We should throw a SecurityError when denying setting a cross-origin Window property: - https://html.spec.whatwg.org/#crossoriginset-(-o,-p,-v,-receiver-) - https://html.spec.whatwg.org/#crossorigingetownpropertyhelper-(-o,-p-) e.g. crossOriginWindow.name = "" should throw. Firefox and Chrome already throw but WebKit merely ignores the call and logs an error message.
Created attachment 287324 [details] Patch
Comment on attachment 287324 [details] Patch r=me I do not envy you the app compatibility bugs that will track back to this change.
(In reply to comment #2) > Comment on attachment 287324 [details] > Patch > > r=me > > I do not envy you the app compatibility bugs that will track back to this > change. Well, if it does not work out, we can always scale back the change. Given the behavior of other browsers, I think it is worth giving it a try.
Comment on attachment 287324 [details] Patch Clearing flags on attachment: 287324 Committed r205148: <http://trac.webkit.org/changeset/205148>
All reviewed patches have been landed. Closing bug.