On major browsers (tested on FF5, Chrome 11 and Opera 11.11), window.frames ===
window. This could be a way for a script writer to access the global object
without having been invited to.
For instance, in:
-----
(function(){
return ({}).toString.call(frames);
})();
-----
The "frames" identifier resolves into the global object.
Return value is "[Object Window]"
Original issue reported on code.google.com by david.br...@labri.fr on 25 Jun 2011 at 12:17
Original issue reported on code.google.com by
david.br...@labri.fron 25 Jun 2011 at 12:17