[html5] r4900 - [e] (0) stablise ids for security sections Fixing http://www.w3.org/Bugs/Public/ [...]
whatwg at whatwg.org
whatwg at whatwg.org
Mon Mar 29 18:39:25 PDT 2010
Author: ianh
Date: 2010-03-29 18:39:24 -0700 (Mon, 29 Mar 2010)
New Revision: 4900
Modified:
complete.html
index
source
Log:
[e] (0) stablise ids for security sections
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=9173
Modified: complete.html
===================================================================
--- complete.html 2010-03-30 01:34:10 UTC (rev 4899)
+++ complete.html 2010-03-30 01:39:24 UTC (rev 4900)
@@ -327,7 +327,7 @@
<li><a href=#documents><span class=secno>3.1 </span>Documents</a>
<ol>
<li><a href=#documents-in-the-dom><span class=secno>3.1.1 </span>Documents in the DOM</a></li>
- <li><a href=#security><span class=secno>3.1.2 </span>Security</a></li>
+ <li><a href=#security-document><span class=secno>3.1.2 </span>Security</a></li>
<li><a href=#resource-metadata-management><span class=secno>3.1.3 </span>Resource metadata management</a></li>
<li><a href=#dom-tree-accessors><span class=secno>3.1.4 </span>DOM tree accessors</a></li>
<li><a href=#creating-documents><span class=secno>3.1.5 </span>Creating documents</a></ol></li>
@@ -633,7 +633,7 @@
<li><a href=#definitions><span class=secno>4.10.20.1 </span>Definitions</a></li>
<li><a href=#constraint-validation><span class=secno>4.10.20.2 </span>Constraint validation</a></li>
<li><a href=#the-constraint-validation-api><span class=secno>4.10.20.3 </span>The constraint validation API</a></li>
- <li><a href=#security-0><span class=secno>4.10.20.4 </span>Security</a></ol></li>
+ <li><a href=#security-forms><span class=secno>4.10.20.4 </span>Security</a></ol></li>
<li><a href=#form-submission><span class=secno>4.10.21 </span>Form submission</a>
<ol>
<li><a href=#introduction-1><span class=secno>4.10.21.1 </span>Introduction</a></li>
@@ -764,12 +764,12 @@
<ol>
<li><a href=#navigating-auxiliary-browsing-contexts-in-the-dom><span class=secno>6.1.2.1 </span>Navigating auxiliary browsing contexts in the DOM</a></ol></li>
<li><a href=#secondary-browsing-contexts><span class=secno>6.1.3 </span>Secondary browsing contexts</a></li>
- <li><a href=#security-1><span class=secno>6.1.4 </span>Security</a></li>
+ <li><a href=#security-nav><span class=secno>6.1.4 </span>Security</a></li>
<li><a href=#groupings-of-browsing-contexts><span class=secno>6.1.5 </span>Groupings of browsing contexts</a></li>
<li><a href=#browsing-context-names><span class=secno>6.1.6 </span>Browsing context names</a></ol></li>
<li><a href=#the-window-object><span class=secno>6.2 </span>The <code>Window</code> object</a>
<ol>
- <li><a href=#security-2><span class=secno>6.2.1 </span>Security</a></li>
+ <li><a href=#security-window><span class=secno>6.2.1 </span>Security</a></li>
<li><a href=#apis-for-creating-and-navigating-browsing-contexts-by-name><span class=secno>6.2.2 </span>APIs for creating and navigating browsing contexts by name</a></li>
<li><a href=#accessing-other-browsing-contexts><span class=secno>6.2.3 </span>Accessing other browsing contexts</a></li>
<li><a href=#named-access-on-the-window-object><span class=secno>6.2.4 </span>Named access on the <code>Window</code> object</a></li>
@@ -785,7 +785,7 @@
<li><a href=#the-history-interface><span class=secno>6.4.2 </span>The <code>History</code> interface</a></li>
<li><a href=#the-location-interface><span class=secno>6.4.3 </span>The <code>Location</code> interface</a>
<ol>
- <li><a href=#security-3><span class=secno>6.4.3.1 </span>Security</a></ol></li>
+ <li><a href=#security-location><span class=secno>6.4.3.1 </span>Security</a></ol></li>
<li><a href=#history-notes><span class=secno>6.4.4 </span>Implementation notes for session history</a></ol></li>
<li><a href=#browsing-the-web><span class=secno>6.5 </span>Browsing the Web</a>
<ol>
@@ -1024,7 +1024,7 @@
<li><a href=#crossDocumentMessages><span class=secno>10.4 </span>Cross-document messaging</a>
<ol>
<li><a href=#introduction-8><span class=secno>10.4.1 </span>Introduction</a></li>
- <li><a href=#security-4><span class=secno>10.4.2 </span>Security</a>
