Evaluate making `document.domain` nullable. |
|||
Issue descriptionThere might be a reasonable use case for nulling out `document.domain` in order to prevent a document from being able to access the DOM of other documents served from the same physical origin (by walking the frame tree of its embedder, for example). Let's play around with this to see if it actually solves the problem. If so, I'll formalize the proposal.
,
Nov 10 2017
,
Feb 18 2018
|
|||
►
Sign in to add a comment |
|||
Comment 1 by bugdroid1@chromium.org
, Jun 14 2017