- From: CVS User ihickson <cvsmail@w3.org>
- Date: Mon, 24 Jun 2013 20:28:51 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/webstorage
In directory roscoe:/tmp/cvs-serv1638
Modified Files:
Overview.html
Log Message:
Block enumeration of cross-origin objects, and clean up the language around those objects to be more consistent so that differences can more easily be seen. (whatwg r7997)
--- /sources/public/html5/webstorage/Overview.html 2013/06/05 21:01:24 1.222
+++ /sources/public/html5/webstorage/Overview.html 2013/06/24 20:28:50 1.223
@@ -215,7 +215,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>Web Storage</h1>
- <h2 class="no-num no-toc" id="editor-s-draft-5-june-2013">Editor's Draft 5 June 2013</h2>
+ <h2 class="no-num no-toc" id="editor-s-draft-24-june-2013">Editor's Draft 24 June 2013</h2>
<dl><dt>Latest Published Version:</dt>
<dd><a href="http://www.w3.org/TR/webstorage/">http://www.w3.org/TR/webstorage/</a></dd>
<dt>Latest Editor's Draft:</dt>
@@ -351,7 +351,7 @@
</dl><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Applications
Working Group</a> is the W3C working group responsible for this
specification's progress along the W3C Recommendation track.
- This specification is the 5 June 2013 Editor's Draft.
+ This specification is the 24 June 2013 Editor's Draft.
</p>
@@ -807,11 +807,24 @@
<h4 id="security-localStorage"><span class="secno">4.3.1 </span>Security</h4>
+ <p>For the purposes of this section, a <code><a href="#storage-0">Storage</a></code> object originally returned by a <code title="dom-localStorage"><a href="#dom-localstorage">localStorage</a></code> attribute is a <dfn id="protected-storage-object">protected <code>Storage</code>
+ object</dfn>.</p>
+
+ <p>For the purposes of this section, the <dfn id="original-origin">original origin</dfn> of a <a href="#protected-storage-object">protected
+ <code>Storage</code> object</a> is the <span>origin</span> of the <code>Document</code> of the
+ <code>Window</code> object on which the <code title="dom-localStorage"><a href="#dom-localstorage">localStorage</a></code>
+ attribute that returned the <code><a href="#storage-0">Storage</a></code> object was accessed.</p>
+
<p>User agents must throw a <code>SecurityError</code> exception whenever any properties of a
- <code><a href="#storage-0">Storage</a></code> object originally returned by the <code title="dom-localStorage"><a href="#dom-localstorage">localStorage</a></code> attribute are accessed by scripts whose
- <span>effective script origin</span> is not the <span title="same origin">same</span> as the
- <span>origin</span> of the <code>Document</code> of the <code>Window</code> object on which the
- <code title="dom-localStorage"><a href="#dom-localstorage">localStorage</a></code> attribute was accessed.</p>
+ <a href="#protected-storage-object">protected <code>Storage</code> object</a> are accessed when the <span>incumbent
+ script</span> has an <span>effective script origin</span> that is not the <span title="same
+ origin">same</span> as the <a href="#original-origin">original origin</a> of that <code><a href="#storage-0">Storage</a></code> object.</p>
+
+ <p>When the <span>incumbent script</span>'s <span>effective script origin</span> is different than
+ a <a href="#protected-storage-object">protected <code>Storage</code> object</a>'s <a href="#original-origin">original origin</a>, the user
+ agent must act as if any changes to that <code><a href="#storage-0">Storage</a></code> object's properties, getters,
+ setters, etc, were not present, and as if all the properties of that <code><a href="#storage-0">Storage</a></code> object
+ had their [[Enumerable]] attribute set to false.</p>
<p class="note">This means <code><a href="#storage-0">Storage</a></code> objects are neutered
when the <code title="dom-document-domain">document.domain</code>
Received on Monday, 24 June 2013 20:28:51 UTC