[html5] r7938 - [e] (0) non-normative text for 'origin' Fixing https://www.w3.org/Bugs/Public/sh [...]
whatwg at whatwg.org
whatwg at whatwg.org
Fri Jun 7 15:24:55 PDT 2013
Author: ianh
Date: 2013-06-07 15:24:53 -0700 (Fri, 07 Jun 2013)
New Revision: 7938
Modified:
complete.html
index
source
Log:
[e] (0) non-normative text for 'origin'
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=21949
Affected topics: Security
Modified: complete.html
===================================================================
--- complete.html 2013-06-07 21:53:26 UTC (rev 7937)
+++ complete.html 2013-06-07 22:24:53 UTC (rev 7938)
@@ -65480,7 +65480,16 @@
<h3 id=origin-0><span class=secno>6.3 </span>Origin</h3>
<!-- Hallowed are the Ori -->
- <p>The <dfn id=origin>origin</dfn> of a resource and the <dfn id=effective-script-origin>effective script origin</dfn> of a resource
+ <p>Origins are the fundamental currency of the Web's security model. Two actors in the Web
+ platform that share an origin are assumed to trust each other and to have the same authority.
+ Actors with differing origins are considered potentially hostile versus each other, and are
+ isolated from each other to varying degrees.</p>
+
+ <p class=example>For example, if Example Bank's Web site, hosted at <code title="">bank.example.com</code>, tries to examine the DOM of Example Charity's Web site, hosted
+ at <code title="">charity.example.org</code>, a <code><a href=#securityerror>SecurityError</a></code> exception will be
+ raised.</p>
+
+ <hr><p>The <dfn id=origin>origin</dfn> of a resource and the <dfn id=effective-script-origin>effective script origin</dfn> of a resource
are both either opaque identifiers or tuples consisting of a scheme component, a host component, a
port component, and optionally extra data.</p>
Modified: index
===================================================================
--- index 2013-06-07 21:53:26 UTC (rev 7937)
+++ index 2013-06-07 22:24:53 UTC (rev 7938)
@@ -65480,7 +65480,16 @@
<h3 id=origin-0><span class=secno>6.3 </span>Origin</h3>
<!-- Hallowed are the Ori -->
- <p>The <dfn id=origin>origin</dfn> of a resource and the <dfn id=effective-script-origin>effective script origin</dfn> of a resource
+ <p>Origins are the fundamental currency of the Web's security model. Two actors in the Web
+ platform that share an origin are assumed to trust each other and to have the same authority.
+ Actors with differing origins are considered potentially hostile versus each other, and are
+ isolated from each other to varying degrees.</p>
+
+ <p class=example>For example, if Example Bank's Web site, hosted at <code title="">bank.example.com</code>, tries to examine the DOM of Example Charity's Web site, hosted
+ at <code title="">charity.example.org</code>, a <code><a href=#securityerror>SecurityError</a></code> exception will be
+ raised.</p>
+
+ <hr><p>The <dfn id=origin>origin</dfn> of a resource and the <dfn id=effective-script-origin>effective script origin</dfn> of a resource
are both either opaque identifiers or tuples consisting of a scheme component, a host component, a
port component, and optionally extra data.</p>
Modified: source
===================================================================
--- source 2013-06-07 21:53:26 UTC (rev 7937)
+++ source 2013-06-07 22:24:53 UTC (rev 7938)
@@ -73032,6 +73032,18 @@
<h3>Origin</h3>
<!-- Hallowed are the Ori -->
+ <p>Origins are the fundamental currency of the Web's security model. Two actors in the Web
+ platform that share an origin are assumed to trust each other and to have the same authority.
+ Actors with differing origins are considered potentially hostile versus each other, and are
+ isolated from each other to varying degrees.</p>
+
+ <p class="example">For example, if Example Bank's Web site, hosted at <code
+ title="">bank.example.com</code>, tries to examine the DOM of Example Charity's Web site, hosted
+ at <code title="">charity.example.org</code>, a <code>SecurityError</code> exception will be
+ raised.</p>
+
+ <hr>
+
<p>The <dfn>origin</dfn> of a resource and the <dfn>effective script origin</dfn> of a resource
are both either opaque identifiers or tuples consisting of a scheme component, a host component, a
port component, and optionally extra data.</p>
More information about the Commit-Watchers
mailing list