On 2011-06-17 06:32, Boris Zbarsky wrote:
On 6/17/11 12:03 AM, Mykyta Yevstifeyev wrote:
not
clearly compatible with the web security model,
How?
"about:blank" in particular is magic with respect to security on the web
in various ways (e.g. it can end up same-origin with http:// pages). So
I think we do need to specify exactly when this magic security behavior
takes place.
The spec is not meant to imply that the special same-origin behaviour
for about:blank is to be inherited by any other about URI, even if other
URIs also return a blank document. Perhaps, I need to make that clearer
in the spec.
--
Lachlan Hunt - Opera Software
http://lachy.id.au/
http://www.opera.com/
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf