[html5] r5314 - [giow] (2) Change how localStorage protects from cross-origin accesses so that o [...]

whatwg at whatwg.org whatwg at whatwg.org
Fri Aug 20 12:17:46 PDT 2010


Author: ianh
Date: 2010-08-20 12:17:45 -0700 (Fri, 20 Aug 2010)
New Revision: 5314

Modified:
   complete.html
   source
Log:
[giow] (2) Change how localStorage protects from cross-origin accesses so that old Storage objects don't become vulnerable after document.domain is changed (which was rather inconsistent).

Modified: complete.html
===================================================================
--- complete.html	2010-08-20 18:58:07 UTC (rev 5313)
+++ complete.html	2010-08-20 19:17:45 UTC (rev 5314)
@@ -1110,7 +1110,9 @@
     <ol>
      <li><a href=#the-storage-interface><span class=secno>11.2.1 </span>The <code>Storage</code> interface</a></li>
      <li><a href=#the-sessionstorage-attribute><span class=secno>11.2.2 </span>The <code title=dom-sessionStorage>sessionStorage</code> attribute</a></li>
-     <li><a href=#the-localstorage-attribute><span class=secno>11.2.3 </span>The <code title=dom-localStorage>localStorage</code> attribute</a></li>
+     <li><a href=#the-localstorage-attribute><span class=secno>11.2.3 </span>The <code title=dom-localStorage>localStorage</code> attribute</a>
+      <ol>
+       <li><a href=#security-localStorage><span class=secno>11.2.3.1 </span>Security</a></ol></li>
      <li><a href=#the-storage-event><span class=secno>11.2.4 </span>The <code title=event-storage>storage</code> event</a>
       <ol>
        <li><a href=#event-definition-0><span class=secno>11.2.4.1 </span>Event definition</a></ol></li>
@@ -76919,20 +76921,14 @@
    request violates a policy decision (e.g. if the user agent is
    configured to not allow the page to persist data).</li>
 
-   <li><p>If the <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script
-   origin</a> is not the <a href=#same-origin>same origin</a> as the
-   <code><a href=#document>Document</a></code>'s <a href=#origin>origin</a>, then throw a
-   <code><a href=#security_err>SECURITY_ERR</a></code> exception and abort these steps.</li>
-   <!-- XXX should do this on getItem()/setItem()/enumerating etc -->
-
    <li><p>If the <code><a href=#document>Document</a></code>'s <a href=#origin>origin</a> is not a
    scheme/host/port tuple, then throw a <code><a href=#security_err>SECURITY_ERR</a></code>
    exception and abort these steps.</li>
 
    <li><p>Check to see if the user agent has allocated a local storage
    area for the <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> of
-   the <code><a href=#window>Window</a></code> object on which the method was invoked. If
-   it has not, create a new storage area for that
+   the <code><a href=#window>Window</a></code> object on which the attribute was accessed.
+   If it has not, create a new storage area for that
    <a href=#origin>origin</a>.</li>
 
    <li><p>Return the <code><a href=#storage-0>Storage</a></code> object associated with that
@@ -76957,7 +76953,23 @@
   <a href=#obtain-the-storage-mutex>obtain the storage mutex</a>.</p>
 
 
+  <h5 id=security-localStorage><span class=secno>11.2.3.1 </span>Security</h5>
 
+  <p>User agents must raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception
+  whenever any of the members of a <code><a href=#storage-0>Storage</a></code> object
+  originally returned by the <code title=dom-localStorage><a href=#dom-localstorage>localStorage</a></code> attribute are accessed
+  by scripts whose <a href=#effective-script-origin>effective script origin</a> is not the
+  <a href=#same-origin title="same origin">same</a> as the <a href=#origin>origin</a> of
+  the <code><a href=#document>Document</a></code> of the <code><a href=#window>Window</a></code> object on which
+  the <code title=dom-localStorage><a href=#dom-localstorage>localStorage</a></code> attribute was
+  accessed.</p>
+
+  <p class=note>This means <code><a href=#storage-0>Storage</a></code> objects are neutered
+  when the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code>
+  attribute is used.</p>
+
+
+
   <h4 id=the-storage-event><span class=secno>11.2.4 </span>The <code title=event-storage><a href=#event-storage>storage</a></code> event</h4>
 
   <p>The <dfn id=event-storage title=event-storage><code>storage</code></dfn> event

Modified: source
===================================================================
--- source	2010-08-20 18:58:07 UTC (rev 5313)
+++ source	2010-08-20 19:17:45 UTC (rev 5314)
@@ -86619,20 +86619,14 @@
    request violates a policy decision (e.g. if the user agent is
    configured to not allow the page to persist data).</p></li>
 
-   <li><p>If the <code>Document</code>'s <span>effective script
-   origin</span> is not the <span>same origin</span> as the
-   <code>Document</code>'s <span>origin</span>, then throw a
-   <code>SECURITY_ERR</code> exception and abort these steps.</p></li>
-   <!-- XXX should do this on getItem()/setItem()/enumerating etc -->
-
    <li><p>If the <code>Document</code>'s <span>origin</span> is not a
    scheme/host/port tuple, then throw a <code>SECURITY_ERR</code>
    exception and abort these steps.</p></li>
 
    <li><p>Check to see if the user agent has allocated a local storage
    area for the <span>origin</span> of the <code>Document</code> of
-   the <code>Window</code> object on which the method was invoked. If
-   it has not, create a new storage area for that
+   the <code>Window</code> object on which the attribute was accessed.
+   If it has not, create a new storage area for that
    <span>origin</span>.</p></li>
 
    <li><p>Return the <code>Storage</code> object associated with that
@@ -86666,7 +86660,24 @@
   <span>obtain the storage mutex</span>.</p>
 
 
+  <h6 id="security-localStorage">Security</h6>
 
+  <p>User agents must raise a <code>SECURITY_ERR</code> exception
+  whenever any of the members of a <code>Storage</code> object
+  originally returned by the <code
+  title="dom-localStorage">localStorage</code> attribute are accessed
+  by scripts whose <span>effective script origin</span> is not the
+  <span title="same origin">same</span> as the <span>origin</span> of
+  the <code>Document</code> of the <code>Window</code> object on which
+  the <code title="dom-localStorage">localStorage</code> attribute was
+  accessed.</p>
+
+  <p class="note">This means <code>Storage</code> objects are neutered
+  when the <code title="dom-document-domain">document.domain</code>
+  attribute is used.</p>
+
+
+
   <h5>The <code title="event-storage">storage</code> event</h5>
 
   <p>The <dfn title="event-storage"><code>storage</code></dfn> event




More information about the Commit-Watchers mailing list