+ <li><a href=#security-postmsg><span class=secno>10.4.2 </span>Security</a>
<ol>
<li><a href=#authors><span class=secno>10.4.2.1 </span>Authors</a></li>
<li><a href=#user-agents><span class=secno>10.4.2.2 </span>User agents</a></ol></li>
@@ -1054,7 +1054,7 @@
<ol>
<li><a href=#user-tracking><span class=secno>11.4.1 </span>User tracking</a></li>
<li><a href=#sensitivity-of-data><span class=secno>11.4.2 </span>Sensitivity of data</a></ol></li>
- <li><a href=#security-5><span class=secno>11.5 </span>Security</a>
+ <li><a href=#security-storage><span class=secno>11.5 </span>Security</a>
<ol>
<li><a href=#dns-spoofing-attacks><span class=secno>11.5.1 </span>DNS spoofing attacks</a></li>
<li><a href=#cross-directory-attacks><span class=secno>11.5.2 </span>Cross-directory attacks</a></li>
@@ -7508,9 +7508,9 @@
this interface are described in various different sections.</p>
- <h4 id=security><span class=secno>3.1.2 </span>Security</h4>
+ <h4 id=security-document><span class=secno>3.1.2 </span>Security</h4>
- <p>User agents <span class=impl>must</span> raise a
+ <p id=security>User agents <span class=impl>must</span> raise a
<code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any of the members of
an <code><a href=#htmldocument>HTMLDocument</a></code> object are accessed by scripts whose
<a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same
@@ -41191,13 +41191,13 @@
</div>
- <h5 id=security-0><span class=secno>4.10.20.4 </span>Security</h5>
+ <h5 id=security-forms><span class=secno>4.10.20.4 </span>Security</h5>
- <p>Servers should not rely on client-side validation. Client-side
- validation can be intentionally bypassed by hostile users, and
- unintentionally bypassed by users of older user agents or automated
- tools that do not implement these features. The constraint
- validation features are only intended to improve the user
+ <p id=security-0>Servers should not rely on client-side
+ validation. Client-side validation can be intentionally bypassed by
+ hostile users, and unintentionally bypassed by users of older user
+ agents or automated tools that do not implement these features. The
+ constraint validation features are only intended to improve the user
experience, not to provide any kind of security mechanism.</p>
@@ -53196,12 +53196,11 @@
<div class=impl>
- <h4 id=security-1><span class=secno>6.1.4 </span>Security</h4>
+ <h4 id=security-nav><span class=secno>6.1.4 </span>Security</h4>
- <p>A <a href=#browsing-context>browsing context</a> <var title="">A</var> is
- <dfn id=allowed-to-navigate>allowed to navigate</dfn> a second <a href=#browsing-context>browsing
- context</a> <var title="">B</var> if one of the following
- conditions is true:</p>
+ <p id=security-1>A <a href=#browsing-context>browsing context</a> <var title="">A</var> is <dfn id=allowed-to-navigate>allowed to navigate</dfn> a second
+ <a href=#browsing-context>browsing context</a> <var title="">B</var> if one of the
+ following conditions is true:</p>
<ul><li>Either the <a href=#origin>origin</a> of the <a href=#active-document>active
document</a> of <var title="">A</var> is the <a href=#same-origin title="same
@@ -53558,14 +53557,14 @@
<div class=impl>
- <h4 id=security-2><span class=secno>6.2.1 </span>Security</h4>
+ <h4 id=security-window><span class=secno>6.2.1 </span>Security</h4>
- <p>User agents must raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception
- whenever any of the members of a <code><a href=#window>Window</a></code> object are
- accessed by scripts whose <a href=#effective-script-origin>effective script origin</a> is
- not the same as the <code><a href=#window>Window</a></code> object's
- <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>, with
- the following exceptions:</p>
+ <p id=security-2>User agents must raise a
+ <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any of the members of a
+ <code><a href=#window>Window</a></code> object are accessed by scripts whose
+ <a href=#effective-script-origin>effective script origin</a> is not the same as the
