html5/webstorage Overview.html,1.115,1.116 from Ian Hickson via cvs-syncmail on 2010-01-13 (public-html-commits@w3.org from January 2010)

From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
Date: Wed, 13 Jan 2010 03:09:15 +0000
To: public-html-commits@w3.org
Message-Id: <E1NUtbf-0003Al-Ny@lionel-hutz.w3.org>

Update of /sources/public/html5/webstorage
In directory hutz:/tmp/cvs-serv12174

Modified Files:
	Overview.html 
Log Message:
Make <iframe sandbox=''> block localStorage and openDatabase. (whatwg r4584)

Index: Overview.html
===================================================================
RCS file: /sources/public/html5/webstorage/Overview.html,v
retrieving revision 1.115
retrieving revision 1.116
diff -u -d -r1.115 -r1.116
--- Overview.html	11 Jan 2010 06:47:59 -0000	1.115
+++ Overview.html	13 Jan 2010 03:09:13 -0000	1.116
@@ -174,7 +174,7 @@
    <p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
    <h1>Web Storage</h1>
 
-   <h2 class="no-num no-toc" id="editor-s-draft-11-january-2010">Editor's Draft 11 January 2010</h2>
+   <h2 class="no-num no-toc" id="editor-s-draft-13-january-2010">Editor's Draft 13 January 2010</h2>
    <dl><dt>Latest Published Version:</dt>
     <dd><a href="http://www.w3.org/TR/webstorage/">http://www.w3.org/TR/webstorage/</a></dd>
     <dt>Latest Editor's Draft:</dt>
@@ -238,7 +238,7 @@
   Working Group</a> is the W3C working group responsible for this
   specification's progress along the W3C Recommendation track.
 
-  This specification is the 11 January 2010 Editor's Draft.
+  This specification is the 13 January 2010 Editor's Draft.
   </p><!-- required patent boilerplate --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5
   February 2004 W3C Patent Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of
   any patent disclosures</a> made in connection with the deliverables
@@ -536,7 +536,7 @@
   for security reasons or when requested to do so by the user. User
   agents should always avoid deleting data while a script that could
   access that data is running.<p>When the <code title="dom-localStorage"><a href="#dom-localstorage">localStorage</a></code>
-  attribute is accessed, the user agent must run the following steps:<ol><li><p>The user agent may raise a <code>SECURITY_ERR</code>
+  attribute is accessed, the user agent must run the following steps:<ol><li><p>The user agent may throw a <code>SECURITY_ERR</code>
    exception instead of returning a <code><a href="#storage-0">Storage</a></code> object if the
    request violates a policy decision (e.g. if the user agent is
    configured to not allow the page to persist data).</li>
@@ -546,6 +546,10 @@
    <code>Document</code>'s <span>origin</span>, then throw a
    <code>SECURITY_ERR</code> exception and abort these steps.</li>
 
+   <li><p>If the <code>Document</code>'s <span>origin</span> is not a
+   scheme/host/port tuple, then throw a <code>SECURITY_ERR</code>
+   exception and abort these steps.</li>
+
    <li><p>Check to see if the user agent has allocated a local storage
    area for the <span>origin</span> of the <code>Document</code> of
    the <code>Window</code> object on which the method was invoked. If

Received on Wednesday, 13 January 2010 03:09:16 UTC