On 1/9/13 5:19 PM, Adam Barth wrote:
Those checks are neither required for compatibility nor security. The spec might say to perform the checks, but they aren't needed to build a secure, compatible browser.
OK. So what checks do you believe are required, then? Just effective script origin checks on Window?
I would really appreciate it if you would actually describe the security model you think the spec should have instead of us having to guess what parts you think are needed and which parts you think are not needed, with more gotchas and details all the time.
-Boris
