On 4/2/12 2:50 AM, Simon Pieters wrote:
I can find:
"User agents must throw a SecurityError exception whenever any
properties of a Document object are accessed by scripts whose effective
script origin is not the same as the Document's effective script origin."
http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#documents
Yeah. That sort of language is needed somewhere for all objects, not
just Documents.
I don't know how well this matches reality though.
Reasonably well, last I checked, for window and document.
It seems the spec forbids access to iframe.contentWindow.document but
allows iframe.contentDocument.
Yes. That's largely what implementations do...
-Boris
