- From: <bugzilla@jessica.w3.org>
- Date: Mon, 27 Jun 2011 17:39:39 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13072
Summary: Section 5.3 Origin. "Two origins are said to be the
same origin if the following algorithm returns true:
[...] If A and B have port components that are not
identical, return false." IE8 and IE9 do not conform
to this. Per http://msdn.microsoft.com/en-us
Product: HTML WG
Version: unspecified
Platform: Other
URL: http://www.whatwg.org/specs/web-apps/current-work/#top
OS/Version: other
Status: NEW
Severity: normal
Priority: P3
Component: HTML5 spec (editor: Ian Hickson)
AssignedTo: ian@hixie.ch
ReportedBy: contributor@whatwg.org
QAContact: public-html-bugzilla@w3.org
CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
public-html@w3.org
Specification: http://dev.w3.org/html5/spec/Overview.html
Multipage: http://www.whatwg.org/C#top
Complete: http://www.whatwg.org/c#top
Comment:
Section 5.3 Origin. "Two origins are said to be the same origin if the
following algorithm returns true: [...] If A and B have port components that
are not identical, return false."
IE8 and IE9 do not conform to this. Per
http://msdn.microsoft.com/en-us/library/ms537505.aspx : "In Internet Explorer
8 and later, that restriction has been removed. Internet Explorer does not
consider the port to be a part of the Security Identifier (origin) used for
Same Origin Policy enforcement."
If the outlined algorithm becomes the standard that developers code by, then
it is crucial that all browsers follow this algorithm otherwise serious
security problems could arise. If the outlined algorithm is the way forward,
please put pressure on Microsoft to patch IE8 and beyond to conform.
Posted from: 66.188.21.138
User agent: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.8.131 Version/11.11
--
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Monday, 27 June 2011 17:39:40 UTC