I wonder if we can use `document.domain` as a hardening mechanism, allowing same-origin docs to distrust each other:https://github.com/whatwg/html/issues/2757 …
-
-
My assumption is that a trivial change to existing infrastructure will be more easily implemented than an entirely new feature.
-
I don't like the SOP-relaxing functionality `document.domain` provides. It seems much less bad to use it to impose new restrictions.
-
Would those restrictions be worthy enough to keep it around though? The guidance so far has been untrusted content goes to other origin.
-
I sketched out one specific use case in https://github.com/whatwg/html/issues/2757#issuecomment-308539157 …, which seems reasonable to find some way to address.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.