https://www.w3.org/Bugs/Public/show_bug.cgi?id=28086
Bug ID: 28086
Summary: [Shadow] (assuming iframes should work inside shadow
DOM) Should the contentWindow objects of iframes in
shadow DOM show up in window.frames?
Produc
> On Feb 23, 2015, at 6:42 AM, Boris Zbarsky wrote:
>
> On 2/23/15 4:27 AM, Anne van Kesteren wrote:
>
>> 1) If we run the constructor synchronously, even during cloning. If
>> the constructor did something unexpected, is that actually
>> problematic? It is not immediately clear to me what inva
On Mon, Feb 23, 2015 at 11:06 AM, Anne van Kesteren wrote:
> On Mon, Feb 23, 2015 at 7:55 PM, Jonas Sicking wrote:
>> A lot websites accidentally enabled cross-origin requests with
>> cookies. Not realizing that that enabled attackers to make requests
>> that had side-effects as well as read pers
On Mon, Feb 23, 2015 at 7:55 PM, Jonas Sicking wrote:
> A lot websites accidentally enabled cross-origin requests with
> cookies. Not realizing that that enabled attackers to make requests
> that had side-effects as well as read personal user data without user
> permission.
>
> In short, it was ve
On Fri, Feb 20, 2015 at 11:43 PM, Anne van Kesteren wrote:
> On Fri, Feb 20, 2015 at 9:38 PM, Jonas Sicking wrote:
>> On Fri, Feb 20, 2015 at 1:05 AM, Anne van Kesteren wrote:
>>> An alternative is that we attempt to introduce
>>> Access-Control-Policy-Path again from 2008. The problems you rais
On Sat, Feb 21, 2015 at 11:18 PM, Anne van Kesteren wrote:
> On Sat, Feb 21, 2015 at 10:17 AM, Martin Thomson
> wrote:
>> On 21 February 2015 at 20:43, Anne van Kesteren wrote:
>>> High-byte of what? A URL is within ASCII range when it reaches the
>>> server. This is the first time I hear of thi
On Mon, Feb 23, 2015 at 7:15 AM, Henri Sivonen wrote:
> On Tue, Feb 17, 2015 at 9:31 PM, Brad Hill wrote:
>> I think it is at least worth discussing the relative merits of using a
>> resource published under /.well-known for such use cases, vs. sending
>> "pinned" headers with every single resour
On Tue, Feb 17, 2015 at 9:31 PM, Brad Hill wrote:
> I think it is at least worth discussing the relative merits of using a
> resource published under /.well-known for such use cases, vs. sending
> "pinned" headers with every single resource.
FWIW, when CORS was designed, the Flash crossdomain.xml
On 2/23/15 4:27 AM, Anne van Kesteren wrote:
1) If we run the constructor synchronously, even during cloning. If
the constructor did something unexpected, is that actually
problematic? It is not immediately clear to me what invariants we
might want to preserve. Possibly it's just that the code w
I've been continuing to explore synchronous constructors for custom
elements as they explain the parser best. After reading through
https://speakerdeck.com/vjeux/oscon-react-architecture I thought there
might be a performance concern, but Yehuda tells me that innerHTML
being faster than DOM methods
10 matches
Mail list logo