[Tracking Requested - why for this release]: [Tracking Requested - why for this release]: [Tracking Requested - why for this release]: [Tracking Requested - why for this release]: So the specific testcase here is, starting with A and B same-origin windows and then changing `document.domain` in B but not A: ``` A.alert.call(B); ``` Per spec this should throw an exception, as follows: https://heycam.github.io/webidl/#dfn-create-operation-function step 2.1.2.2 calls into https://html.spec.whatwg.org/multipage#integration-with-idl:perform-a-security-check which for Window and Location objects checks `IsPlatformObjectSameOrigin` before allowing access. Similar for https://heycam.github.io/webidl/#dfn-attribute-getter step 1.1.2.2 and https://heycam.github.io/webidl/#dfn-attribute-setter step 4.5.2. We don't end up doing this check when A and B are same-compartment right now (we do do it if they are in different compartments). This is a regression from bug 1514050, as far as I can tell.
Bug 1582857 Comment 1 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
[Tracking Requested - why for this release]: Security regression, sort of. So the specific testcase here is, starting with A and B same-origin windows and then changing `document.domain` in B but not A: ``` A.alert.call(B); ``` Per spec this should throw an exception, as follows: https://heycam.github.io/webidl/#dfn-create-operation-function step 2.1.2.2 calls into https://html.spec.whatwg.org/multipage#integration-with-idl:perform-a-security-check which for Window and Location objects checks `IsPlatformObjectSameOrigin` before allowing access. Similar for https://heycam.github.io/webidl/#dfn-attribute-getter step 1.1.2.2 and https://heycam.github.io/webidl/#dfn-attribute-setter step 4.5.2. We don't end up doing this check when A and B are same-compartment right now (we do do it if they are in different compartments). This is a regression from bug 1514050, as far as I can tell.