webstorage; hixie: Change how localStorage protects from cross-origin accesses so that old Storage objects don't become vulnerable after document.domain is changed (which was rather inconsistent). (whatwg r5314)

webstorage; hixie: Change how localStorage protects from cross-origin
accesses so that old Storage objects don't become vulnerable after
document.domain is changed (which was rather inconsistent). (whatwg
r5314)

http://dev.w3.org/cvsweb/html5/webstorage/Overview.html?r1=1.145&r2=1.146&f=h
http://html5.org/tools/web-apps-tracker?from=5313&to=5314

===================================================================
RCS file: /sources/public/html5/webstorage/Overview.html,v
retrieving revision 1.145
retrieving revision 1.146
diff -u -d -r1.145 -r1.146
--- Overview.html 16 Aug 2010 23:09:00 -0000 1.145
+++ Overview.html 20 Aug 2010 19:17:49 -0000 1.146
@@ -185,7 +185,7 @@
   </style><link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel="stylesheet" type="text/css"><div class="head">
    <p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
    <h1>Web Storage</h1>
-   <h2 class="no-num no-toc" id="editor-s-draft-16-august-2010">Editor's Draft 16 August 2010</h2>
+   <h2 class="no-num no-toc" id="editor-s-draft-20-august-2010">Editor's Draft 20 August 2010</h2>
    <dl><dt>Latest Published Version:</dt>
     <dd><a href="http://www.w3.org/TR/webstorage/">http://www.w3.org/TR/webstorage/</a></dd>
     <dt>Latest Editor's Draft:</dt>
@@ -256,7 +256,7 @@
   </ul><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING LIST TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- status of document, group responsible (required) --><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Applications
   Working Group</a> is the W3C working group responsible for this
   specification's progress along the W3C Recommendation track.
-  This specification is the 16 August 2010 Editor's Draft.
+  This specification is the 20 August 2010 Editor's Draft.
   </p><!-- required patent boilerplate --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5
   February 2004 W3C Patent Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of
   any patent disclosures</a> made in connection with the deliverables
@@ -285,7 +285,9 @@
   <ol>
    <li><a href="#the-storage-interface"><span class="secno">4.1 </span>The <code>Storage</code> interface</a></li>
    <li><a href="#the-sessionstorage-attribute"><span class="secno">4.2 </span>The <code title="dom-sessionStorage">sessionStorage</code> attribute</a></li>
-   <li><a href="#the-localstorage-attribute"><span class="secno">4.3 </span>The <code title="dom-localStorage">localStorage</code> attribute</a></li>
+   <li><a href="#the-localstorage-attribute"><span class="secno">4.3 </span>The <code title="dom-localStorage">localStorage</code> attribute</a>
+    <ol>
+     <li><a href="#security-localStorage"><span class="secno">4.3.1 </span>Security</a></ol></li>
    <li><a href="#the-storage-event"><span class="secno">4.4 </span>The <code title="event-storage">storage</code> event</a>
     <ol>
      <li><a href="#event-definition"><span class="secno">4.4.1 </span>Event definition</a></ol></li>
@@ -564,20 +566,14 @@
    request violates a policy decision (e.g. if the user agent is
    configured to not allow the page to persist data).</li>
 
-   <li><p>If the <code>Document</code>'s <span>effective script
-   origin</span> is not the <span>same origin</span> as the
-   <code>Document</code>'s <span>origin</span>, then throw a
-   <code>SECURITY_ERR</code> exception and abort these steps.</li>
-   <!-- XXX should do this on getItem()/setItem()/enumerating etc -->
-
    <li><p>If the <code>Document</code>'s <span>origin</span> is not a
    scheme/host/port tuple, then throw a <code>SECURITY_ERR</code>
    exception and abort these steps.</li>
 
    <li><p>Check to see if the user agent has allocated a local storage
    area for the <span>origin</span> of the <code>Document</code> of
-   the <code>Window</code> object on which the method was invoked. If
-   it has not, create a new storage area for that
+   the <code>Window</code> object on which the attribute was accessed.
+   If it has not, create a new storage area for that
    <span>origin</span>.</li>
 
    <li><p>Return the <code><a href="#storage-0">Storage</a></code> object associated with that
@@ -597,7 +593,16 @@
   determining the number of properties present, or as part of the
   execution of any of the methods or attributes defined on the
   <code><a href="#storage-0">Storage</a></code> interface. the user agent must first
-  <span>obtain the storage mutex</span>.<h3 id="the-storage-event"><span class="secno">4.4 </span>The <code title="event-storage"><a href="#event-storage">storage</a></code> event</h3><p>The <dfn id="event-storage" title="event-storage"><code>storage</code></dfn> event
+  <span>obtain the storage mutex</span>.<h4 id="security-localStorage"><span class="secno">4.3.1 </span>Security</h4><p>User agents must raise a <code>SECURITY_ERR</code> exception
+  whenever any of the members of a <code><a href="#storage-0">Storage</a></code> object
+  originally returned by the <code title="dom-localStorage"><a href="#dom-localstorage">localStorage</a></code> attribute are accessed
+  by scripts whose <span>effective script origin</span> is not the
+  <span title="same origin">same</span> as the <span>origin</span> of
+  the <code>Document</code> of the <code>Window</code> object on which
+  the <code title="dom-localStorage"><a href="#dom-localstorage">localStorage</a></code> attribute was
+  accessed.<p class="note">This means <code><a href="#storage-0">Storage</a></code> objects are neutered
+  when the <code title="dom-document-domain">document.domain</code>
+  attribute is used.<h3 id="the-storage-event"><span class="secno">4.4 </span>The <code title="event-storage"><a href="#event-storage">storage</a></code> event</h3><p>The <dfn id="event-storage" title="event-storage"><code>storage</code></dfn> event
   is fired when a storage area changes, as described in the previous
   two sections (<a href="#sessionStorageEvent">for session
   storage</a>, <a href="#localStorageEvent">for local

Received on Friday, 20 August 2010 19:18:33 UTC