[html5] r6296 - [e] (0) Block access to all properties when going cross-origin, not just defined [...]

whatwg at whatwg.org whatwg at whatwg.org
Thu Jul 14 15:29:34 PDT 2011 

Author: ianh
Date: 2011-07-14 15:29:32 -0700 (Thu, 14 Jul 2011)
New Revision: 6296

Modified:
   complete.html
   index
   source
Log:
[e] (0) Block access to all properties when going cross-origin, not just defined members.
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=12440

Modified: complete.html
===================================================================
--- complete.html	2011-07-14 03:13:10 UTC (rev 6295)
+++ complete.html	2011-07-14 22:29:32 UTC (rev 6296)
@@ -239,7 +239,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
    <hgroup><h1>Web Applications 1.0</h1>
-    <h2 class="no-num no-toc">Living Standard — Last Updated 13 July 2011</h2>
+    <h2 class="no-num no-toc">Living Standard — Last Updated 14 July 2011</h2>
    </hgroup><dl><dt>Multiple-page version:</dt>
     <dd><a href=http://www.whatwg.org/specs/web-apps/current-work/complete/>http://www.whatwg.org/specs/web-apps/current-work/complete/</a></dd>
     <dt>One-page version:</dt>
@@ -9284,8 +9284,8 @@
   <h4 id=security-document><span class=secno>3.1.2 </span>Security</h4>
 
   <p id=security>User agents <span class=impl>must</span> raise a
-  <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any of the members of
-  an <code><a href=#htmldocument>HTMLDocument</a></code> object are accessed by scripts whose
+  <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any properties of a
+  <code><a href=#document>Document</a></code> object are accessed by scripts whose
   <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same
   origin">same</a> as the <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective
   script origin</a>.</p>
@@ -61925,13 +61925,13 @@
   <h4 id=security-window><span class=secno>6.2.1 </span>Security</h4>
 
   <p id=security-2>User agents must raise a
-  <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any of the members of a
+  <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any properties of a
   <code><a href=#window>Window</a></code> object are accessed by scripts whose
   <a href=#effective-script-origin>effective script origin</a> is not the same as the
   <code><a href=#window>Window</a></code> object's <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective
   script origin</a>, with the following exceptions:</p>
 
-  <ul><li>The <code title=dom-location><a href=#dom-location>location</a></code> object
+  <ul><li>The <code title=dom-location><a href=#dom-location>location</a></code> attribute
 
    <li>The <code title=dom-window-postMessage><a href=#dom-window-postmessage>postMessage()</a></code> method
 

Modified: index
===================================================================
--- index	2011-07-14 03:13:10 UTC (rev 6295)
+++ index	2011-07-14 22:29:32 UTC (rev 6296)
@@ -243,7 +243,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard — Last Updated 13 July 2011</h2>
+    <h2 class="no-num no-toc">Living Standard — Last Updated 14 July 2011</h2>
    </hgroup><dl><dt><strong>Web developer edition</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -9153,8 +9153,8 @@
   <h4 id=security-document><span class=secno>3.1.2 </span>Security</h4>
 
   <p id=security>User agents <span class=impl>must</span> raise a
-  <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any of the members of
-  an <code><a href=#htmldocument>HTMLDocument</a></code> object are accessed by scripts whose
+  <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any properties of a
+  <code><a href=#document>Document</a></code> object are accessed by scripts whose
   <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same
   origin">same</a> as the <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective
   script origin</a>.</p>
@@ -61797,13 +61797,13 @@
   <h4 id=security-window><span class=secno>6.2.1 </span>Security</h4>
 
   <p id=security-2>User agents must raise a
-  <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any of the members of a
+  <code><a href=#security_err>SECURITY_ERR</a></code> exception whenever any properties of a
   <code><a href=#window>Window</a></code> object are accessed by scripts whose
   <a href=#effective-script-origin>effective script origin</a> is not the same as the
   <code><a href=#window>Window</a></code> object's <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective
   script origin</a>, with the following exceptions:</p>
 
-  <ul><li>The <code title=dom-location><a href=#dom-location>location</a></code> object
+  <ul><li>The <code title=dom-location><a href=#dom-location>location</a></code> attribute
 
    <li>The <code title=dom-window-postMessage><a href=#dom-window-postmessage>postMessage()</a></code> method
 

Modified: source
===================================================================
--- source	2011-07-14 03:13:10 UTC (rev 6295)
+++ source	2011-07-14 22:29:32 UTC (rev 6296)
@@ -9330,8 +9330,8 @@
   <h4 id="security-document">Security</h4>
 
   <p id="security">User agents <span class="impl">must</span> raise a
-  <code>SECURITY_ERR</code> exception whenever any of the members of
-  an <code>HTMLDocument</code> object are accessed by scripts whose
+  <code>SECURITY_ERR</code> exception whenever any properties of a
+  <code>Document</code> object are accessed by scripts whose
   <span>effective script origin</span> is not the <span title="same
   origin">same</span> as the <code>Document</code>'s <span>effective
   script origin</span>.</p>
@@ -70392,7 +70392,7 @@
   <h4 id="security-window">Security</h4>
 
   <p id="security-2">User agents must raise a
-  <code>SECURITY_ERR</code> exception whenever any of the members of a
+  <code>SECURITY_ERR</code> exception whenever any properties of a
   <code>Window</code> object are accessed by scripts whose
   <span>effective script origin</span> is not the same as the
   <code>Window</code> object's <code>Document</code>'s <span>effective
@@ -70400,7 +70400,7 @@
 
   <ul>
 
-   <li>The <code title="dom-location">location</code> object
+   <li>The <code title="dom-location">location</code> attribute
 
    <li>The <code title="dom-window-postMessage">postMessage()</code> method

More information about the Commit-Watchers mailing list