[html5] r8273 - [] (3) Remove security checks on Document since there should now be no way to ge [...]

whatwg at whatwg.org whatwg at whatwg.org
Tue Nov 12 13:53:08 PST 2013


Author: ianh
Date: 2013-11-12 13:53:05 -0800 (Tue, 12 Nov 2013)
New Revision: 8273

Modified:
   complete.html
   index
   source
Log:
[] (3) Remove security checks on Document since there should now be no way to get to a Document from another origin.
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23219
Affected topics: DOM APIs, HTML Syntax and Parsing, Security

Modified: complete.html
===================================================================
--- complete.html	2013-11-12 21:50:40 UTC (rev 8272)
+++ complete.html	2013-11-12 21:53:05 UTC (rev 8273)
@@ -444,10 +444,9 @@
    <li><a href=#documents><span class=secno>3.1 </span>Documents</a>
     <ol>
      <li><a href=#the-document-object><span class=secno>3.1.1 </span>The <code>Document</code> object</a></li>
-     <li><a href=#security-document><span class=secno>3.1.2 </span>Security</a></li>
-     <li><a href=#resource-metadata-management><span class=secno>3.1.3 </span>Resource metadata management</a></li>
-     <li><a href=#dom-tree-accessors><span class=secno>3.1.4 </span>DOM tree accessors</a></li>
-     <li><a href=#loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</a></ol></li>
+     <li><a href=#resource-metadata-management><span class=secno>3.1.2 </span>Resource metadata management</a></li>
+     <li><a href=#dom-tree-accessors><span class=secno>3.1.3 </span>DOM tree accessors</a></li>
+     <li><a href=#loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</a></ol></li>
    <li><a href=#elements><span class=secno>3.2 </span>Elements</a>
     <ol>
      <li><a href=#semantics-0><span class=secno>3.2.1 </span>Semantics</a></li>
@@ -8485,27 +8484,9 @@
 <a href=#document>Document</a> implements <a href=#globaleventhandlers>GlobalEventHandlers</a>;</pre>
 
 
-<!--ADD-TOPIC:Security-->
-  <h4 id=security-document><span class=secno>3.1.2 </span>Security</h4>
 
-<!--CLEANUP-->
-  <p id=security>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
-  properties of a <code><a href=#document>Document</a></code> object are accessed when the <a href=#incumbent-settings-object>incumbent settings object</a>
-  specifies an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a>
-  as the <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>.</p>
+  <h4 id=resource-metadata-management><span class=secno>3.1.2 </span><dfn>Resource metadata management</dfn></h4>
 
-<!--CLEANUP-->
-  <p>When the <a href=#incumbent-settings-object>incumbent settings object</a> specifies an <a href=#effective-script-origin>effective script origin</a> that is different than
-  a <code><a href=#document>Document</a></code> object's <a href=#effective-script-origin>effective script origin</a>, the user agent must act as
-  if <!--(redundant since you can't access any anyway) any changes to that <code>Document</code>
-  object's properties, getters, setters, etc, were not present, and as if--> all the properties of
-  that <code><a href=#document>Document</a></code> object had their [[Enumerable]] attribute set to false.</p>
-<!--REMOVE-TOPIC:Security-->
-
-
-
-  <h4 id=resource-metadata-management><span class=secno>3.1.3 </span><dfn>Resource metadata management</dfn></h4>
-
   <dl class=domintro><dt><var title="">document</var> . <code title=dom-document-referrer><a href=#dom-document-referrer>referrer</a></code></dt>
    <dd>
 
@@ -8658,7 +8639,7 @@
 
 
 
-  <h4 id=dom-tree-accessors><span class=secno>3.1.4 </span><dfn>DOM tree accessors</dfn></h4>
+  <h4 id=dom-tree-accessors><span class=secno>3.1.3 </span><dfn>DOM tree accessors</dfn></h4>
 
   <p><dfn id=the-html-element-0>The <code>html</code> element</dfn> of a document is the
   document's root element, if there is one and it's an
@@ -9064,7 +9045,7 @@
 
