JS security and enumerating a Window

[Harri Porten]

On Fri, 25 Oct 2002, Koos Vriezen wrote:

> > I remember some regressions because we used to be a little too strict with
> > the XSS check..

I do remembers finding out something like this, too.

> Don't know, why should JS get a handle to frame of another domain?

Asked the other way: why not ? Maybe some scripting code working inside a
frameset. Just iterating over frames doesn't mean that you'll want to
access it. Dunno.

Harri.