Dialog focusing steps same origin check #5105
Comments
annevk
added
needs tests
|
The https://html.spec.whatwg.org/multipage/interaction.html#the-autofocus-attribute:same-origin https://html.spec.whatwg.org/multipage/interactive-elements.html#the-dialog-element:same-origin I suppose there's a reason |
|
Autofocus has used same-origin since before #4763 when it was rewritten, i.e. that rewrite just preserved it. The check on the entire ancestor chain was introduced in #6204. There was some discussion at the time as to whether it was necessary, and I guess I pushed for it. The motivation was to avoid a cross-origin information leak, in nesting cases like A1 -> B -> A2. See #6204 (comment) . I think that same motivation applies to dialog, and so it was an oversight that dialog was not updated. As for same origin vs. same origin-domain, I think there would be no problem with loosening it to same origin-domain, since same origin-domain pages leak information and collaborate already. It's more just a question as to whether we want to be consistent (and thus use same origin-domain) or start moving away from that world as part of |
Should this be same origin or same origin-domain?
cc @rakina
The text was updated successfully, but these errors were encountered: