Re: [whatwg] Disabling document.domain setting on iframe@sandbox (especially with allow-same-origin)

Fri, 02 Aug 2013 19:39:25 -0700 

On 8/2/13 10:35 PM, Ian Hickson wrote:

Honestly, though, at the point
where you're able to trick a similar-origin site into changing
document.domain so you can attack it



document.domain was not involved in any way in the cross-site issues 
I've pointed out to you recently.


-Boris






















					Reply via email to