On Jul 7, 10:44 pm, "jackcha...@gmail.com" wrote:
I know if the frames/windows can't access properties
inside another frame/window that comes from a different
domain. But could this call violate the security
window.parent
if the window comes from a different domain?
That is not a "call", it is a property accessor. There are no security
implications in evaluating the code - window.parent - because the
result of that evaluation is an instance of the internal Reference
type with its 'base' property set to whichever object the Identifier
'window' evaluated as (probably the current window/global object) and
its 'property name' property containing the string 'parent'.
I know it is safe to call window.location.
In some environments perhaps, but there is nothing that suggests that
all - location - objects will be (or should be) callable, and most
certainly are not.