+ <code><a href=#window>Window</a></code> object's <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective
+ script origin</a>, with the following exceptions:</p>
<ul><li>The <code title=dom-location><a href=#dom-location>location</a></code> object
@@ -55276,13 +55275,15 @@
<div class=impl>
- <h5 id=security-3><span class=secno>6.4.3.1 </span>Security</h5>
+ <h5 id=security-location><span class=secno>6.4.3.1 </span>Security</h5>
- <p>User agents must raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever
- any of the members of a <code><a href=#location>Location</a></code> object are accessed by
- scripts whose <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same origin">same</a> as the <code><a href=#location>Location</a></code>
- object's associated <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script
- origin</a>, with the following exceptions:</p>
+ <p id=security-3>User agents must raise a
+ <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any of the members of a
+ <code><a href=#location>Location</a></code> object are accessed by scripts whose
+ <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same
+ origin">same</a> as the <code><a href=#location>Location</a></code> object's associated
+ <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>, with
+ the following exceptions:</p>
<ul><li>The <code title=dom-location-href><a href=#dom-location-href>href</a></code> setter, if the
script is running in a <a href=#browsing-context>browsing context</a> that is
@@ -71054,7 +71055,7 @@
</div>
- <h4 id=security-4><span class=secno>10.4.2 </span>Security</h4>
+ <h4 id=security-postmsg><span class=secno>10.4.2 </span>Security</h4>
<div class=impl>
@@ -71062,9 +71063,9 @@
</div>
- <p class=warning>Use of this API requires extra care to protect
- users from hostile entities abusing a site for their own
- purposes.</p>
+ <p class=warning id=security-4>Use of this API requires extra
+ care to protect users from hostile entities abusing a site for their
+ own purposes.</p>
<p>Authors should check the <code title=dom-MessageEvent-origin><a href=#dom-messageevent-origin>origin</a></code> attribute to ensure
that messages are only accepted from domains that they expect to
@@ -72425,7 +72426,7 @@
it is promptly deleted from the underlying storage.</p>
- <h3 id=security-5><span class=secno>11.5 </span>Security</h3>
+ <h3 id=security-storage><span class=secno>11.5 </span>Security</h3>
<h4 id=dns-spoofing-attacks><span class=secno>11.5.1 </span>DNS spoofing attacks</h4>
Modified: index
===================================================================
--- index 2010-03-30 01:34:10 UTC (rev 4899)
+++ index 2010-03-30 01:39:24 UTC (rev 4900)
@@ -336,7 +336,7 @@
<li><a href=#documents><span class=secno>3.1 </span>Documents</a>
<ol>
<li><a href=#documents-in-the-dom><span class=secno>3.1.1 </span>Documents in the DOM</a></li>
- <li><a href=#security><span class=secno>3.1.2 </span>Security</a></li>
+ <li><a href=#security-document><span class=secno>3.1.2 </span>Security</a></li>
<li><a href=#resource-metadata-management><span class=secno>3.1.3 </span>Resource metadata management</a></li>
<li><a href=#dom-tree-accessors><span class=secno>3.1.4 </span>DOM tree accessors</a></li>
<li><a href=#creating-documents><span class=secno>3.1.5 </span>Creating documents</a></ol></li>
@@ -642,7 +642,7 @@
<li><a href=#definitions><span class=secno>4.10.20.1 </span>Definitions</a></li>
<li><a href=#constraint-validation><span class=secno>4.10.20.2 </span>Constraint validation</a></li>
<li><a href=#the-constraint-validation-api><span class=secno>4.10.20.3 </span>The constraint validation API</a></li>
- <li><a href=#security-0><span class=secno>4.10.20.4 </span>Security</a></ol></li>
+ <li><a href=#security-forms><span class=secno>4.10.20.4 </span>Security</a></ol></li>
<li><a href=#form-submission><span class=secno>4.10.21 </span>Form submission</a>
<ol>
<li><a href=#introduction-1><span class=secno>4.10.21.1 </span>Introduction</a></li>
@@ -773,12 +773,12 @@
<ol>
<li><a href=#navigating-auxiliary-browsing-contexts-in-the-dom><span class=secno>6.1.2.1 </span>Navigating auxiliary browsing contexts in the DOM</a></ol></li>