   <div class=impl> <!-- very deprecated API; use XHR instead -->
 
-  <h4 id=loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</h4>
+  <h4 id=loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</h4>
 
   <pre class=idl>partial interface <dfn id=xmldocument>XMLDocument</dfn> {
 <!--SYNCLOAD           attribute boolean <span title="dom-XMLDocument-async">async</span>;
@@ -91629,9 +91610,9 @@
      this also fires an event synchronously during the task -->.</li>
 
      <li><p>If the <code><a href=#document>Document</a></code> is in a <a href=#browsing-context>browsing context</a>, create a <a href=#concept-events-trusted title=concept-events-trusted>trusted</a> event named <code title=event-load>load</code> that does not bubble and is not cancelable and which uses the
-     <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch it at
-     the <code>Document</code>'s <code>Window</code> object, with <i>target override</i> set to the
-     <code>Document</code> object.</a></li>
+     <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch</a> it at
+     the <code><a href=#document>Document</a></code>'s <code><a href=#window>Window</a></code> object, with <i>target override</i> set to the
+     <code><a href=#document>Document</a></code> object.</li>
 
     </ol></li>
 

Modified: index
===================================================================
--- index	2013-11-12 21:50:40 UTC (rev 8272)
+++ index	2013-11-12 21:53:05 UTC (rev 8273)
@@ -444,10 +444,9 @@
    <li><a href=#documents><span class=secno>3.1 </span>Documents</a>
     <ol>
      <li><a href=#the-document-object><span class=secno>3.1.1 </span>The <code>Document</code> object</a></li>
-     <li><a href=#security-document><span class=secno>3.1.2 </span>Security</a></li>
-     <li><a href=#resource-metadata-management><span class=secno>3.1.3 </span>Resource metadata management</a></li>
-     <li><a href=#dom-tree-accessors><span class=secno>3.1.4 </span>DOM tree accessors</a></li>
-     <li><a href=#loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</a></ol></li>
+     <li><a href=#resource-metadata-management><span class=secno>3.1.2 </span>Resource metadata management</a></li>
+     <li><a href=#dom-tree-accessors><span class=secno>3.1.3 </span>DOM tree accessors</a></li>
+     <li><a href=#loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</a></ol></li>
    <li><a href=#elements><span class=secno>3.2 </span>Elements</a>
     <ol>
      <li><a href=#semantics-0><span class=secno>3.2.1 </span>Semantics</a></li>
@@ -8485,27 +8484,9 @@
 <a href=#document>Document</a> implements <a href=#globaleventhandlers>GlobalEventHandlers</a>;</pre>
 
 
-<!--ADD-TOPIC:Security-->
-  <h4 id=security-document><span class=secno>3.1.2 </span>Security</h4>
 
-<!--CLEANUP-->
-  <p id=security>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
-  properties of a <code><a href=#document>Document</a></code> object are accessed when the <a href=#incumbent-settings-object>incumbent settings object</a>
-  specifies an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a>
-  as the <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>.</p>
+  <h4 id=resource-metadata-management><span class=secno>3.1.2 </span><dfn>Resource metadata management</dfn></h4>
 
-<!--CLEANUP-->
-  <p>When the <a href=#incumbent-settings-object>incumbent settings object</a> specifies an <a href=#effective-script-origin>effective script origin</a> that is different than
-  a <code><a href=#document>Document</a></code> object's <a href=#effective-script-origin>effective script origin</a>, the user agent must act as
-  if <!--(redundant since you can't access any anyway) any changes to that <code>Document</code>
-  object's properties, getters, setters, etc, were not present, and as if--> all the properties of
-  that <code><a href=#document>Document</a></code> object had their [[Enumerable]] attribute set to false.</p>
-<!--REMOVE-TOPIC:Security-->
-
-
-
-  <h4 id=resource-metadata-management><span class=secno>3.1.3 </span><dfn>Resource metadata management</dfn></h4>
-
   <dl class=domintro><dt><var title="">document</var> . <code title=dom-document-referrer><a href=#dom-document-referrer>referrer</a></code></dt>
    <dd>
 
