| http://www.w3.org/ns/prov#value | - No, I just meant in the way they are commonly used (i.e., called with |this| bound to frames[0].location). You would get exactly the same results via window.location.replace.call(frames[0].location, ...). That's, in fact, one of the ways to see that this approach is secure. You never give a cross-origin script any objects that it didn't already have access to, which means you are not leaking anything
|