<li><a href=#secondary-browsing-contexts><span class=secno>6.1.3 </span>Secondary browsing contexts</a></li>
- <li><a href=#security-1><span class=secno>6.1.4 </span>Security</a></li>
+ <li><a href=#security-nav><span class=secno>6.1.4 </span>Security</a></li>
<li><a href=#groupings-of-browsing-contexts><span class=secno>6.1.5 </span>Groupings of browsing contexts</a></li>
<li><a href=#browsing-context-names><span class=secno>6.1.6 </span>Browsing context names</a></ol></li>
<li><a href=#the-window-object><span class=secno>6.2 </span>The <code>Window</code> object</a>
<ol>
- <li><a href=#security-2><span class=secno>6.2.1 </span>Security</a></li>
+ <li><a href=#security-window><span class=secno>6.2.1 </span>Security</a></li>
<li><a href=#apis-for-creating-and-navigating-browsing-contexts-by-name><span class=secno>6.2.2 </span>APIs for creating and navigating browsing contexts by name</a></li>
<li><a href=#accessing-other-browsing-contexts><span class=secno>6.2.3 </span>Accessing other browsing contexts</a></li>
<li><a href=#named-access-on-the-window-object><span class=secno>6.2.4 </span>Named access on the <code>Window</code> object</a></li>
@@ -794,7 +794,7 @@
<li><a href=#the-history-interface><span class=secno>6.4.2 </span>The <code>History</code> interface</a></li>
<li><a href=#the-location-interface><span class=secno>6.4.3 </span>The <code>Location</code> interface</a>
<ol>
- <li><a href=#security-3><span class=secno>6.4.3.1 </span>Security</a></ol></li>
+ <li><a href=#security-location><span class=secno>6.4.3.1 </span>Security</a></ol></li>
<li><a href=#history-notes><span class=secno>6.4.4 </span>Implementation notes for session history</a></ol></li>
<li><a href=#browsing-the-web><span class=secno>6.5 </span>Browsing the Web</a>
<ol>
@@ -918,7 +918,7 @@
<li><a href=#crossDocumentMessages><span class=secno>9.2 </span>Cross-document messaging</a>
<ol>
<li><a href=#introduction-6><span class=secno>9.2.1 </span>Introduction</a></li>
- <li><a href=#security-4><span class=secno>9.2.2 </span>Security</a>
+ <li><a href=#security-postmsg><span class=secno>9.2.2 </span>Security</a>
<ol>
<li><a href=#authors><span class=secno>9.2.2.1 </span>Authors</a></li>
<li><a href=#user-agents><span class=secno>9.2.2.2 </span>User agents</a></ol></li>
@@ -7406,9 +7406,9 @@
this interface are described in various different sections.</p>
- <h4 id=security><span class=secno>3.1.2 </span>Security</h4>
+ <h4 id=security-document><span class=secno>3.1.2 </span>Security</h4>
- <p>User agents <span class=impl>must</span> raise a
+ <p id=security>User agents <span class=impl>must</span> raise a
<code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any of the members of
an <code><a href=#htmldocument>HTMLDocument</a></code> object are accessed by scripts whose
<a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same
@@ -41092,13 +41092,13 @@
</div>
- <h5 id=security-0><span class=secno>4.10.20.4 </span>Security</h5>
+ <h5 id=security-forms><span class=secno>4.10.20.4 </span>Security</h5>
- <p>Servers should not rely on client-side validation. Client-side
- validation can be intentionally bypassed by hostile users, and
- unintentionally bypassed by users of older user agents or automated
- tools that do not implement these features. The constraint
- validation features are only intended to improve the user
+ <p id=security-0>Servers should not rely on client-side
+ validation. Client-side validation can be intentionally bypassed by
+ hostile users, and unintentionally bypassed by users of older user
+ agents or automated tools that do not implement these features. The
+ constraint validation features are only intended to improve the user
experience, not to provide any kind of security mechanism.</p>
@@ -53097,12 +53097,11 @@
<div class=impl>
- <h4 id=security-1><span class=secno>6.1.4 </span>Security</h4>
+ <h4 id=security-nav><span class=secno>6.1.4 </span>Security</h4>
- <p>A <a href=#browsing-context>browsing context</a> <var title="">A</var> is
- <dfn id=allowed-to-navigate>allowed to navigate</dfn> a second <a href=#browsing-context>browsing
