[webkit-dev] Throwing SECURITY_ERR on cross-origin window.location property accesses (revisited).
mjs at apple.com
Mon Feb 4 09:21:54 PST 2013
On Feb 4, 2013, at 5:04 AM, Mike West <mkwst at chromium.org> wrote:
> At the moment, IE, Firefox, and Opera all throw an exception here, and the spec agrees with this behavior. Given this bifurcation, developers are generally forced to have two paths for code that touches Location: one for WebKit, one for everyone else. They're generally not able to avoid the error message (though `ancestorOrigins` should now address some of the use case), which is a bit annoying.
If Web developers legitimately have a reason to touch Location properties without knowing if it's allowed, then the exception approach seems better. Also better to align with other UAs.
> Anecdotally, I see this message quite often when browsing around with the console open in Canary, and practically never when doing the same in Firefox. This is something I'd like to address.
> I've resurrected the JSC side of Mihai's old patch, where this was discussed some more. Before getting too far along with that, however: Maciej, Sam, others, WDYT?
> : https://lists.webkit.org/pipermail/webkit-dev/2010-August/013880.html
> : http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#security-location
> : https://bugs.webkit.org/show_bug.cgi?id=43891
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-dev