[html5] r3622 - [giow] (2) Rework the security model for cross-origin access, so that we can be [...]

whatwg at whatwg.org whatwg at whatwg.org
Fri Aug 14 15:52:05 PDT 2009 

Author: ianh
Date: 2009-08-14 15:52:03 -0700 (Fri, 14 Aug 2009)
New Revision: 3622

Modified:
   index
   source
Log:
[giow] (2) Rework the security model for cross-origin access, so that we can be surer that prototype objects are safe.

Modified: index
===================================================================
--- index	2009-08-14 10:33:26 UTC (rev 3621)
+++ index	2009-08-14 22:52:03 UTC (rev 3622)
@@ -46321,12 +46321,36 @@
 
    <li>The <a href=#dynamic-nested-browsing-context-properties>dynamic nested browsing context properties</a>
 
-  </ul><p>User agents must not allow scripts to override the <code title=dom-location><a href=#dom-location>location</a></code> object's setter.</p>
+  </ul><p>When a script whose <a href=#effective-script-origin>effective script origin</a> is not
+  the same as the <code><a href=#window>Window</a></code> object's <code>Document</code>'s
+  <a href=#effective-script-origin>effective script origin</a> attempts to access that
+  <code><a href=#window>Window</a></code> object's methods or attributes, the user agent
+  must act as if any changes to the <code><a href=#window>Window</a></code> object's
+  properties, getters, setters, etc, were not present.</p>
 
+  <p>For members that return objects (including function objects),
+  each distinct <a href=#effective-script-origin>effective script origin</a> that is not the
+  same as the <code><a href=#window>Window</a></code> object's <code>Document</code>'s
+  <a href=#effective-script-origin>effective script origin</a> must be provided with a
+  separate set of objects. These objects must have the prototype chain
+  appropriate for the script for which the objects are created (not
+  those that would be appropriate for scripts whose <a href="#script's-global-object">script's
+  global object</a> is the <code><a href=#window>Window</a></code> object in
+  question).</p>
+
+  <div class=example>
+
+   <p>For instance, if two frames containing <code>Document</code>s
+   from different <a href=#origin-0 title=origin>origins</a> access the same
+   <code><a href=#window>Window</a></code> object's <code title=dom-window-postMessage-2><a href=#dom-window-postmessage-2>postMessage()</a></code> method, they
+   will get distinct objects that are not equal.</p>
+
   </div>
 
+  </div>
 
 
+
   <h4 id=apis-for-creating-and-navigating-browsing-contexts-by-name><span class=secno>6.3.2 </span>APIs for creating and navigating browsing contexts by name</h4>
 
   <dl class=domintro><dt><var title="">window</var> = <var title="">window</var> . <code title=dom-open><a href=#dom-open>open</a></code>( [ <var title="">url</var> [, <var title="">target</var> [, <var title="">features</var> [, <var title="">replace</var> ] ] ] ] )</dt>
@@ -51914,13 +51938,9 @@
    <a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with which
    the <code><a href=#location>Location</a></code> object is associated
 
-  </ul><p>User agents must not allow scripts to override the <code title=dom-location-href><a href=#dom-location-href>href</a></code> attribute's setter or the
-  <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> method on the
-  <code><a href=#location>Location</a></code> object.</p>
+  </ul></div>
 
-  </div>
 
-
   <div class=impl>
 
   <h4 id=history-notes><span class=secno>6.10.5 </span>Implementation notes for session history</h4>

Modified: source
===================================================================
--- source	2009-08-14 10:33:26 UTC (rev 3621)
+++ source	2009-08-14 22:52:03 UTC (rev 3622)
@@ -52302,13 +52302,37 @@
 
   </ul>
 
-  <p>User agents must not allow scripts to override the <code
-  title="dom-location">location</code> object's setter.</p>
+  <p>When a script whose <span>effective script origin</span> is not
+  the same as the <code>Window</code> object's <code>Document</code>'s
+  <span>effective script origin</span> attempts to access that
+  <code>Window</code> object's methods or attributes, the user agent
+  must act as if any changes to the <code>Window</code> object's
+  properties, getters, setters, etc, were not present.</p>
 
+  <p>For members that return objects (including function objects),
+  each distinct <span>effective script origin</span> that is not the
+  same as the <code>Window</code> object's <code>Document</code>'s
+  <span>effective script origin</span> must be provided with a
+  separate set of objects. These objects must have the prototype chain
+  appropriate for the script for which the objects are created (not
+  those that would be appropriate for scripts whose <span>script's
+  global object</span> is the <code>Window</code> object in
+  question).</p>
+
+  <div class="example">
+
+   <p>For instance, if two frames containing <code>Document</code>s
+   from different <span title="origin">origins</span> access the same
+   <code>Window</code> object's <code
+   title="dom-window-postMessage-2">postMessage()</code> method, they
+   will get distinct objects that are not equal.</p>
+
   </div>
 
+  </div>
 
 
+
   <h4>APIs for creating and navigating browsing contexts by name</h4>
 
   <dl class="domintro">
@@ -58814,11 +58838,6 @@
 
   </ul>
 
-  <p>User agents must not allow scripts to override the <code
-  title="dom-location-href">href</code> attribute's setter or the
-  <code title="dom-location-replace">replace()</code> method on the
-  <code>Location</code> object.</p>
-
   </div>

More information about the Commit-Watchers mailing list