- From: poot <cvsmail@w3.org>
- Date: Fri, 10 Sep 2010 18:38:40 +0900 (JST)
- To: public-html-diffs@w3.org
hixie: mitigate the risk of autofocus being used in script-less XSS scenarios to transfer focus to hostile forms (whatwg r5465) http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.4357&r2=1.4358&f=h http://html5.org/tools/web-apps-tracker?from=5464&to=5465 =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.4357 retrieving revision 1.4358 diff -u -d -r1.4357 -r1.4358 --- Overview.html 10 Sep 2010 09:01:14 -0000 1.4357 +++ Overview.html 10 Sep 2010 09:38:28 -0000 1.4358 @@ -34395,15 +34395,31 @@ <a href="#insert-an-element-into-a-document" title="insert an element into a document">inserted into a document</a>, user agents should run the following steps:</p> - <ol><li><p>If the <code><a href="#document">Document</a></code>'s <a href="#browsing-context">browsing context</a> - had the <a href="#sandboxed-automatic-features-browsing-context-flag">sandboxed automatic features browsing context - flag</a> set when the <code><a href="#document">Document</a></code> was created, abort - these steps.</li> + <ol><li><p>Let <var title="">target</var> be the element's + <code><a href="#document">Document</a></code>.</li> + + <li><p>If <var title="">target</var>'s <a href="#browsing-context">browsing + context</a> had the <a href="#sandboxed-automatic-features-browsing-context-flag">sandboxed automatic features browsing + context flag</a> set when <var title="">target</var> was + created, abort these steps.</li> + + <li><p>If <var title="">target</var>'s <a href="#origin">origin</a> is not + the <a href="#same-origin" title="same origin">same</a> as the + <a href="#origin">origin</a> of the <code><a href="#document">Document</a></code> of the currently + focused element in <var title="">target</var>'s <a href="#top-level-browsing-context">top-level + browsing context</a>, abort these steps.</li> + + <li><p>If <var title="">target</var>'s <a href="#origin">origin</a> is not + the <a href="#same-origin" title="same origin">same</a> as the + <a href="#origin">origin</a> of the <a href="#active-document">active document</a> of <var title="">target</var>'s <a href="#top-level-browsing-context">top-level browsing context</a>, + abort these steps.</li> <li><p>If the user agent has already reached the last step of this list of steps in response to an element being <a href="#insert-an-element-into-a-document" title="insert - an element into a document">inserted</a> into this - <code><a href="#document">Document</a></code>, abort these steps.</li> + an element into a document">inserted</a> into a + <code><a href="#document">Document</a></code> whose <a href="#top-level-browsing-context">top-level browsing + context</a>'s <a href="#active-document">active document</a> is the same as <var title="">target</var>'s <a href="#top-level-browsing-context">top-level browsing context</a>'s + <a href="#active-document">active document</a>, abort these steps.</li> <li><p>If the user has indicated (for example, by starting to type in a form control) that he does not wish focus to be changed, then
Received on Friday, 10 September 2010 09:39:09 UTC