Consider renaming unsafe-postmessage-* to unsafe-window-postmessage-*

w3c / webappsec-suborigins

Suborigins

https://w3c.github.io/webappsec-suborigins/

Other

25 stars 9 forks source link

Consider renaming unsafe-postmessage-* to unsafe-window-postmessage-* #77

Open annevk opened 7 years ago

annevk commented 7 years ago

As far as I can tell no other postMessage() method has this particular problem. The others follow a capability model (or are same-origin restricted).