Boris Zbarsky wrote:
On 8/1/13 1:50 PM, Brendan Eich wrote:
How so? Can you give an example where Gecko doesn't do what the spec
says?
Gecko revokes access to properties of all objects when you change
document.domain, but per spec only access to properties of Window and
Document should be revoked.
Ok, but Hixie was contrasting with a process-isolated implementation. It
seems that would have to revoke everything too, or do remote proxies, or
something.
I agree the spec is too much about "intersection semantics" or "the
least that can be required based on browsers" (in 2008? Has nothing
evolved?). We should talk about what to spec that's agreeable to the
majors and better for security.
/be
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
