. Again "How can a script in B
trigger a navigation in A while having a different origin? What's the
setup between A and B ?"
>
>> have A still, have a third C document in an iframe which runs in a
>> sub-domain
>> of A, assign document.domain and run a script in C which tells A to
>> navigate to the data uri.
>
>
> I think that testcase is backwards. You want to run a script in C (whether
> triggered by A or not) and that script directly navigates B. In that
> situation B will alias the origin of C.
>
Well, that's what I said: C would tell A to navigate B (actually A is
too much there, C would navigate B).
>
>> In what other ways is this possible to test ? What's the use case for
>> this ?
>
>
> The use case for data: URIs aliasing origins at all? Or for the specific
> determination of which origin to alias when you're navigated from JS and the
> callstack has stackframes from different origins?
>
The second question please. I think the first one is pretty standard
and understood by now.
Received on Wednesday, 15 January 2014 17:19:23 UTC