[html5] r8196 - [e] (0) Add warning notes to the Security sections of Location and Window since [...]

whatwg at whatwg.org whatwg at whatwg.org
Mon Sep 23 14:42:44 PDT 2013 

Author: ianh
Date: 2013-09-23 14:42:43 -0700 (Mon, 23 Sep 2013)
New Revision: 8196

Modified:
   complete.html
   index
   source
Log:
[e] (0) Add warning notes to the Security sections of Location and Window since they are in flux with no end in sight.
Affected topics: DOM APIs, Security

Modified: complete.html
===================================================================
--- complete.html	2013-09-23 20:14:30 UTC (rev 8195)
+++ complete.html	2013-09-23 21:42:43 UTC (rev 8196)
@@ -65601,6 +65601,12 @@
 
   <h4 id=security-window><span class=secno>6.2.1 </span>Security</h4>
 
+  <p class=XXX>This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code><a href=#window>Window</a></code> and <code><a href=#location>Location</a></code> objects should
+  work.</p>
+
   <p id=security-2>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
   properties of a <code><a href=#window>Window</a></code> object are accessed when the <a href=#incumbent-script>incumbent script</a> has
   an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a> as
@@ -67691,6 +67697,12 @@
 
   <h5 id=security-location><span class=secno>6.5.3.1 </span>Security</h5>
 
+  <p class=XXX>This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code><a href=#window>Window</a></code> and <code><a href=#location>Location</a></code> objects should
+  work.</p>
+
   <p id=security-3>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
   properties of a <code><a href=#location>Location</a></code> object are accessed when the <a href=#entry-script>entry script</a> has an
   <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a> as the

Modified: index
===================================================================
--- index	2013-09-23 20:14:30 UTC (rev 8195)
+++ index	2013-09-23 21:42:43 UTC (rev 8196)
@@ -65601,6 +65601,12 @@
 
   <h4 id=security-window><span class=secno>6.2.1 </span>Security</h4>
 
+  <p class=XXX>This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code><a href=#window>Window</a></code> and <code><a href=#location>Location</a></code> objects should
+  work.</p>
+
   <p id=security-2>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
   properties of a <code><a href=#window>Window</a></code> object are accessed when the <a href=#incumbent-script>incumbent script</a> has
   an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a> as
@@ -67691,6 +67697,12 @@
 
   <h5 id=security-location><span class=secno>6.5.3.1 </span>Security</h5>
 
+  <p class=XXX>This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code><a href=#window>Window</a></code> and <code><a href=#location>Location</a></code> objects should
+  work.</p>
+
   <p id=security-3>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
   properties of a <code><a href=#location>Location</a></code> object are accessed when the <a href=#entry-script>entry script</a> has an
   <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a> as the

Modified: source
===================================================================
--- source	2013-09-23 20:14:30 UTC (rev 8195)
+++ source	2013-09-23 21:42:43 UTC (rev 8196)
@@ -73147,6 +73147,12 @@
 
   <h4 id="security-window">Security</h4>
 
+  <p class="XXX">This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code>Window</code> and <code>Location</code> objects should
+  work.</p>
+
   <p id="security-2">User agents must throw a <code>SecurityError</code> exception whenever any
   properties of a <code>Window</code> object are accessed when the <span>incumbent script</span> has
   an <span>effective script origin</span> that is not the <span title="same origin">same</span> as
@@ -75555,6 +75561,12 @@
 
   <h5 id="security-location">Security</h5>
 
+  <p class="XXX">This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code>Window</code> and <code>Location</code> objects should
+  work.</p>
+
   <p id="security-3">User agents must throw a <code>SecurityError</code> exception whenever any
   properties of a <code>Location</code> object are accessed when the <span>entry script</span> has an
   <span>effective script origin</span> that is not the <span title="same origin">same</span> as the

More information about the Commit-Watchers mailing list