On Wed, 08 Sep 2010 11:20:30 +0200, Adam Barth <w...@adambarth.com> wrote:
The goal of AllowedScripts is not to limit a privilege to a subset of an origin. Rather, the goal is to prevent an attacker who can inject markup into a document from executing script. Put another way, if you're already executing script, then it's not trying to withhold any privileges.
Fair enough. I guess if one page gets compromised all else that is same origin is lost anyway.
-- Anne van Kesteren http://annevankesteren.nl/
