[html5] r4630 - [giow] (0) Block pushState() and replaceState() from changing URLs when used by [...]

whatwg at whatwg.org whatwg at whatwg.org
Wed Jan 27 15:06:54 PST 2010


Author: ianh
Date: 2010-01-27 15:06:52 -0800 (Wed, 27 Jan 2010)
New Revision: 4630

Modified:
   complete.html
   index
   source
Log:
[giow] (0) Block pushState() and replaceState() from changing URLs when used by text/html-sandboxed content, to prevent them from spoofing other pages on the same origin.

Modified: complete.html
===================================================================
--- complete.html	2010-01-27 22:34:17 UTC (rev 4629)
+++ complete.html	2010-01-27 23:06:52 UTC (rev 4630)
@@ -56009,7 +56009,16 @@
      raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception and abort these
      steps.</li>
 
-    </ol><p>For the purposes of the comparison in the above substeps, the
+     <li>If the <a href=#origin>origin</a> of the resulting <a href=#absolute-url>absolute
+     URL</a> is not the same as the <a href=#origin>origin</a> of the
+     <a href=#entry-script>entry script</a>'s <code title="script's browsing
+     context"><a href="#script's-browsing-context">browsing context, and either the <span title=url-path><path></span> or <span title=url-query><query></span> components of the two
+     <span title=URL>URLs</span> comparedi in the previous step
+     differ, raise a <code>SECURITY_ERR</code> exception and abort
+     these steps. (This prevents sandboxed content from spoofing other
+     pages on the same origin.)</a></code></li>
+
+    </ol><p>For the purposes of the comparisons in the above substeps, the
     <a href=#url-path title=url-path><path></a> and <a href=#url-query title=url-query><query></a> components can only be the
     same if the URLs use a hierarchical <a href=#url-scheme title=url-scheme><scheme></a>.</p>
 

Modified: index
===================================================================
--- index	2010-01-27 22:34:17 UTC (rev 4629)
+++ index	2010-01-27 23:06:52 UTC (rev 4630)
@@ -55923,7 +55923,16 @@
      raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception and abort these
      steps.</li>
 
-    </ol><p>For the purposes of the comparison in the above substeps, the
+     <li>If the <a href=#origin>origin</a> of the resulting <a href=#absolute-url>absolute
+     URL</a> is not the same as the <a href=#origin>origin</a> of the
+     <a href=#entry-script>entry script</a>'s <code title="script's browsing
+     context"><a href="#script's-browsing-context">browsing context, and either the <span title=url-path><path></span> or <span title=url-query><query></span> components of the two
+     <span title=URL>URLs</span> comparedi in the previous step
+     differ, raise a <code>SECURITY_ERR</code> exception and abort
+     these steps. (This prevents sandboxed content from spoofing other
+     pages on the same origin.)</a></code></li>
+
+    </ol><p>For the purposes of the comparisons in the above substeps, the
     <a href=#url-path title=url-path><path></a> and <a href=#url-query title=url-query><query></a> components can only be the
     same if the URLs use a hierarchical <a href=#url-scheme title=url-scheme><scheme></a>.</p>
 

Modified: source
===================================================================
--- source	2010-01-27 22:34:17 UTC (rev 4629)
+++ source	2010-01-27 23:06:52 UTC (rev 4630)
@@ -63294,9 +63294,20 @@
      raise a <code>SECURITY_ERR</code> exception and abort these
      steps.</li>
 
+     <li>If the <span>origin</span> of the resulting <span>absolute
+     URL</span> is not the same as the <span>origin</span> of the
+     <span>entry script</span>'s <code title="script's browsing
+     context">browsing context</span>, and either the <span
+     title="url-path"><path></span> or <span
+     title="url-query"><query></span> components of the two
+     <span title="URL">URLs</span> comparedi in the previous step
+     differ, raise a <code>SECURITY_ERR</code> exception and abort
+     these steps. (This prevents sandboxed content from spoofing other
+     pages on the same origin.)</li>
+
     </ol>
 
-    <p>For the purposes of the comparison in the above substeps, the
+    <p>For the purposes of the comparisons in the above substeps, the
     <span title="url-path"><path></span> and <span
     title="url-query"><query></span> components can only be the
     same if the URLs use a hierarchical <span




More information about the Commit-Watchers mailing list