W3C home > Mailing lists > Public > public-html-diffs@w3.org > April 2010

hixie: stablise ids for security sections (whatwg r4900)

From: poot <cvsmail@w3.org>
Date: Thu, 1 Apr 2010 14:35:45 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20100401053546.1B9562BC93@toro.w3.mag.keio.ac.jp>
hixie: stablise ids for security sections (whatwg r4900)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.3920&r2=1.3921&f=h
http://html5.org/tools/web-apps-tracker?from=4899&to=4900

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3920
retrieving revision 1.3921
diff -u -d -r1.3920 -r1.3921
--- Overview.html	30 Mar 2010 01:34:15 -0000	1.3920
+++ Overview.html	30 Mar 2010 01:39:28 -0000	1.3921
@@ -502,7 +502,7 @@
    <li><a href="#documents"><span class="secno">3.1 </span>Documents</a>
     <ol>
      <li><a href="#documents-in-the-dom"><span class="secno">3.1.1 </span>Documents in the DOM</a></li>
-     <li><a href="#security"><span class="secno">3.1.2 </span>Security</a></li>
+     <li><a href="#security-document"><span class="secno">3.1.2 </span>Security</a></li>
      <li><a href="#resource-metadata-management"><span class="secno">3.1.3 </span>Resource metadata management</a></li>
      <li><a href="#dom-tree-accessors"><span class="secno">3.1.4 </span>DOM tree accessors</a></li>
      <li><a href="#creating-documents"><span class="secno">3.1.5 </span>Creating documents</a></ol></li>
@@ -792,7 +792,7 @@
        <li><a href="#definitions"><span class="secno">4.10.20.1 </span>Definitions</a></li>
        <li><a href="#constraint-validation"><span class="secno">4.10.20.2 </span>Constraint validation</a></li>
        <li><a href="#the-constraint-validation-api"><span class="secno">4.10.20.3 </span>The constraint validation API</a></li>
-       <li><a href="#security-0"><span class="secno">4.10.20.4 </span>Security</a></ol></li>
+       <li><a href="#security-forms"><span class="secno">4.10.20.4 </span>Security</a></ol></li>
      <li><a href="#form-submission"><span class="secno">4.10.21 </span>Form submission</a>
       <ol>
        <li><a href="#introduction-1"><span class="secno">4.10.21.1 </span>Introduction</a></li>
@@ -881,12 +881,12 @@
       <ol>
        <li><a href="#navigating-auxiliary-browsing-contexts-in-the-dom"><span class="secno">5.1.2.1 </span>Navigating auxiliary browsing contexts in the DOM</a></ol></li>
      <li><a href="#secondary-browsing-contexts"><span class="secno">5.1.3 </span>Secondary browsing contexts</a></li>
-     <li><a href="#security-1"><span class="secno">5.1.4 </span>Security</a></li>
+     <li><a href="#security-nav"><span class="secno">5.1.4 </span>Security</a></li>
      <li><a href="#groupings-of-browsing-contexts"><span class="secno">5.1.5 </span>Groupings of browsing contexts</a></li>
      <li><a href="#browsing-context-names"><span class="secno">5.1.6 </span>Browsing context names</a></ol></li>
    <li><a href="#the-window-object"><span class="secno">5.2 </span>The <code>Window</code> object</a>
     <ol>
-     <li><a href="#security-2"><span class="secno">5.2.1 </span>Security</a></li>
+     <li><a href="#security-window"><span class="secno">5.2.1 </span>Security</a></li>
      <li><a href="#apis-for-creating-and-navigating-browsing-contexts-by-name"><span class="secno">5.2.2 </span>APIs for creating and navigating browsing contexts by name</a></li>
      <li><a href="#accessing-other-browsing-contexts"><span class="secno">5.2.3 </span>Accessing other browsing contexts</a></li>
      <li><a href="#named-access-on-the-window-object"><span class="secno">5.2.4 </span>Named access on the <code>Window</code> object</a></li>
@@ -902,7 +902,7 @@
      <li><a href="#the-history-interface"><span class="secno">5.4.2 </span>The <code>History</code> interface</a></li>
      <li><a href="#the-location-interface"><span class="secno">5.4.3 </span>The <code>Location</code> interface</a>
       <ol>
-       <li><a href="#security-3"><span class="secno">5.4.3.1 </span>Security</a></ol></li>
+       <li><a href="#security-location"><span class="secno">5.4.3.1 </span>Security</a></ol></li>
      <li><a href="#history-notes"><span class="secno">5.4.4 </span>Implementation notes for session history</a></ol></li>
    <li><a href="#browsing-the-web"><span class="secno">5.5 </span>Browsing the Web</a>
     <ol>
@@ -6479,7 +6479,7 @@
 };
 <a href="#document">Document</a> implements <a href="#htmldocument">HTMLDocument</a>;</pre><p>Since the <code><a href="#htmldocument">HTMLDocument</a></code> interface holds methods and
   attributes related to a number of disparate features, the members of
-  this interface are described in various different sections.<h4 id="security"><span class="secno">3.1.2 </span>Security</h4><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p>User agents <span class="impl">must</span> raise a
+  this interface are described in various different sections.<h4 id="security-document"><span class="secno">3.1.2 </span>Security</h4><p id="security">User agents <span class="impl">must</span> raise a
   <code><a href="#security_err">SECURITY_ERR</a></code> exception whenever any of the members of
   an <code><a href="#htmldocument">HTMLDocument</a></code> object are accessed by scripts whose
   <a href="#effective-script-origin">effective script origin</a> is not the <a href="#same-origin" title="same
@@ -33449,11 +33449,11 @@
   error</a>, then the <a href="#custom-validity-error-message">custom validity error message</a>
   should be present in the return value.</p>
 
