[html5] r4629 - [e] (0) Mention same-origin attacks and the importance of compartmentalization.
whatwg at whatwg.org
whatwg at whatwg.org
Wed Jan 27 14:34:20 PST 2010
Author: ianh
Date: 2010-01-27 14:34:17 -0800 (Wed, 27 Jan 2010)
New Revision: 4629
Modified:
complete.html
index
source
Log:
[e] (0) Mention same-origin attacks and the importance of compartmentalization.
Modified: complete.html
===================================================================
--- complete.html 2010-01-27 08:31:56 UTC (rev 4628)
+++ complete.html 2010-01-27 22:34:17 UTC (rev 4629)
@@ -50150,6 +50150,7 @@
the user, or if the user declines to allow a browsing context to
be used) there must not be a chosen browsing context.</dd>
+
<dt id=noopener>If the user agent has been configured such that
in this instance it will create a new browsing context, and the
browsing context is being requested as part of <a href=#following-hyperlinks title="following hyperlinks">following a hyperlink</a> whose
@@ -50164,6 +50165,7 @@
<p class=note>If it is immediately <a href=#navigate title=navigate>navigated</a>, then the navigation will be
done with <a href=#replacement-enabled>replacement enabled</a>.</dd>
+
<dt>If the user agent has been configured such that in this
instance it will create a new browsing context, and the <code title=rel-noreferrer><a href=#link-type-noreferrer>noreferrer</a></code> keyword doesn't
apply</dt>
@@ -50179,12 +50181,14 @@
then the navigation will be done with <a href=#replacement-enabled>replacement
enabled</a>.</dd>
+
<dt>If the user agent has been configured such that in this
instance it will reuse the current browsing context</dt>
<dd><p>The chosen browsing context is the current browsing
context.</dd>
+
<dt>If the user agent has been configured such that in this
instance it will not find a browsing context</dt>
@@ -84079,6 +84083,21 @@
Internet. This can expose local network topologies that the
attacker would otherwise not be able to determine.</p>
+ <p>HTML relies on a compartmentalization scheme sometimes known as
+ the <i>same-origin policy</i>. An <a href=#origin>origin</a> in most
+ cases consists of all the pages served from the same host, on the
+ same port, using the same protocol.</p>
+
+ <p>It is critical, therefore, to ensure that any untrusted content
+ that forms part of a site be hosted on a different
+ <a href=#origin>origin</a> than any sensitive content on that site.
+ Untrusted content can easily spoof any other page on the same
+ origin, read data from that origin, cause scripts in that origin
+ to execute, submit forms to and from that origin even if they are
+ protected from cross-site request forgery attacks by unique
+ tokens, and make use of any third-party resources exposed to or
+ rights granted to that origin.</p>
+
</dd>
<dt>Interoperability considerations:</dt>
<dd>
@@ -87644,6 +87663,7 @@
Ben Leslie,
Ben Meadowcroft,
Ben Millard,
+ Benjamin Carl Wiley Sittler,
Benjamin Hawkes-Lewis,
Bert Bos,
Bijan Parsia,
Modified: index
===================================================================
--- index 2010-01-27 08:31:56 UTC (rev 4628)
+++ index 2010-01-27 22:34:17 UTC (rev 4629)
@@ -50050,6 +50050,7 @@
the user, or if the user declines to allow a browsing context to
be used) there must not be a chosen browsing context.</dd>
+
<dt id=noopener>If the user agent has been configured such that
in this instance it will create a new browsing context, and the
browsing context is being requested as part of <a href=#following-hyperlinks title="following hyperlinks">following a hyperlink</a> whose
@@ -50064,6 +50065,7 @@
<p class=note>If it is immediately <a href=#navigate title=navigate>navigated</a>, then the navigation will be
done with <a href=#replacement-enabled>replacement enabled</a>.</dd>
+
<dt>If the user agent has been configured such that in this
instance it will create a new browsing context, and the <code title=rel-noreferrer><a href=#link-type-noreferrer>noreferrer</a></code> keyword doesn't
apply</dt>
@@ -50079,12 +50081,14 @@
then the navigation will be done with <a href=#replacement-enabled>replacement
enabled</a>.</dd>
+
<dt>If the user agent has been configured such that in this
instance it will reuse the current browsing context</dt>
<dd><p>The chosen browsing context is the current browsing
context.</dd>
+
<dt>If the user agent has been configured such that in this
instance it will not find a browsing context</dt>
@@ -78429,6 +78433,21 @@
Internet. This can expose local network topologies that the
attacker would otherwise not be able to determine.</p>
+ <p>HTML relies on a compartmentalization scheme sometimes known as
+ the <i>same-origin policy</i>. An <a href=#origin>origin</a> in most
+ cases consists of all the pages served from the same host, on the
+ same port, using the same protocol.</p>
+
+ <p>It is critical, therefore, to ensure that any untrusted content
+ that forms part of a site be hosted on a different
+ <a href=#origin>origin</a> than any sensitive content on that site.
