[html5] r8273 - [] (3) Remove security checks on Document since there should now be no way to ge [...]
whatwg at whatwg.org
whatwg at whatwg.org
Tue Nov 12 13:53:08 PST 2013
Author: ianh
Date: 2013-11-12 13:53:05 -0800 (Tue, 12 Nov 2013)
New Revision: 8273
Modified:
complete.html
index
source
Log:
[] (3) Remove security checks on Document since there should now be no way to get to a Document from another origin.
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23219
Affected topics: DOM APIs, HTML Syntax and Parsing, Security
Modified: complete.html
===================================================================
--- complete.html 2013-11-12 21:50:40 UTC (rev 8272)
+++ complete.html 2013-11-12 21:53:05 UTC (rev 8273)
@@ -444,10 +444,9 @@
<li><a href=#documents><span class=secno>3.1 </span>Documents</a>
<ol>
<li><a href=#the-document-object><span class=secno>3.1.1 </span>The <code>Document</code> object</a></li>
- <li><a href=#security-document><span class=secno>3.1.2 </span>Security</a></li>
- <li><a href=#resource-metadata-management><span class=secno>3.1.3 </span>Resource metadata management</a></li>
- <li><a href=#dom-tree-accessors><span class=secno>3.1.4 </span>DOM tree accessors</a></li>
- <li><a href=#loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</a></ol></li>
+ <li><a href=#resource-metadata-management><span class=secno>3.1.2 </span>Resource metadata management</a></li>
+ <li><a href=#dom-tree-accessors><span class=secno>3.1.3 </span>DOM tree accessors</a></li>
+ <li><a href=#loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</a></ol></li>
<li><a href=#elements><span class=secno>3.2 </span>Elements</a>
<ol>
<li><a href=#semantics-0><span class=secno>3.2.1 </span>Semantics</a></li>
@@ -8485,27 +8484,9 @@
<a href=#document>Document</a> implements <a href=#globaleventhandlers>GlobalEventHandlers</a>;</pre>
-<!--ADD-TOPIC:Security-->
- <h4 id=security-document><span class=secno>3.1.2 </span>Security</h4>
-<!--CLEANUP-->
- <p id=security>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
- properties of a <code><a href=#document>Document</a></code> object are accessed when the <a href=#incumbent-settings-object>incumbent settings object</a>
- specifies an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a>
- as the <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>.</p>
+ <h4 id=resource-metadata-management><span class=secno>3.1.2 </span><dfn>Resource metadata management</dfn></h4>
-<!--CLEANUP-->
- <p>When the <a href=#incumbent-settings-object>incumbent settings object</a> specifies an <a href=#effective-script-origin>effective script origin</a> that is different than
- a <code><a href=#document>Document</a></code> object's <a href=#effective-script-origin>effective script origin</a>, the user agent must act as
- if <!--(redundant since you can't access any anyway) any changes to that <code>Document</code>
- object's properties, getters, setters, etc, were not present, and as if--> all the properties of
- that <code><a href=#document>Document</a></code> object had their [[Enumerable]] attribute set to false.</p>
-<!--REMOVE-TOPIC:Security-->
-
-
-
- <h4 id=resource-metadata-management><span class=secno>3.1.3 </span><dfn>Resource metadata management</dfn></h4>
-
<dl class=domintro><dt><var title="">document</var> . <code title=dom-document-referrer><a href=#dom-document-referrer>referrer</a></code></dt>
<dd>
@@ -8658,7 +8639,7 @@
- <h4 id=dom-tree-accessors><span class=secno>3.1.4 </span><dfn>DOM tree accessors</dfn></h4>
+ <h4 id=dom-tree-accessors><span class=secno>3.1.3 </span><dfn>DOM tree accessors</dfn></h4>
<p><dfn id=the-html-element-0>The <code>html</code> element</dfn> of a document is the
document's root element, if there is one and it's an
@@ -9064,7 +9045,7 @@
<div class=impl> <!-- very deprecated API; use XHR instead -->
- <h4 id=loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</h4>
+ <h4 id=loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</h4>
<pre class=idl>partial interface <dfn id=xmldocument>XMLDocument</dfn> {
<!--SYNCLOAD attribute boolean <span title="dom-XMLDocument-async">async</span>;
@@ -91629,9 +91610,9 @@
this also fires an event synchronously during the task -->.</li>
<li><p>If the <code><a href=#document>Document</a></code> is in a <a href=#browsing-context>browsing context</a>, create a <a href=#concept-events-trusted title=concept-events-trusted>trusted</a> event named <code title=event-load>load</code> that does not bubble and is not cancelable and which uses the
- <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch it at
- the <code>Document</code>'s <code>Window</code> object, with <i>target override</i> set to the
- <code>Document</code> object.</a></li>
+ <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch</a> it at
+ the <code><a href=#document>Document</a></code>'s <code><a href=#window>Window</a></code> object, with <i>target override</i> set to the
+ <code><a href=#document>Document</a></code> object.</li>
</ol></li>
Modified: index
===================================================================
--- index 2013-11-12 21:50:40 UTC (rev 8272)
+++ index 2013-11-12 21:53:05 UTC (rev 8273)
@@ -444,10 +444,9 @@
<li><a href=#documents><span class=secno>3.1 </span>Documents</a>
<ol>
<li><a href=#the-document-object><span class=secno>3.1.1 </span>The <code>Document</code> object</a></li>
- <li><a href=#security-document><span class=secno>3.1.2 </span>Security</a></li>
- <li><a href=#resource-metadata-management><span class=secno>3.1.3 </span>Resource metadata management</a></li>
- <li><a href=#dom-tree-accessors><span class=secno>3.1.4 </span>DOM tree accessors</a></li>
- <li><a href=#loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</a></ol></li>
