Evaluate making `document.domain` nullable.
There might be a reasonable use case for nulling out `document.domain`
in order to prevent a document from being able to access the DOM of
other documents served from the same physical origin (by walking the
frame tree of its embedder, for example).
This patch implements `document.domain = null` behind the experimental
flag in order to determine whether or not it solves the problem without
unworkable side-effects. If so, I'll formalize
https://github.com/whatwg/html/issues/2757 into a real patch against
HTML for discussion/
Bug: 733150
Change-Id: Ic6906d17b6e8bcb1882408ac6152ae3dd6f8700a
Reviewed-on: https://chromium-review.googlesource.com/535536
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#479470}7 files changed
