- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 28 Oct 2008 23:50:56 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv373
Modified Files:
Overview.html
Log Message:
Mention that client-side validation is not secure. (whatwg r2375)
Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.1546
retrieving revision 1.1547
diff -u -d -r1.1546 -r1.1547
--- Overview.html 28 Oct 2008 23:22:39 -0000 1.1546
+++ Overview.html 28 Oct 2008 23:50:53 -0000 1.1547
@@ -494,7 +494,8 @@
<ol>
<li><a href=#definitions><span class=secno>4.10.14.1 </span>Definitions</a></li>
<li><a href=#constraint-validation><span class=secno>4.10.14.2 </span>Constraint validation</a></li>
- <li><a href=#the-constraint-validation-api><span class=secno>4.10.14.3 </span>The constraint validation API</a></ol></li>
+ <li><a href=#the-constraint-validation-api><span class=secno>4.10.14.3 </span>The constraint validation API</a></li>
+ <li><a href=#security-0><span class=secno>4.10.14.4 </span>Security</a></ol></li>
<li><a href=#form-submission-0><span class=secno>4.10.15 </span>Form submission</a>
<ol>
<li><a href=#url-encoded-form-data><span class=secno>4.10.15.1 </span>URL-encoded form data</a></li>
@@ -555,12 +556,12 @@
<ol>
<li><a href=#navigating-auxiliary-browsing-contexts-in-the-dom><span class=secno>5.1.2.1 </span>Navigating auxiliary browsing contexts in the DOM</a></ol></li>
<li><a href=#secondary-browsing-contexts><span class=secno>5.1.3 </span>Secondary browsing contexts</a></li>
- <li><a href=#security-0><span class=secno>5.1.4 </span>Security</a></li>
+ <li><a href=#security-1><span class=secno>5.1.4 </span>Security</a></li>
<li><a href=#groupings-of-browsing-contexts><span class=secno>5.1.5 </span>Groupings of browsing contexts</a></li>
<li><a href=#browsing-context-names><span class=secno>5.1.6 </span>Browsing context names</a></ol></li>
<li><a href=#the-default-view><span class=secno>5.2 </span>The default view</a>
<ol>
- <li><a href=#security-1><span class=secno>5.2.1 </span>Security</a></li>
+ <li><a href=#security-2><span class=secno>5.2.1 </span>Security</a></li>
<li><a href=#apis-for-creating-and-navigating-browsing-contexts-by-name><span class=secno>5.2.2 </span>APIs for creating and navigating browsing contexts by name</a></li>
<li><a href=#accessing-other-browsing-contexts><span class=secno>5.2.3 </span>Accessing other browsing contexts</a></ol></li>
<li><a href=#origin><span class=secno>5.3 </span>Origin</a>
@@ -616,7 +617,7 @@
<li><a href=#activating-state-object-entries><span class=secno>5.8.3 </span>Activating state object entries</a></li>
<li><a href=#the-location-interface><span class=secno>5.8.4 </span>The <code>Location</code> interface</a>
<ol>
- <li><a href=#security-2><span class=secno>5.8.4.1 </span>Security</a></ol></li>
+ <li><a href=#security-3><span class=secno>5.8.4.1 </span>Security</a></ol></li>
<li><a href=#history-notes><span class=secno>5.8.5 </span>Implementation notes for session history</a></ol></li>
<li><a href=#browsing-the-web><span class=secno>5.9 </span>Browsing the Web</a>
<ol>
@@ -655,7 +656,7 @@
<ol>
<li><a href=#user-tracking><span class=secno>5.10.4.1 </span>User tracking</a></li>
<li><a href=#cookie-resurrection><span class=secno>5.10.4.2 </span>Cookie resurrection</a></ol></li>
- <li><a href=#security-3><span class=secno>5.10.5 </span>Security</a>
+ <li><a href=#security-4><span class=secno>5.10.5 </span>Security</a>
<ol>
<li><a href=#dns-spoofing-attacks><span class=secno>5.10.5.1 </span>DNS spoofing attacks</a></li>
<li><a href=#cross-directory-attacks><span class=secno>5.10.5.2 </span>Cross-directory attacks</a></li>
@@ -775,7 +776,7 @@
<li><a href=#crossDocumentMessages><span class=secno>7.4 </span>Cross-document messaging</a>
<ol>
<li><a href=#introduction-4><span class=secno>7.4.1 </span>Introduction</a></li>
- <li><a href=#security-4><span class=secno>7.4.2 </span>Security</a>
+ <li><a href=#security-5><span class=secno>7.4.2 </span>Security</a>
<ol>
<li><a href=#authors><span class=secno>7.4.2.1 </span>Authors</a></li>
<li><a href=#user-agents><span class=secno>7.4.2.2 </span>User agents</a></ol></li>
@@ -22372,7 +22373,12 @@
agent would show the user if this were the only form with a validity
constraint problem. If the element is <a href=#suffering-from-a-custom-error>suffering from a custom
error</a>, then the <a href=#custom-validity-error-message>custom validity error message</a>
- should be present in the return value.<h4 id=form-submission-0><span class=secno>4.10.15 </span>Form submission</h4><p>When a form <var title="">form</var> is <dfn id=concept-form-submit title=concept-form-submit>submitted</dfn> from an element <var title="">submitter</var> (typically a button), the user agent must
+ should be present in the return value.<h5 id=security-0><span class=secno>4.10.14.4 </span>Security</h5><p>Servers should not rely on client-side validation. Client-side
+ validation can be intentionally bypassed by hostile users, and
+ unintentionally bypassed by users of older user agents or automated
+ tools that do not implement these features. The constraint