@@ -8658,7 +8639,7 @@
 
 
 
-  <h4 id=dom-tree-accessors><span class=secno>3.1.4 </span><dfn>DOM tree accessors</dfn></h4>
+  <h4 id=dom-tree-accessors><span class=secno>3.1.3 </span><dfn>DOM tree accessors</dfn></h4>
 
   <p><dfn id=the-html-element-0>The <code>html</code> element</dfn> of a document is the
   document's root element, if there is one and it's an
@@ -9064,7 +9045,7 @@
 
   <div class=impl> <!-- very deprecated API; use XHR instead -->
 
-  <h4 id=loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</h4>
+  <h4 id=loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</h4>
 
   <pre class=idl>partial interface <dfn id=xmldocument>XMLDocument</dfn> {
 <!--SYNCLOAD           attribute boolean <span title="dom-XMLDocument-async">async</span>;
@@ -91629,9 +91610,9 @@
      this also fires an event synchronously during the task -->.</li>
 
      <li><p>If the <code><a href=#document>Document</a></code> is in a <a href=#browsing-context>browsing context</a>, create a <a href=#concept-events-trusted title=concept-events-trusted>trusted</a> event named <code title=event-load>load</code> that does not bubble and is not cancelable and which uses the
-     <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch it at
-     the <code>Document</code>'s <code>Window</code> object, with <i>target override</i> set to the
-     <code>Document</code> object.</a></li>
+     <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch</a> it at
+     the <code><a href=#document>Document</a></code>'s <code><a href=#window>Window</a></code> object, with <i>target override</i> set to the
+     <code><a href=#document>Document</a></code> object.</li>
 
     </ol></li>
 

Modified: source
===================================================================
--- source	2013-11-12 21:50:40 UTC (rev 8272)
+++ source	2013-11-12 21:53:05 UTC (rev 8273)
@@ -8124,25 +8124,7 @@
 <span>Document</span> implements <span>GlobalEventHandlers</span>;</pre>
 
 
-<!--ADD-TOPIC:Security-->
-  <h4 id="security-document">Security</h4>
 
-<!--CLEANUP-->
-  <p id="security">User agents must throw a <code>SecurityError</code> exception whenever any
-  properties of a <code>Document</code> object are accessed when the <span>incumbent settings object</span>
-  specifies an <span>effective script origin</span> that is not the <span data-x="same origin">same</span>
-  as the <code>Document</code>'s <span>effective script origin</span>.</p>
-
-<!--CLEANUP-->
-  <p>When the <span>incumbent settings object</span> specifies an <span>effective script origin</span> that is different than
-  a <code>Document</code> object's <span>effective script origin</span>, the user agent must act as
-  if <!--(redundant since you can't access any anyway) any changes to that <code>Document</code>
-  object's properties, getters, setters, etc, were not present, and as if--> all the properties of
-  that <code>Document</code> object had their [[Enumerable]] attribute set to false.</p>
-<!--REMOVE-TOPIC:Security-->
-
-
-
   <h4><dfn>Resource metadata management</dfn></h4>
 
   <dl class="domintro">
@@ -102022,7 +102004,7 @@
      <li><p>If the <code>Document</code> is in a <span>browsing context</span>, create a <span
      data-x="concept-events-trusted">trusted</span> event named <code
      data-x="event-load">load</code> that does not bubble and is not cancelable and which uses the
-     <code>Event</code> interface, and <span data-x="concept-event-dispatch">dispatch</soan> it at
+     <code>Event</code> interface, and <span data-x="concept-event-dispatch">dispatch</span> it at
      the <code>Document</code>'s <code>Window</code> object, with <i>target override</i> set to the
      <code>Document</code> object.</p></li>
 




More information about the Commit-Watchers mailing list