On Feb 4, 2013, at 5:04 AM, Mike West <mk...@chromium.org> wrote: > Way back in the depths of 2010, Mihai suggested that we begin to throw > exceptions when accessing Location properties across origins[1]. Currently, > we log a "Unsafe JavaScript attempt to access..." message to the console, and > return null. Hit http://talkingpointsmemo.com/ with the console open for an > example of how this can get out of hand. > > At the moment, IE, Firefox, and Opera all throw an exception here, and the > spec agrees with this behavior[2]. Given this bifurcation, developers are > generally forced to have two paths for code that touches Location: one for > WebKit, one for everyone else. They're generally not able to avoid the error > message (though `ancestorOrigins` should now address some of the use case), > which is a bit annoying.
If Web developers legitimately have a reason to touch Location properties without knowing if it's allowed, then the exception approach seems better. Also better to align with other UAs. - Maciej > > Anecdotally, I see this message quite often when browsing around with the > console open in Canary, and practically never when doing the same in Firefox. > This is something I'd like to address. > > I've resurrected the JSC side of Mihai's old patch[3], where this was > discussed some more. Before getting too far along with that, however: Maciej, > Sam, others, WDYT? > > [1]: https://lists.webkit.org/pipermail/webkit-dev/2010-August/013880.html > [2]: > http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#security-location > [3]: https://bugs.webkit.org/show_bug.cgi?id=43891 > > -mike > _______________________________________________ > webkit-dev mailing list > webkit-dev@lists.webkit.org > https://lists.webkit.org/mailman/listinfo/webkit-dev
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
