hixie: Rework the security model for cross-origin access, so that we can be surer that prototype objects are safe. (whatwg r3622)

hixie: Rework the security model for cross-origin access, so that we can
be surer that prototype objects are safe. (whatwg r3622)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.2811&r2=1.2812&f=h
http://html5.org/tools/web-apps-tracker?from=3621&to=3622

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.2811
retrieving revision 1.2812
diff -u -d -r1.2811 -r1.2812
--- Overview.html 14 Aug 2009 10:33:32 -0000 1.2811
+++ Overview.html 14 Aug 2009 22:52:09 -0000 1.2812
@@ -41632,7 +41632,31 @@
 
    <li>The <a href="#dynamic-nested-browsing-context-properties">dynamic nested browsing context properties</a>
 
-  </ul><p>User agents must not allow scripts to override the <code title="dom-location"><a href="#dom-location">location</a></code> object's setter.</p>
+  </ul><p>When a script whose <a href="#effective-script-origin">effective script origin</a> is not
+  the same as the <code><a href="#window">Window</a></code> object's <code>Document</code>'s
+  <a href="#effective-script-origin">effective script origin</a> attempts to access that
+  <code><a href="#window">Window</a></code> object's methods or attributes, the user agent
+  must act as if any changes to the <code><a href="#window">Window</a></code> object's
+  properties, getters, setters, etc, were not present.</p>
+
+  <p>For members that return objects (including function objects),
+  each distinct <a href="#effective-script-origin">effective script origin</a> that is not the
+  same as the <code><a href="#window">Window</a></code> object's <code>Document</code>'s
+  <a href="#effective-script-origin">effective script origin</a> must be provided with a
+  separate set of objects. These objects must have the prototype chain
+  appropriate for the script for which the objects are created (not
+  those that would be appropriate for scripts whose <a href="#script-s-global-object">script's
+  global object</a> is the <code><a href="#window">Window</a></code> object in
+  question).</p>
+
+  <div class="example">
+
+   <p>For instance, if two frames containing <code>Document</code>s
+   from different <a href="#origin-0" title="origin">origins</a> access the same
+   <code><a href="#window">Window</a></code> object's <code title="dom-window-postMessage-2"><a href="#dom-window-postmessage-2">postMessage()</a></code> method, they
+   will get distinct objects that are not equal.</p>
+
+  </div>
 
   </div><h4 id="apis-for-creating-and-navigating-browsing-contexts-by-name"><span class="secno">6.3.2 </span>APIs for creating and navigating browsing contexts by name</h4><dl class="domintro"><dt><var title="">window</var> = <var title="">window</var> . <code title="dom-open"><a href="#dom-open">open</a></code>( [ <var title="">url</var> [, <var title="">target</var> [, <var title="">features</var> [, <var title="">replace</var> ] ] ] ] )</dt>
 
@@ -46843,11 +46867,7 @@
    <a href="#allowed-to-navigate">allowed to navigate</a> the browsing context with which
    the <code><a href="#location">Location</a></code> object is associated
 
-  </ul><p>User agents must not allow scripts to override the <code title="dom-location-href"><a href="#dom-location-href">href</a></code> attribute's setter or the
-  <code title="dom-location-replace"><a href="#dom-location-replace">replace()</a></code> method on the
-  <code><a href="#location">Location</a></code> object.</p>
-
-  </div><div class="impl">
+  </ul></div><div class="impl">
 
   <h4 id="history-notes"><span class="secno">6.10.5 </span>Implementation notes for session history</h4>
   <!-- don't change the ID without updating multiple internal links -->

Received on Friday, 14 August 2009 22:53:11 UTC