[html5] r7881 - [giow] (3) Security: data: URLs shouldn't get the origin of a redirector, since [...]

whatwg at whatwg.org whatwg at whatwg.org
Fri May 31 13:13:14 PDT 2013 

Author: ianh
Date: 2013-05-31 13:13:13 -0700 (Fri, 31 May 2013)
New Revision: 7881

Modified:
   complete.html
   index
   source
Log:
[giow] (3) Security: data: URLs shouldn't get the origin of a redirector, since that redirector might be tricked into redirecting a data: URLs by a hostile origin, thus letting that hostile origin expose a same-origin data: URL.
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=21506
Affected topics: Security

Modified: complete.html
===================================================================
--- complete.html	2013-05-31 19:42:05 UTC (rev 7880)
+++ complete.html	2013-05-31 20:13:13 UTC (rev 7881)
@@ -65343,20 +65343,6 @@
      </dd>
 
 
-     <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> that was returned as the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or equivalent</a> in other protocols)</dt>
-
-     <dd>
-
-      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
-      <a href=#origin>origin</a> of the <a href=#url>URL</a> that redirected to the <a href=#data-protocol title="data
-      protocol"><code title="">data:</code> URL</a>.</p>
-
-      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#origin>origin</a> of the
-      <code><a href=#document>Document</a></code>.</p>
-
-     </dd>
-
-
      <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> found in another <code><a href=#document>Document</a></code> or in a script</dt>
 
      <dd>
@@ -65399,9 +65385,9 @@
 
 
      <dt>If a <code><a href=#document>Document</a></code> was obtained in some other manner (e.g. a <a href=#data-protocol title="data
-     protocol"><code title="">data:</code> URL</a> typed in by the user, a <code><a href=#document>Document</a></code>
-     created using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code>
-     API, etc)</dt>
+     protocol"><code title="">data:</code> URL</a> typed in by the user or that was returned as
+     the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or
+     equivalent</a> in other protocols), a <code><a href=#document>Document</a></code> created using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code> API, etc)</dt>
 
      <dd>
 

Modified: index
===================================================================
--- index	2013-05-31 19:42:05 UTC (rev 7880)
+++ index	2013-05-31 20:13:13 UTC (rev 7881)
@@ -65343,20 +65343,6 @@
      </dd>
 
 
-     <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> that was returned as the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or equivalent</a> in other protocols)</dt>
-
-     <dd>
-
-      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
-      <a href=#origin>origin</a> of the <a href=#url>URL</a> that redirected to the <a href=#data-protocol title="data
-      protocol"><code title="">data:</code> URL</a>.</p>
-
-      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#origin>origin</a> of the
-      <code><a href=#document>Document</a></code>.</p>
-
-     </dd>
-
-
      <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> found in another <code><a href=#document>Document</a></code> or in a script</dt>
 
      <dd>
@@ -65399,9 +65385,9 @@
 
 
      <dt>If a <code><a href=#document>Document</a></code> was obtained in some other manner (e.g. a <a href=#data-protocol title="data
-     protocol"><code title="">data:</code> URL</a> typed in by the user, a <code><a href=#document>Document</a></code>
-     created using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code>
-     API, etc)</dt>
+     protocol"><code title="">data:</code> URL</a> typed in by the user or that was returned as
+     the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or
+     equivalent</a> in other protocols), a <code><a href=#document>Document</a></code> created using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code> API, etc)</dt>
 
      <dd>
 

Modified: source
===================================================================
--- source	2013-05-31 19:42:05 UTC (rev 7880)
+++ source	2013-05-31 20:13:13 UTC (rev 7881)
@@ -73062,23 +73062,6 @@
 
 
      <dt>If a <code>Document</code> was generated from a <span title="data protocol"><code
-     title="">data:</code> URL</span> that was returned as the location of an HTTP redirect (<span
-     title="concept-http-equivalent-codes">or equivalent</span> in other protocols)</dt>
-
-     <dd>
-
-      <p>The <span>origin</span> is an <span title="concept-origin-alias">alias</span> to the
-      <span>origin</span> of the <span>URL</span> that redirected to the <span title="data
-      protocol"><code title="">data:</code> URL</span>.</p>
-
-      <p>The <span>effective script origin</span> is initially an <span
-      title="concept-origin-alias">alias</span> to the <span>origin</span> of the
-      <code>Document</code>.</p>
-
-     </dd>
-
-
-     <dt>If a <code>Document</code> was generated from a <span title="data protocol"><code
      title="">data:</code> URL</span> found in another <code>Document</code> or in a script</dt>
 
      <dd>
@@ -73126,9 +73109,10 @@
 
 
      <dt>If a <code>Document</code> was obtained in some other manner (e.g. a <span title="data
-     protocol"><code title="">data:</code> URL</span> typed in by the user, a <code>Document</code>
-     created using the <code title="dom-DOMImplementation-createDocument">createDocument()</code>
-     API, etc)</dt>
+     protocol"><code title="">data:</code> URL</span> typed in by the user or that was returned as
+     the location of an HTTP redirect (<span title="concept-http-equivalent-codes">or
+     equivalent</span> in other protocols), a <code>Document</code> created using the <code
+     title="dom-DOMImplementation-createDocument">createDocument()</code> API, etc)</dt>
 
      <dd>

More information about the Commit-Watchers mailing list