[html5] r5465 - [giow] (1) mitigate the risk of autofocus being used in script-less XSS scenario [...]
whatwg at whatwg.org
whatwg at whatwg.org
Fri Sep 10 02:38:24 PDT 2010
Author: ianh
Date: 2010-09-10 02:38:23 -0700 (Fri, 10 Sep 2010)
New Revision: 5465
Modified:
complete.html
index
source
Log:
[giow] (1) mitigate the risk of autofocus being used in script-less XSS scenarios to transfer focus to hostile forms
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=9602
Modified: complete.html
===================================================================
--- complete.html 2010-09-10 09:01:05 UTC (rev 5464)
+++ complete.html 2010-09-10 09:38:23 UTC (rev 5465)
@@ -45442,15 +45442,31 @@
<a href=#insert-an-element-into-a-document title="insert an element into a document">inserted into a
document</a>, user agents should run the following steps:</p>
- <ol><li><p>If the <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>
- had the <a href=#sandboxed-automatic-features-browsing-context-flag>sandboxed automatic features browsing context
- flag</a> set when the <code><a href=#document>Document</a></code> was created, abort
- these steps.</li>
+ <ol><li><p>Let <var title="">target</var> be the element's
+ <code><a href=#document>Document</a></code>.</li>
+ <li><p>If <var title="">target</var>'s <a href=#browsing-context>browsing
+ context</a> had the <a href=#sandboxed-automatic-features-browsing-context-flag>sandboxed automatic features browsing
+ context flag</a> set when <var title="">target</var> was
+ created, abort these steps.</li>
+
+ <li><p>If <var title="">target</var>'s <a href=#origin>origin</a> is not
+ the <a href=#same-origin title="same origin">same</a> as the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> of the currently
+ focused element in <var title="">target</var>'s <a href=#top-level-browsing-context>top-level
+ browsing context</a>, abort these steps.</li>
+
+ <li><p>If <var title="">target</var>'s <a href=#origin>origin</a> is not
+ the <a href=#same-origin title="same origin">same</a> as the
+ <a href=#origin>origin</a> of the <a href=#active-document>active document</a> of <var title="">target</var>'s <a href=#top-level-browsing-context>top-level browsing context</a>,
+ abort these steps.</li>
+
<li><p>If the user agent has already reached the last step of this
list of steps in response to an element being <a href=#insert-an-element-into-a-document title="insert
- an element into a document">inserted</a> into this
- <code><a href=#document>Document</a></code>, abort these steps.</li>
+ an element into a document">inserted</a> into a
+ <code><a href=#document>Document</a></code> whose <a href=#top-level-browsing-context>top-level browsing
+ context</a>'s <a href=#active-document>active document</a> is the same as <var title="">target</var>'s <a href=#top-level-browsing-context>top-level browsing context</a>'s
+ <a href=#active-document>active document</a>, abort these steps.</li>
<li><p>If the user has indicated (for example, by starting to type
in a form control) that he does not wish focus to be changed, then
Modified: index
===================================================================
--- index 2010-09-10 09:01:05 UTC (rev 5464)
+++ index 2010-09-10 09:38:23 UTC (rev 5465)
@@ -45422,15 +45422,31 @@
<a href=#insert-an-element-into-a-document title="insert an element into a document">inserted into a
document</a>, user agents should run the following steps:</p>
- <ol><li><p>If the <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>
- had the <a href=#sandboxed-automatic-features-browsing-context-flag>sandboxed automatic features browsing context
- flag</a> set when the <code><a href=#document>Document</a></code> was created, abort
- these steps.</li>
+ <ol><li><p>Let <var title="">target</var> be the element's
+ <code><a href=#document>Document</a></code>.</li>
+ <li><p>If <var title="">target</var>'s <a href=#browsing-context>browsing
+ context</a> had the <a href=#sandboxed-automatic-features-browsing-context-flag>sandboxed automatic features browsing
+ context flag</a> set when <var title="">target</var> was
+ created, abort these steps.</li>
+
+ <li><p>If <var title="">target</var>'s <a href=#origin>origin</a> is not
+ the <a href=#same-origin title="same origin">same</a> as the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> of the currently
+ focused element in <var title="">target</var>'s <a href=#top-level-browsing-context>top-level
+ browsing context</a>, abort these steps.</li>
+
+ <li><p>If <var title="">target</var>'s <a href=#origin>origin</a> is not
+ the <a href=#same-origin title="same origin">same</a> as the
+ <a href=#origin>origin</a> of the <a href=#active-document>active document</a> of <var title="">target</var>'s <a href=#top-level-browsing-context>top-level browsing context</a>,
+ abort these steps.</li>
+
<li><p>If the user agent has already reached the last step of this
list of steps in response to an element being <a href=#insert-an-element-into-a-document title="insert
- an element into a document">inserted</a> into this
- <code><a href=#document>Document</a></code>, abort these steps.</li>
+ an element into a document">inserted</a> into a
+ <code><a href=#document>Document</a></code> whose <a href=#top-level-browsing-context>top-level browsing
+ context</a>'s <a href=#active-document>active document</a> is the same as <var title="">target</var>'s <a href=#top-level-browsing-context>top-level browsing context</a>'s
+ <a href=#active-document>active document</a>, abort these steps.</li>
<li><p>If the user has indicated (for example, by starting to type
in a form control) that he does not wish focus to be changed, then
Modified: source
===================================================================
--- source 2010-09-10 09:01:05 UTC (rev 5464)
+++ source 2010-09-10 09:38:23 UTC (rev 5465)
@@ -50944,15 +50944,33 @@
<ol>
- <li><p>If the <code>Document</code>'s <span>browsing context</span>
- had the <span>sandboxed automatic features browsing context
- flag</span> set when the <code>Document</code> was created, abort
- these steps.</p></li>
+ <li><p>Let <var title="">target</var> be the element's
+ <code>Document</code>.</p></li>
+ <li><p>If <var title="">target</var>'s <span>browsing
+ context</span> had the <span>sandboxed automatic features browsing
+ context flag</span> set when <var title="">target</var> was
+ created, abort these steps.</p></li>
+
+ <li><p>If <var title="">target</var>'s <span>origin</span> is not
+ the <span title="same origin">same</span> as the
+ <span>origin</span> of the <code>Document</code> of the currently
+ focused element in <var title="">target</var>'s <span>top-level
+ browsing context</span>, abort these steps.</p></li>
+
+ <li><p>If <var title="">target</var>'s <span>origin</span> is not
+ the <span title="same origin">same</span> as the
+ <span>origin</span> of the <span>active document</span> of <var
+ title="">target</var>'s <span>top-level browsing context</span>,
+ abort these steps.</p></li>
+
<li><p>If the user agent has already reached the last step of this
list of steps in response to an element being <span title="insert
- an element into a document">inserted</span> into this
- <code>Document</code>, abort these steps.</p></li>
+ an element into a document">inserted</span> into a
+ <code>Document</code> whose <span>top-level browsing
+ context</span>'s <span>active document</span> is the same as <var
+ title="">target</var>'s <span>top-level browsing context</span>'s
+ <span>active document</span>, abort these steps.</p></li>
<li><p>If the user has indicated (for example, by starting to type
in a form control) that he does not wish focus to be changed, then
More information about the Commit-Watchers
mailing list