html5/spec Overview.html,1.4357,1.4358

Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv30411

Modified Files:
	Overview.html 
Log Message:
mitigate the risk of autofocus being used in script-less XSS scenarios to transfer focus to hostile forms (whatwg r5465)

Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4357
retrieving revision 1.4358
diff -u -d -r1.4357 -r1.4358
--- Overview.html	10 Sep 2010 09:01:14 -0000	1.4357
+++ Overview.html	10 Sep 2010 09:38:28 -0000	1.4358
@@ -34395,15 +34395,31 @@
   <a href="#insert-an-element-into-a-document" title="insert an element into a document">inserted into a
   document</a>, user agents should run the following steps:</p>
 
-  <ol><li><p>If the <code><a href="#document">Document</a></code>'s <a href="#browsing-context">browsing context</a>
-   had the <a href="#sandboxed-automatic-features-browsing-context-flag">sandboxed automatic features browsing context
-   flag</a> set when the <code><a href="#document">Document</a></code> was created, abort
-   these steps.</li>
+  <ol><li><p>Let <var title="">target</var> be the element's
+   <code><a href="#document">Document</a></code>.</li>
+
+   <li><p>If <var title="">target</var>'s <a href="#browsing-context">browsing
+   context</a> had the <a href="#sandboxed-automatic-features-browsing-context-flag">sandboxed automatic features browsing
+   context flag</a> set when <var title="">target</var> was
+   created, abort these steps.</li>
+
+   <li><p>If <var title="">target</var>'s <a href="#origin">origin</a> is not
+   the <a href="#same-origin" title="same origin">same</a> as the
+   <a href="#origin">origin</a> of the <code><a href="#document">Document</a></code> of the currently
+   focused element in <var title="">target</var>'s <a href="#top-level-browsing-context">top-level
+   browsing context</a>, abort these steps.</li>
+
+   <li><p>If <var title="">target</var>'s <a href="#origin">origin</a> is not
+   the <a href="#same-origin" title="same origin">same</a> as the
+   <a href="#origin">origin</a> of the <a href="#active-document">active document</a> of <var title="">target</var>'s <a href="#top-level-browsing-context">top-level browsing context</a>,
+   abort these steps.</li>
 
    <li><p>If the user agent has already reached the last step of this
    list of steps in response to an element being <a href="#insert-an-element-into-a-document" title="insert
-   an element into a document">inserted</a> into this
-   <code><a href="#document">Document</a></code>, abort these steps.</li>
+   an element into a document">inserted</a> into a
+   <code><a href="#document">Document</a></code> whose <a href="#top-level-browsing-context">top-level browsing
+   context</a>'s <a href="#active-document">active document</a> is the same as <var title="">target</var>'s <a href="#top-level-browsing-context">top-level browsing context</a>'s
+   <a href="#active-document">active document</a>, abort these steps.</li>
 
    <li><p>If the user has indicated (for example, by starting to type
    in a form control) that he does not wish focus to be changed, then

Received on Friday, 10 September 2010 09:38:33 UTC