html5/spec Overview.html,1.2161,1.2162

Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv28412

Modified Files:
	Overview.html 
Log Message:
Warn about not trusting trusted sources in postMessage(). (credit: jw) (whatwg r2999)

Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.2161
retrieving revision 1.2162
diff -u -d -r1.2161 -r1.2162
--- Overview.html	27 Apr 2009 04:11:21 -0000	1.2161
+++ Overview.html	27 Apr 2009 06:16:48 -0000	1.2162
@@ -45584,7 +45584,12 @@
   purposes.<p>Authors should check the <code title="dom-MessageEvent-origin"><a href="#dom-messageevent-origin">origin</a></code> attribute to ensure
   that messages are only accepted from domains that they expect to
   receive messages from. Otherwise, bugs in the author's message
-  handling code could be exploited by hostile sites.<p>Authors should not use the wildcard keyword ("*") in the <var title="">targetOrigin</var> argument in messages that contain any
+  handling code could be exploited by hostile sites.<p>Furthermore, even after checking the <code title="dom-MessageEvent-origin"><a href="#dom-messageevent-origin">origin</a></code> attribute, authors
+  should also check that the data in question is of the expected
+  format. Otherwise, if the source of the event has been attacked
+  using a cross-site scripting flaw, further unchecked processing of
+  information sent using the <code title="dom-window-postMessage-2"><a href="#dom-window-postmessage-2">postMessage()</a></code> method could
+  result in the attack being propagated into the receiver.<p>Authors should not use the wildcard keyword ("*") in the <var title="">targetOrigin</var> argument in messages that contain any
   confidential information, as otherwise there is no way to guarantee
   that the message is only delivered to the recipient to which it was
   intended.<div class="impl">

Received on Monday, 27 April 2009 06:17:00 UTC