Ian Hickson wrote:
On Wed, 30 Apr 2008, Jonas Sicking wrote:
The aliasing behaviour seems really dodgy. I've specced the copying
behaviour, which also matches Opera.
The reason you want to use aliasing is in a situation like this (file
loaded from www.example.com) :
<html>
<body>
<iframe id=f></iframe>
<script>
onload = function() {
document.domain = "example.com";
document.getElementById('f').contentDocument.write("hello world");
}
</script>
</body>
</html>
the document.domain call changes the outer documents principal. If there
was no aliasing then the .write call would result in a security
exception stating that content from "example.com" doesn't have access to
"www.example.com".
Yes, you want a security exception there. That's what IE does, in fact.
(Opera too.)
Why do you want that? That seems very counter intuitive to me (though
unfortunately lots of document.domain behavior is).
/ Jonas
