On Tue, 21 Jun 2011 23:42:32 +0900, Boris Zbarsky bzbar...@mit.edu wrote:
On 6/21/11 5:21 AM, Hallvord R. M. Steen wrote:
Another issue I noticed is in the text under the heading the
javascript: URL scheme - specifically the last otherwise part of the
text. This is about trying to navigate a
On 6/22/11 11:51 AM, Hallvord R. M. Steen wrote:
Opera actually does a check earlier - there is an origin check if a
script attempts to set location / location.href to a string that starts
with javascript:.
That's fine, as long as there is _also_ a check right before the script
runs.
(This
On 6/21/11 5:21 AM, Hallvord R. M. Steen wrote:
Another issue I noticed is in the text under the heading the
javascript: URL scheme - specifically the last otherwise part of the
text. This is about trying to navigate a window from a different origin
to a javascript: URL. Don't we expect a