On 1/9/13 3:12 PM, Adam Barth wrote:
As I've stated several times on this thread (any many times over the
years), my opinion is that we should not expose an asymmetric access
relation to the web platform.

OK, let's agree to disagree on this one for now.

Do we at least agree that this code:

  window.addEventListener.call(otherWindow, "click", function() {});

should throw if and only window and otherWindow are not same-origin (for some definition of same-origin, now that we have several different origins involved...)? And if we do, do we agree that this needs to be specified somewhere?

-Boris

Reply via email to