+ validation features are only intended to improve the user
+ experience, not to provide any kind of security mechanism.<h4 id=form-submission-0><span class=secno>4.10.15 </span>Form submission</h4><p>When a form <var title="">form</var> is <dfn id=concept-form-submit title=concept-form-submit>submitted</dfn> from an element <var title="">submitter</var> (typically a button), the user agent must
run the following steps:<ol><li id=sandboxSubmitBlocked><p>If <var title="">form</var> is in
a <code>Document</code> that has no associated <a href=#browsing-context>browsing
context</a> or whose <a href=#browsing-context>browsing context</a> has its
@@ -25410,7 +25416,7 @@
browsing context</a>), if there is one and it is still
available.<h4 id=secondary-browsing-contexts><span class=secno>5.1.3 </span>Secondary browsing contexts</h4><p>User agents may support <dfn id=secondary-browsing-context title="secondary browsing
context">secondary browsing contexts</dfn>, which are <a href=#browsing-context title="browsing context">browsing contexts</a> that form part of
- the user agent's interface, apart from the main content area.<h4 id=security-0><span class=secno>5.1.4 </span>Security</h4><p>A <a href=#browsing-context>browsing context</a> <var title="">A</var> is
+ the user agent's interface, apart from the main content area.<h4 id=security-1><span class=secno>5.1.4 </span>Security</h4><p>A <a href=#browsing-context>browsing context</a> <var title="">A</var> is
<dfn id=allowed-to-navigate>allowed to navigate</dfn> a second <a href=#browsing-context>browsing
context</a> <var title="">B</var> if one of the following
conditions is true:<ul><li>Either the <a href=#origin-0>origin</a> of the <a href=#active-document>active
@@ -25654,7 +25660,7 @@
<code>Document</code>'s <a href=#default-view>default view</a>'s
<code><a href=#window>Window</a></code> object. A <code>Document</code> object's
<a href=#list-of-added-properties>list of added properties</a> must be empty when the
- <code>Document</code> object is created.<h4 id=security-1><span class=secno>5.2.1 </span>Security</h4><p>User agents must raise a <a href=#security-exception>security exception</a> whenever
+ <code>Document</code> object is created.<h4 id=security-2><span class=secno>5.2.1 </span>Security</h4><p>User agents must raise a <a href=#security-exception>security exception</a> whenever
any of the members of a <code><a href=#window>Window</a></code> object are accessed by
scripts whose <a href=#effective-script-origin>effective script origin</a> is not the same
as the <code><a href=#window>Window</a></code> object's <a href=#browsing-context>browsing context</a>'s
@@ -29024,7 +29030,7 @@
reload on shared Document updates all of them
user reload must be equivalent to .reload()
---><h5 id=security-2><span class=secno>5.8.4.1 </span>Security</h5><p>User agents must raise a <a href=#security-exception>security exception</a> whenever
+--><h5 id=security-3><span class=secno>5.8.4.1 </span>Security</h5><p>User agents must raise a <a href=#security-exception>security exception</a> whenever
any of the members of a <code><a href=#location>Location</a></code> object are accessed by
scripts whose <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same origin">same</a> as the <code><a href=#location>Location</a></code>
object's associated <code>Document</code>'s <a href=#effective-script-origin>effective script
@@ -30368,7 +30374,7 @@
cookies, then users are likely to delete data in one and not the
other. This would allow sites to use the two features as redundant
backup for each other, defeating a user's attempts to protect his
- privacy.<h4 id=security-3><span class=secno>5.10.5 </span>Security</h4><h5 id=dns-spoofing-attacks><span class=secno>5.10.5.1 </span>DNS spoofing attacks</h5><p>Because of the potential for DNS spoofing attacks, one cannot
+ privacy.<h4 id=security-4><span class=secno>5.10.5 </span>Security</h4><h5 id=dns-spoofing-attacks><span class=secno>5.10.5.1 </span>DNS spoofing attacks</h5><p>Because of the potential for DNS spoofing attacks, one cannot
guarantee that a host claiming to be in a certain domain really is
from that domain. To mitigate this, pages can use SSL. Pages using
SSL can be sure that only pages using SSL that have certificates
@@ -34189,7 +34195,7 @@
responds to by sending a message back to the document which sent
the message in the first place.</p>
- </div><h4 id=security-4><span class=secno>7.4.2 </span>Security</h4><h5 id=authors><span class=secno>7.4.2.1 </span>Authors</h5><p class=warning>Use of this API requires extra care to protect
+ </div><h4 id=security-5><span class=secno>7.4.2 </span>Security</h4><h5 id=authors><span class=secno>7.4.2.1 </span>Authors</h5><p class=warning>Use of this API requires extra care to protect
users from hostile entities abusing a site for their own
purposes.<p>Authors should check the <code title=dom-MessageEvent-origin><a href=#dom-messageevent-origin>origin</a></code> attribute to ensure
that messages are only accepted from domains that they expect to
Received on Tuesday, 28 October 2008 23:51:07 UTC