[html5] r1501 - /
whatwg at whatwg.org
whatwg at whatwg.org
Mon Apr 28 14:45:26 PDT 2008
Author: ianh
Date: 2008-04-28 14:45:23 -0700 (Mon, 28 Apr 2008)
New Revision: 1501
Modified:
index
source
Log:
[] (0) Tighten security a little: <img src='javascript:'> and javascript: in a style sheet should be in a sandbox.
Modified: index
===================================================================
--- index 2008-04-28 10:58:30 UTC (rev 1500)
+++ index 2008-04-28 21:45:23 UTC (rev 1501)
@@ -27154,8 +27154,7 @@
<dt>If a script is a <a href="#the-javascript" title="javascript
protocol"><code title="">javascript:</code> URI</a> in a style sheet
- <dd>The origin is the origin of the <code>Document</code> to which the
- style sheet applies.
+ <dd>The origin is the origin of the URI of the style sheet.
<dt>If a script is a <a href="#the-javascript" title="javascript
protocol"><code title="">javascript:</code> URI</a> to which a <a
@@ -27302,11 +27301,7 @@
<em>different</em> <a href="#origin0">origin</a> than the script given by
the URI, the dereference context must be an empty object.
- <p>Otherwise, the dereference context must the <a
- href="#browsing0">browsing context</a> of the <code>Document</code> to
- which belongs the element for which the URI is being dereferenced, or to
- which the style sheet for which the URI is being dereferenced applies,
- whichever is appropriate.
+ <p>Otherwise, the dereference context must be an empty object.
<p>URIs using the <code title="">javascript:</code> protocol should be
evaluated when the resource for that URI is needed, unless <a
@@ -27333,8 +27328,8 @@
<p>So for example a <code title="">javascript:</code> URI for a <code
title=attr-img-src><a href="#src">src</a></code> attribute of an <code><a
href="#img">img</a></code> element would be evaluated in the context of
- the page as soon as the attribute is set; it would then be sniffed to
- determine the image type and decoded as an image.</p>
+ an empty object as soon as the attribute is set; it would then be sniffed
+ to determine the image type and decoded as an image.</p>
<p>A <code title="">javascript:</code> URI in an <code
title=attr-a-href>href</code> attribute of an <code><a
Modified: source
===================================================================
--- source 2008-04-28 10:58:30 UTC (rev 1500)
+++ source 2008-04-28 21:45:23 UTC (rev 1501)
@@ -24860,8 +24860,7 @@
<dt>If a script is a <span title="javascript protocol"><code
title="">javascript:</code> URI</span> in a style sheet</dt>
- <dd>The origin is the origin of the <code>Document</code> to which
- the style sheet applies.</dd>
+ <dd>The origin is the origin of the URI of the style sheet.</dd>
<dt>If a script is a <span title="javascript protocol"><code
@@ -25034,11 +25033,7 @@
<em>different</em> <span>origin</span> than the script given by the
URI, the dereference context must be an empty object.</p>
- <p>Otherwise, the dereference context must the <span>browsing
- context</span> of the <code>Document</code> to which belongs the
- element for which the URI is being dereferenced, or to which the
- style sheet for which the URI is being dereferenced applies,
- whichever is appropriate.</p>
+ <p>Otherwise, the dereference context must be an empty object.</p>
<p>URIs using the <code title="">javascript:</code> protocol should
be evaluated when the resource for that URI is needed, unless
@@ -25065,9 +25060,9 @@
<p>So for example a <code title="">javascript:</code> URI for a
<code title="attr-img-src">src</code> attribute of an
- <code>img</code> element would be evaluated in the context of the
- page as soon as the attribute is set; it would then be sniffed to
- determine the image type and decoded as an image.</p>
+ <code>img</code> element would be evaluated in the context of an
+ empty object as soon as the attribute is set; it would then be
+ sniffed to determine the image type and decoded as an image.</p>
<p>A <code title="">javascript:</code> URI in an <code
title="attr-a-href">href</code> attribute of an <code>a</code>
More information about the Commit-Watchers
mailing list