+ <li><a href=#resource-metadata-management><span class=secno>3.1.2 </span>Resource metadata management</a></li>
+ <li><a href=#dom-tree-accessors><span class=secno>3.1.3 </span>DOM tree accessors</a></li>
+ <li><a href=#loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</a></ol></li>
<li><a href=#elements><span class=secno>3.2 </span>Elements</a>
<ol>
<li><a href=#semantics-0><span class=secno>3.2.1 </span>Semantics</a></li>
@@ -8485,27 +8484,9 @@
<a href=#document>Document</a> implements <a href=#globaleventhandlers>GlobalEventHandlers</a>;</pre>
-<!--ADD-TOPIC:Security-->
- <h4 id=security-document><span class=secno>3.1.2 </span>Security</h4>
-<!--CLEANUP-->
- <p id=security>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
- properties of a <code><a href=#document>Document</a></code> object are accessed when the <a href=#incumbent-settings-object>incumbent settings object</a>
- specifies an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a>
- as the <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>.</p>
+ <h4 id=resource-metadata-management><span class=secno>3.1.2 </span><dfn>Resource metadata management</dfn></h4>
-<!--CLEANUP-->
- <p>When the <a href=#incumbent-settings-object>incumbent settings object</a> specifies an <a href=#effective-script-origin>effective script origin</a> that is different than
- a <code><a href=#document>Document</a></code> object's <a href=#effective-script-origin>effective script origin</a>, the user agent must act as
- if <!--(redundant since you can't access any anyway) any changes to that <code>Document</code>
- object's properties, getters, setters, etc, were not present, and as if--> all the properties of
- that <code><a href=#document>Document</a></code> object had their [[Enumerable]] attribute set to false.</p>
-<!--REMOVE-TOPIC:Security-->
-
-
-
- <h4 id=resource-metadata-management><span class=secno>3.1.3 </span><dfn>Resource metadata management</dfn></h4>
-
<dl class=domintro><dt><var title="">document</var> . <code title=dom-document-referrer><a href=#dom-document-referrer>referrer</a></code></dt>
<dd>
@@ -8658,7 +8639,7 @@
- <h4 id=dom-tree-accessors><span class=secno>3.1.4 </span><dfn>DOM tree accessors</dfn></h4>
+ <h4 id=dom-tree-accessors><span class=secno>3.1.3 </span><dfn>DOM tree accessors</dfn></h4>
<p><dfn id=the-html-element-0>The <code>html</code> element</dfn> of a document is the
document's root element, if there is one and it's an
@@ -9064,7 +9045,7 @@
<div class=impl> <!-- very deprecated API; use XHR instead -->
- <h4 id=loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</h4>
+ <h4 id=loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</h4>
<pre class=idl>partial interface <dfn id=xmldocument>XMLDocument</dfn> {
<!--SYNCLOAD attribute boolean <span title="dom-XMLDocument-async">async</span>;
@@ -91629,9 +91610,9 @@
this also fires an event synchronously during the task -->.</li>
<li><p>If the <code><a href=#document>Document</a></code> is in a <a href=#browsing-context>browsing context</a>, create a <a href=#concept-events-trusted title=concept-events-trusted>trusted</a> event named <code title=event-load>load</code> that does not bubble and is not cancelable and which uses the
- <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch it at
- the <code>Document</code>'s <code>Window</code> object, with <i>target override</i> set to the
- <code>Document</code> object.</a></li>
+ <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch</a> it at
+ the <code><a href=#document>Document</a></code>'s <code><a href=#window>Window</a></code> object, with <i>target override</i> set to the
+ <code><a href=#document>Document</a></code> object.</li>
</ol></li>
Modified: source
===================================================================
--- source 2013-11-12 21:50:40 UTC (rev 8272)
+++ source 2013-11-12 21:53:05 UTC (rev 8273)
@@ -8124,25 +8124,7 @@
<span>Document</span> implements <span>GlobalEventHandlers</span>;</pre>
-<!--ADD-TOPIC:Security-->
- <h4 id="security-document">Security</h4>
-<!--CLEANUP-->
- <p id="security">User agents must throw a <code>SecurityError</code> exception whenever any
- properties of a <code>Document</code> object are accessed when the <span>incumbent settings object</span>
- specifies an <span>effective script origin</span> that is not the <span data-x="same origin">same</span>
- as the <code>Document</code>'s <span>effective script origin</span>.</p>
-
-<!--CLEANUP-->
- <p>When the <span>incumbent settings object</span> specifies an <span>effective script origin</span> that is different than
- a <code>Document</code> object's <span>effective script origin</span>, the user agent must act as
- if <!--(redundant since you can't access any anyway) any changes to that <code>Document</code>
- object's properties, getters, setters, etc, were not present, and as if--> all the properties of
- that <code>Document</code> object had their [[Enumerable]] attribute set to false.</p>
-<!--REMOVE-TOPIC:Security-->
-
-
-
<h4><dfn>Resource metadata management</dfn></h4>
<dl class="domintro">
@@ -102022,7 +102004,7 @@
<li><p>If the <code>Document</code> is in a <span>browsing context</span>, create a <span
data-x="concept-events-trusted">trusted</span> event named <code
data-x="event-load">load</code> that does not bubble and is not cancelable and which uses the
- <code>Event</code> interface, and <span data-x="concept-event-dispatch">dispatch</soan> it at
+ <code>Event</code> interface, and <span data-x="concept-event-dispatch">dispatch</span> it at
the <code>Document</code>'s <code>Window</code> object, with <i>target override</i> set to the
<code>Document</code> object.</p></li>
More information about the Commit-Watchers
mailing list