hixie: Mention same-origin attacks and the importance of compartmentalization. (whatwg r4629) from poot on 2010-01-27 (public-html-diffs@w3.org from January 2010)

From: poot <cvsmail@w3.org>
Date: Thu, 28 Jan 2010 07:34:48 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20100127223449.211322BBFD@toro.w3.mag.keio.ac.jp>

hixie: Mention same-origin attacks and the importance of
compartmentalization. (whatwg r4629)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.3689&r2=1.3690&f=h
http://html5.org/tools/web-apps-tracker?from=4628&to=4629

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3689
retrieving revision 1.3690
diff -u -d -r1.3689 -r1.3690
--- Overview.html 27 Jan 2010 08:32:03 -0000 1.3689
+++ Overview.html 27 Jan 2010 22:34:23 -0000 1.3690
@@ -38017,6 +38017,7 @@
      the user, or if the user declines to allow a browsing context to
      be used) there must not be a chosen browsing context.</dd>
 
+
      <dt id="noopener">If the user agent has been configured such that
      in this instance it will create a new browsing context, and the
      browsing context is being requested as part of <a href="#following-hyperlinks" title="following hyperlinks">following a hyperlink</a> whose
@@ -38031,6 +38032,7 @@
      <p class="note">If it is immediately <a href="#navigate" title="navigate">navigated</a>, then the navigation will be
      done with <a href="#replacement-enabled">replacement enabled</a>.</dd>
 
+
      <dt>If the user agent has been configured such that in this
      instance it will create a new browsing context, and the <code title="rel-noreferrer"><a href="#link-type-noreferrer">noreferrer</a></code> keyword doesn't
      apply</dt>
@@ -38046,12 +38048,14 @@
      then the navigation will be done with <a href="#replacement-enabled">replacement
      enabled</a>.</dd>
 
+
      <dt>If the user agent has been configured such that in this
      instance it will reuse the current browsing context</dt>
 
      <dd><p>The chosen browsing context is the current browsing
      context.</dd>
 
+
      <dt>If the user agent has been configured such that in this
      instance it will not find a browsing context</dt>
 
@@ -63939,6 +63943,21 @@
     Internet. This can expose local network topologies that the
     attacker would otherwise not be able to determine.</p>
 
+    <p>HTML relies on a compartmentalization scheme sometimes known as
+    the <i>same-origin policy</i>. An <a href="#origin">origin</a> in most
+    cases consists of all the pages served from the same host, on the
+    same port, using the same protocol.</p>
+
+    <p>It is critical, therefore, to ensure that any untrusted content
+    that forms part of a site be hosted on a different
+    <a href="#origin">origin</a> than any sensitive content on that site.
+    Untrusted content can easily spoof any other page on the same
+    origin, read data from that origin, cause scripts in that origin
+    to execute, submit forms to and from that origin even if they are
+    protected from cross-site request forgery attacks by unique
+    tokens, and make use of any third-party resources exposed to or
+    rights granted to that origin.</p>
+
    </dd>
    <dt>Interoperability considerations:</dt>
    <dd>
@@ -67409,6 +67428,7 @@
   Ben Leslie,
   Ben Meadowcroft,
   Ben Millard,
+  Benjamin Carl Wiley Sittler,
   Benjamin Hawkes-Lewis,
   Bert Bos,
   Bijan Parsia,

Received on Wednesday, 27 January 2010 22:35:17 UTC