- context</a> <var title="">B</var> if one of the following
- conditions is true:</p>
+ <p id=security-1>A <a href=#browsing-context>browsing context</a> <var title="">A</var> is <dfn id=allowed-to-navigate>allowed to navigate</dfn> a second
+ <a href=#browsing-context>browsing context</a> <var title="">B</var> if one of the
+ following conditions is true:</p>
<ul><li>Either the <a href=#origin>origin</a> of the <a href=#active-document>active
document</a> of <var title="">A</var> is the <a href=#same-origin title="same
@@ -53459,14 +53458,14 @@
<div class=impl>
- <h4 id=security-2><span class=secno>6.2.1 </span>Security</h4>
+ <h4 id=security-window><span class=secno>6.2.1 </span>Security</h4>
- <p>User agents must raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception
- whenever any of the members of a <code><a href=#window>Window</a></code> object are
- accessed by scripts whose <a href=#effective-script-origin>effective script origin</a> is
- not the same as the <code><a href=#window>Window</a></code> object's
- <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>, with
- the following exceptions:</p>
+ <p id=security-2>User agents must raise a
+ <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any of the members of a
+ <code><a href=#window>Window</a></code> object are accessed by scripts whose
+ <a href=#effective-script-origin>effective script origin</a> is not the same as the
+ <code><a href=#window>Window</a></code> object's <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective
+ script origin</a>, with the following exceptions:</p>
<ul><li>The <code title=dom-location><a href=#dom-location>location</a></code> object
@@ -55177,13 +55176,15 @@
<div class=impl>
- <h5 id=security-3><span class=secno>6.4.3.1 </span>Security</h5>
+ <h5 id=security-location><span class=secno>6.4.3.1 </span>Security</h5>
- <p>User agents must raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever
- any of the members of a <code><a href=#location>Location</a></code> object are accessed by
- scripts whose <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same origin">same</a> as the <code><a href=#location>Location</a></code>
- object's associated <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script
- origin</a>, with the following exceptions:</p>
+ <p id=security-3>User agents must raise a
+ <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any of the members of a
+ <code><a href=#location>Location</a></code> object are accessed by scripts whose
+ <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same
+ origin">same</a> as the <code><a href=#location>Location</a></code> object's associated
+ <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>, with
+ the following exceptions:</p>
<ul><li>The <code title=dom-location-href><a href=#dom-location-href>href</a></code> setter, if the
script is running in a <a href=#browsing-context>browsing context</a> that is
@@ -65037,7 +65038,7 @@
</div>
- <h4 id=security-4><span class=secno>9.2.2 </span>Security</h4>
+ <h4 id=security-postmsg><span class=secno>9.2.2 </span>Security</h4>
<div class=impl>
@@ -65045,9 +65046,9 @@
</div>
- <p class=warning>Use of this API requires extra care to protect
- users from hostile entities abusing a site for their own
- purposes.</p>
+ <p class=warning id=security-4>Use of this API requires extra
+ care to protect users from hostile entities abusing a site for their
+ own purposes.</p>
<p>Authors should check the <code title=dom-MessageEvent-origin><a href=#dom-messageevent-origin>origin</a></code> attribute to ensure
that messages are only accepted from domains that they expect to
Modified: source
===================================================================
--- source 2010-03-30 01:34:10 UTC (rev 4899)
+++ source 2010-03-30 01:39:24 UTC (rev 4900)
@@ -7282,9 +7282,9 @@
this interface are described in various different sections.</p>
- <h4>Security</h4>
+ <h4 id="security-document">Security</h4>
- <p>User agents <span class="impl">must</span> raise a
+ <p id="security">User agents <span class="impl">must</span> raise a