+ Untrusted content can easily spoof any other page on the same
+ origin, read data from that origin, cause scripts in that origin
+ to execute, submit forms to and from that origin even if they are
+ protected from cross-site request forgery attacks by unique
+ tokens, and make use of any third-party resources exposed to or
+ rights granted to that origin.</p>
+
</dd>
<dt>Interoperability considerations:</dt>
<dd>
@@ -82143,6 +82162,7 @@
Ben Leslie,
Ben Meadowcroft,
Ben Millard,
+ Benjamin Carl Wiley Sittler,
Benjamin Hawkes-Lewis,
Bert Bos,
Bijan Parsia,
Modified: source
===================================================================
--- source 2010-01-27 08:31:56 UTC (rev 4628)
+++ source 2010-01-27 22:34:17 UTC (rev 4629)
@@ -56471,6 +56471,7 @@
the user, or if the user declines to allow a browsing context to
be used) there must not be a chosen browsing context.</p></dd>
+
<dt id="noopener">If the user agent has been configured such that
in this instance it will create a new browsing context, and the
browsing context is being requested as part of <span
@@ -56489,6 +56490,7 @@
title="navigate">navigated</span>, then the navigation will be
done with <span>replacement enabled</span>.</p></dd>
+
<dt>If the user agent has been configured such that in this
instance it will create a new browsing context, and the <code
title="rel-noreferrer">noreferrer</code> keyword doesn't
@@ -56506,12 +56508,14 @@
then the navigation will be done with <span>replacement
enabled</span>.</p></dd>
+
<dt>If the user agent has been configured such that in this
instance it will reuse the current browsing context</dt>
<dd><p>The chosen browsing context is the current browsing
context.</p></dd>
+
<dt>If the user agent has been configured such that in this
instance it will not find a browsing context</dt>
@@ -93608,6 +93612,21 @@
Internet. This can expose local network topologies that the
attacker would otherwise not be able to determine.</p>
+ <p>HTML relies on a compartmentalization scheme sometimes known as
+ the <i>same-origin policy</i>. An <span>origin</span> in most
+ cases consists of all the pages served from the same host, on the
+ same port, using the same protocol.</p>
+
+ <p>It is critical, therefore, to ensure that any untrusted content
+ that forms part of a site be hosted on a different
+ <span>origin</span> than any sensitive content on that site.
+ Untrusted content can easily spoof any other page on the same
+ origin, read data from that origin, cause scripts in that origin
+ to execute, submit forms to and from that origin even if they are
+ protected from cross-site request forgery attacks by unique
+ tokens, and make use of any third-party resources exposed to or
+ rights granted to that origin.</p>
+
</dd>
<dt>Interoperability considerations:</dt>
<dd>
@@ -98158,6 +98177,7 @@
Ben Leslie,
Ben Meadowcroft,
Ben Millard,
+ Benjamin Carl Wiley Sittler,
Benjamin Hawkes-Lewis,
Bert Bos,
Bijan Parsia,
More information about the Commit-Watchers
mailing list