2.1.103 [HTML5:2014] Section 5.2.1 Security

V0247: Many functions do not throw SecurityError exception when accessed from a different origin

The specification states:

 5.2.1 Security
     ...
     User agents must throw a SecurityError exception whenever any properties of a Window 
     object are accessed when the incumbent settings object specifies an effective script 
     origin that is not the same as the Window object's Document's effective script 
     origin, with the following exceptions:

IE11 Mode, IE10 Mode, IE9 Mode, IE8 Mode, IE7 Mode, and IE5 (Quirks) Mode (All versions)

The functions alert, confirm, open, print, prompt and stop do not throw a SecurityError exception when accessed from a different origin.

V0246: Many attributes do not throw a SecurityError exception when accessed from a different origin

The specification states:

 5.2.1 Security
     ...
     User agents must throw a SecurityError exception whenever any properties of a Window 
     object are accessed when the incumbent settings object specifies an effective script 
     origin that is not the same as the Window object's Document's effective script 
     origin, with the following exceptions:

IE11 Mode, IE10 Mode, IE9 Mode, IE8 Mode, IE7 Mode, and IE5 (Quirks) Mode (All versions)

Attributes applicationCache, document, external, frameElement, history, locationbar, menubar, name, navigator, personalbar, scrollbars, statusbar, status, and toolbar do not throw a SecurityError exception when accessed from a different origin.

V0248: Events do not throw a SecurityError exception when accessed from a different origin

The specification states:

 5.2.1 Security
     ...
     User agents must throw a SecurityError exception whenever any properties of a Window 
     object are accessed when the incumbent settings object specifies an effective script 
     origin that is not the same as the Window object's Document's effective script 
     origin, with the following exceptions:

IE11 Mode, IE10 Mode, IE9 Mode, IE8 Mode, IE7 Mode, and IE5 (Quirks) Mode (All versions)

Events do not throw a SecurityError exception when accessed from a different origin