[html5] r7938 - [e] (0) non-normative text for 'origin' Fixing https://www.w3.org/Bugs/Public/sh [...]

whatwg at whatwg.org whatwg at whatwg.org
Fri Jun 7 15:24:55 PDT 2013


Author: ianh
Date: 2013-06-07 15:24:53 -0700 (Fri, 07 Jun 2013)
New Revision: 7938

Modified:
   complete.html
   index
   source
Log:
[e] (0) non-normative text for 'origin'
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=21949
Affected topics: Security

Modified: complete.html
===================================================================
--- complete.html	2013-06-07 21:53:26 UTC (rev 7937)
+++ complete.html	2013-06-07 22:24:53 UTC (rev 7938)
@@ -65480,7 +65480,16 @@
   <h3 id=origin-0><span class=secno>6.3 </span>Origin</h3>
   <!-- Hallowed are the Ori -->
 
-  <p>The <dfn id=origin>origin</dfn> of a resource and the <dfn id=effective-script-origin>effective script origin</dfn> of a resource
+  <p>Origins are the fundamental currency of the Web's security model. Two actors in the Web
+  platform that share an origin are assumed to trust each other and to have the same authority.
+  Actors with differing origins are considered potentially hostile versus each other, and are
+  isolated from each other to varying degrees.</p>
+
+  <p class=example>For example, if Example Bank's Web site, hosted at <code title="">bank.example.com</code>, tries to examine the DOM of Example Charity's Web site, hosted
+  at <code title="">charity.example.org</code>, a <code><a href=#securityerror>SecurityError</a></code> exception will be
+  raised.</p>
+
+  <hr><p>The <dfn id=origin>origin</dfn> of a resource and the <dfn id=effective-script-origin>effective script origin</dfn> of a resource
   are both either opaque identifiers or tuples consisting of a scheme component, a host component, a
   port component, and optionally extra data.</p>
 

Modified: index
===================================================================
--- index	2013-06-07 21:53:26 UTC (rev 7937)
+++ index	2013-06-07 22:24:53 UTC (rev 7938)
@@ -65480,7 +65480,16 @@
   <h3 id=origin-0><span class=secno>6.3 </span>Origin</h3>
   <!-- Hallowed are the Ori -->
 
-  <p>The <dfn id=origin>origin</dfn> of a resource and the <dfn id=effective-script-origin>effective script origin</dfn> of a resource
+  <p>Origins are the fundamental currency of the Web's security model. Two actors in the Web
+  platform that share an origin are assumed to trust each other and to have the same authority.
+  Actors with differing origins are considered potentially hostile versus each other, and are
+  isolated from each other to varying degrees.</p>
+
+  <p class=example>For example, if Example Bank's Web site, hosted at <code title="">bank.example.com</code>, tries to examine the DOM of Example Charity's Web site, hosted
+  at <code title="">charity.example.org</code>, a <code><a href=#securityerror>SecurityError</a></code> exception will be
+  raised.</p>
+
+  <hr><p>The <dfn id=origin>origin</dfn> of a resource and the <dfn id=effective-script-origin>effective script origin</dfn> of a resource
   are both either opaque identifiers or tuples consisting of a scheme component, a host component, a
   port component, and optionally extra data.</p>
 

Modified: source
===================================================================
--- source	2013-06-07 21:53:26 UTC (rev 7937)
+++ source	2013-06-07 22:24:53 UTC (rev 7938)
@@ -73032,6 +73032,18 @@
   <h3>Origin</h3>
   <!-- Hallowed are the Ori -->
 
+  <p>Origins are the fundamental currency of the Web's security model. Two actors in the Web
+  platform that share an origin are assumed to trust each other and to have the same authority.
+  Actors with differing origins are considered potentially hostile versus each other, and are
+  isolated from each other to varying degrees.</p>
+
+  <p class="example">For example, if Example Bank's Web site, hosted at <code
+  title="">bank.example.com</code>, tries to examine the DOM of Example Charity's Web site, hosted
+  at <code title="">charity.example.org</code>, a <code>SecurityError</code> exception will be
+  raised.</p>
+
+  <hr>
+
   <p>The <dfn>origin</dfn> of a resource and the <dfn>effective script origin</dfn> of a resource
   are both either opaque identifiers or tuples consisting of a scheme component, a host component, a
   port component, and optionally extra data.</p>




More information about the Commit-Watchers mailing list