W3C home > Mailing lists > Public > public-html-diffs@w3.org > September 2010

hixie: mitigate the risk of autofocus being used in script-less XSS scenarios to transfer focus to hostile forms (whatwg r5465)

From: poot <cvsmail@w3.org>
Date: Fri, 10 Sep 2010 18:38:40 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20100910093840.E39732BBE9@toro.w3.mag.keio.ac.jp>
hixie: mitigate the risk of autofocus being used in script-less XSS
scenarios to transfer focus to hostile forms (whatwg r5465)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.4357&r2=1.4358&f=h
http://html5.org/tools/web-apps-tracker?from=5464&to=5465

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4357
retrieving revision 1.4358
diff -u -d -r1.4357 -r1.4358
--- Overview.html	10 Sep 2010 09:01:14 -0000	1.4357
+++ Overview.html	10 Sep 2010 09:38:28 -0000	1.4358
@@ -34395,15 +34395,31 @@
   <a href="#insert-an-element-into-a-document" title="insert an element into a document">inserted into a
   document</a>, user agents should run the following steps:</p>
 
-  <ol><li><p>If the <code><a href="#document">Document</a></code>'s <a href="#browsing-context">browsing context</a>
-   had the <a href="#sandboxed-automatic-features-browsing-context-flag">sandboxed automatic features browsing context
-   flag</a> set when the <code><a href="#document">Document</a></code> was created, abort
-   these steps.</li>
+  <ol><li><p>Let <var title="">target</var> be the element's
+   <code><a href="#document">Document</a></code>.</li>
+
+   <li><p>If <var title="">target</var>'s <a href="#browsing-context">browsing
+   context</a> had the <a href="#sandboxed-automatic-features-browsing-context-flag">sandboxed automatic features browsing
+   context flag</a> set when <var title="">target</var> was
+   created, abort these steps.</li>
+
+   <li><p>If <var title="">target</var>'s <a href="#origin">origin</a> is not
+   the <a href="#same-origin" title="same origin">same</a> as the
+   <a href="#origin">origin</a> of the <code><a href="#document">Document</a></code> of the currently
+   focused element in <var title="">target</var>'s <a href="#top-level-browsing-context">top-level
+   browsing context</a>, abort these steps.</li>
+
+   <li><p>If <var title="">target</var>'s <a href="#origin">origin</a> is not
+   the <a href="#same-origin" title="same origin">same</a> as the
+   <a href="#origin">origin</a> of the <a href="#active-document">active document</a> of <var title="">target</var>'s <a href="#top-level-browsing-context">top-level browsing context</a>,
+   abort these steps.</li>
 
    <li><p>If the user agent has already reached the last step of this
    list of steps in response to an element being <a href="#insert-an-element-into-a-document" title="insert
-   an element into a document">inserted</a> into this
-   <code><a href="#document">Document</a></code>, abort these steps.</li>
+   an element into a document">inserted</a> into a
+   <code><a href="#document">Document</a></code> whose <a href="#top-level-browsing-context">top-level browsing
+   context</a>'s <a href="#active-document">active document</a> is the same as <var title="">target</var>'s <a href="#top-level-browsing-context">top-level browsing context</a>'s
+   <a href="#active-document">active document</a>, abort these steps.</li>
 
    <li><p>If the user has indicated (for example, by starting to type
    in a form control) that he does not wish focus to be changed, then
Received on Friday, 10 September 2010 09:39:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:09:10 UTC