-  </div><h5 id="security-0"><span class="secno">4.10.20.4 </span>Security</h5><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p>Servers should not rely on client-side validation. Client-side
-  validation can be intentionally bypassed by hostile users, and
-  unintentionally bypassed by users of older user agents or automated
-  tools that do not implement these features. The constraint
-  validation features are only intended to improve the user
+  </div><h5 id="security-forms"><span class="secno">4.10.20.4 </span>Security</h5><p id="security-0">Servers should not rely on client-side
+  validation. Client-side validation can be intentionally bypassed by
+  hostile users, and unintentionally bypassed by users of older user
+  agents or automated tools that do not implement these features. The
+  constraint validation features are only intended to improve the user
   experience, not to provide any kind of security mechanism.<h4 id="form-submission"><span class="secno">4.10.21 </span><dfn>Form submission</dfn></h4><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><div class="impl">
 
   <h5 id="introduction-1"><span class="secno">4.10.21.1 </span>Introduction</h5><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i></p>
@@ -40108,12 +40108,11 @@
   context">secondary browsing contexts</dfn>, which are <a href="#browsing-context" title="browsing context">browsing contexts</a> that form part of
   the user agent's interface, apart from the main content area.<div class="impl">
 
-  <h4 id="security-1"><span class="secno">5.1.4 </span>Security</h4><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i></p>
+  <h4 id="security-nav"><span class="secno">5.1.4 </span>Security</h4>
 
-  <p>A <a href="#browsing-context">browsing context</a> <var title="">A</var> is
-  <dfn id="allowed-to-navigate">allowed to navigate</dfn> a second <a href="#browsing-context">browsing
-  context</a> <var title="">B</var> if one of the following
-  conditions is true:</p>
+  <p id="security-1">A <a href="#browsing-context">browsing context</a> <var title="">A</var> is <dfn id="allowed-to-navigate">allowed to navigate</dfn> a second
+  <a href="#browsing-context">browsing context</a> <var title="">B</var> if one of the
+  following conditions is true:</p>
 
   <ul><li>Either the <a href="#origin">origin</a> of the <a href="#active-document">active
    document</a> of <var title="">A</var> is the <a href="#same-origin" title="same
@@ -40437,14 +40436,14 @@
 
   </div><div class="impl">
 
-  <h4 id="security-2"><span class="secno">5.2.1 </span>Security</h4><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i></p>
+  <h4 id="security-window"><span class="secno">5.2.1 </span>Security</h4>
 
-  <p>User agents must raise a <code><a href="#security_err">SECURITY_ERR</a></code> exception
-  whenever any of the members of a <code><a href="#window">Window</a></code> object are
-  accessed by scripts whose <a href="#effective-script-origin">effective script origin</a> is
-  not the same as the <code><a href="#window">Window</a></code> object's
-  <code><a href="#document">Document</a></code>'s <a href="#effective-script-origin">effective script origin</a>, with
-  the following exceptions:</p>
+  <p id="security-2">User agents must raise a
+  <code><a href="#security_err">SECURITY_ERR</a></code> exception whenever any of the members of a
+  <code><a href="#window">Window</a></code> object are accessed by scripts whose
+  <a href="#effective-script-origin">effective script origin</a> is not the same as the
+  <code><a href="#window">Window</a></code> object's <code><a href="#document">Document</a></code>'s <a href="#effective-script-origin">effective
+  script origin</a>, with the following exceptions:</p>
 
   <ul><li>The <code title="dom-location"><a href="#dom-location">location</a></code> object
 
@@ -42025,13 +42024,15 @@
 
   </div><div class="impl">
 
-  <h5 id="security-3"><span class="secno">5.4.3.1 </span>Security</h5><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i></p>
+  <h5 id="security-location"><span class="secno">5.4.3.1 </span>Security</h5>
 
-  <p>User agents must raise a <code><a href="#security_err">SECURITY_ERR</a></code> exception whenever
-  any of the members of a <code><a href="#location">Location</a></code> object are accessed by
-  scripts whose <a href="#effective-script-origin">effective script origin</a> is not the <a href="#same-origin" title="same origin">same</a> as the <code><a href="#location">Location</a></code>
-  object's associated <code><a href="#document">Document</a></code>'s <a href="#effective-script-origin">effective script
-  origin</a>, with the following exceptions:</p>
+  <p id="security-3">User agents must raise a
+  <code><a href="#security_err">SECURITY_ERR</a></code> exception whenever any of the members of a
+  <code><a href="#location">Location</a></code> object are accessed by scripts whose
+  <a href="#effective-script-origin">effective script origin</a> is not the <a href="#same-origin" title="same
+  origin">same</a> as the <code><a href="#location">Location</a></code> object's associated
+  <code><a href="#document">Document</a></code>'s <a href="#effective-script-origin">effective script origin</a>, with
+  the following exceptions:</p>
 
   <ul><li>The <code title="dom-location-href"><a href="#dom-location-href">href</a></code> setter, if the
    script is running in a <a href="#browsing-context">browsing context</a> that is
Received on Thursday, 1 April 2010 05:36:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 18 December 2010 06:14:18 GMT