<code>SECURITY_ERR</code> exception whenever any of the members of
an <code>HTMLDocument</code> object are accessed by scripts whose
<span>effective script origin</span> is not the <span title="same
@@ -45906,13 +45906,13 @@
</div>
- <h5>Security</h5>
+ <h5 id="security-forms">Security</h5>
- <p>Servers should not rely on client-side validation. Client-side
- validation can be intentionally bypassed by hostile users, and
- unintentionally bypassed by users of older user agents or automated
- tools that do not implement these features. The constraint
- validation features are only intended to improve the user
+ <p id="security-0">Servers should not rely on client-side
+ validation. Client-side validation can be intentionally bypassed by
+ hostile users, and unintentionally bypassed by users of older user
+ agents or automated tools that do not implement these features. The
+ constraint validation features are only intended to improve the user
experience, not to provide any kind of security mechanism.</p>
@@ -59833,12 +59833,12 @@
<div class="impl">
- <h4>Security</h4>
+ <h4 id="security-nav">Security</h4>
- <p>A <span>browsing context</span> <var title="">A</var> is
- <dfn>allowed to navigate</dfn> a second <span>browsing
- context</span> <var title="">B</var> if one of the following
- conditions is true:</p>
+ <p id="security-1">A <span>browsing context</span> <var
+ title="">A</var> is <dfn>allowed to navigate</dfn> a second
+ <span>browsing context</span> <var title="">B</var> if one of the
+ following conditions is true:</p>
<ul>
@@ -60233,14 +60233,14 @@
<div class="impl">
- <h4>Security</h4>
+ <h4 id="security-window">Security</h4>
- <p>User agents must raise a <code>SECURITY_ERR</code> exception
- whenever any of the members of a <code>Window</code> object are
- accessed by scripts whose <span>effective script origin</span> is
- not the same as the <code>Window</code> object's
- <code>Document</code>'s <span>effective script origin</span>, with
- the following exceptions:</p>
+ <p id="security-2">User agents must raise a
+ <code>SECURITY_ERR</code> exception whenever any of the members of a
+ <code>Window</code> object are accessed by scripts whose
+ <span>effective script origin</span> is not the same as the
+ <code>Window</code> object's <code>Document</code>'s <span>effective
+ script origin</span>, with the following exceptions:</p>
<ul>
@@ -62214,14 +62214,15 @@
<div class="impl">
- <h5>Security</h5>
+ <h5 id="security-location">Security</h5>
- <p>User agents must raise a <code>SECURITY_ERR</code> exception whenever
- any of the members of a <code>Location</code> object are accessed by
- scripts whose <span>effective script origin</span> is not the <span
- title="same origin">same</span> as the <code>Location</code>
- object's associated <code>Document</code>'s <span>effective script
- origin</span>, with the following exceptions:</p>
+ <p id="security-3">User agents must raise a
+ <code>SECURITY_ERR</code> exception whenever any of the members of a
+ <code>Location</code> object are accessed by scripts whose
+ <span>effective script origin</span> is not the <span title="same
+ origin">same</span> as the <code>Location</code> object's associated
+ <code>Document</code>'s <span>effective script origin</span>, with
+ the following exceptions:</p>
<ul>
@@ -79807,7 +79808,7 @@
</div>
- <h4>Security</h4>
+ <h4 id="security-postmsg">Security</h4>
<div class="impl">
@@ -79815,9 +79816,9 @@
</div>
- <p class="warning">Use of this API requires extra care to protect
- users from hostile entities abusing a site for their own
- purposes.</p>
+ <p id="security-4" class="warning">Use of this API requires extra
+ care to protect users from hostile entities abusing a site for their
+ own purposes.</p>
<p>Authors should check the <code
title="dom-MessageEvent-origin">origin</code> attribute to ensure
@@ -82490,7 +82491,7 @@
it is promptly deleted from the underlying storage.</p>
- <h4>Security</h4>
+ <h4 id="security-storage">Security</h4>
<h5>DNS spoofing attacks</h5>
More information about the Commit-Watchers
mailing list