brendan at mozilla.com
Thu Aug 1 13:27:48 PDT 2013
Boris Zbarsky wrote:
> On 8/1/13 1:50 PM, Brendan Eich wrote:
>> How so? Can you give an example where Gecko doesn't do what the spec
> Gecko revokes access to properties of all objects when you change
> document.domain, but per spec only access to properties of Window and
> Document should be revoked.
Ok, but Hixie was contrasting with a process-isolated implementation. It
seems that would have to revoke everything too, or do remote proxies, or
I agree the spec is too much about "intersection semantics" or "the
least that can be required based on browsers" (in 2008? Has nothing
evolved?). We should talk about what to spec that's agreeable to the
majors and better for security.
More information about the es-discuss