- From: poot <cvsmail@w3.org>
- Date: Thu, 14 Jul 2011 18:30:17 -0400
- To: public-html-diffs@w3.org
hixie: Block access to all properties when going cross-origin, not just defined members. (whatwg r6296) http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.5027&r2=1.5028&f=h http://html5.org/tools/web-apps-tracker?from=6295&to=6296 =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.5027 retrieving revision 1.5028 diff -u -d -r1.5027 -r1.5028 --- Overview.html 11 Jul 2011 21:21:10 -0000 1.5027 +++ Overview.html 14 Jul 2011 22:29:38 -0000 1.5028 @@ -318,7 +318,7 @@ <h1>HTML5</h1> <h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2> - <h2 class="no-num no-toc" id="editor-s-draft-11-july-2011">Editor's Draft 11 July 2011</h2> + <h2 class="no-num no-toc" id="editor-s-draft-14-july-2011">Editor's Draft 14 July 2011</h2> <dl><dt>Latest Published Version:</dt> <dd><a href="http://www.w3.org/TR/html5/">http://www.w3.org/TR/html5/</a></dd> <dt>Latest Editor's Draft:</dt> @@ -464,7 +464,7 @@ Group</a> is the W3C working group responsible for this specification's progress along the W3C Recommendation track. - This specification is the 11 July 2011 Editor's Draft. + This specification is the 14 July 2011 Editor's Draft. </p><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><p>Work on this specification is also done at the <a href="http://www.whatwg.org/">WHATWG</a>. The W3C HTML working group actively pursues convergence with the WHATWG, as required by the <a href="http://www.w3.org/2007/03/HTML-WG-charter">W3C HTML working group charter</a>.</p><!-- UNDER NO CIRCUMSTANCES IS THE FOLLOWING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 @@ -7748,8 +7748,8 @@ <a href="#document">Document</a> implements <a href="#htmldocument">HTMLDocument</a>;</pre><p>Since the <code><a href="#htmldocument">HTMLDocument</a></code> interface holds methods and attributes related to a number of disparate features, the members of this interface are described in various different sections.<h4 id="security-document"><span class="secno">3.1.2 </span>Security</h4><p id="security">User agents <span class="impl">must</span> raise a - <code><a href="#security_err">SECURITY_ERR</a></code> exception whenever any of the members of - an <code><a href="#htmldocument">HTMLDocument</a></code> object are accessed by scripts whose + <code><a href="#security_err">SECURITY_ERR</a></code> exception whenever any properties of a + <code><a href="#document">Document</a></code> object are accessed by scripts whose <a href="#effective-script-origin">effective script origin</a> is not the <a href="#same-origin" title="same origin">same</a> as the <code><a href="#document">Document</a></code>'s <a href="#effective-script-origin">effective script origin</a>.<h4 id="resource-metadata-management"><span class="secno">3.1.3 </span><dfn>Resource metadata management</dfn></h4><dl class="domintro"><dt><var title="">document</var> . <code title="dom-document-URL"><a href="#dom-document-url">URL</a></code></dt> @@ -43898,13 +43898,13 @@ <h4 id="security-window"><span class="secno">5.2.1 </span>Security</h4> <p id="security-2">User agents must raise a - <code><a href="#security_err">SECURITY_ERR</a></code> exception whenever any of the members of a + <code><a href="#security_err">SECURITY_ERR</a></code> exception whenever any properties of a <code><a href="#window">Window</a></code> object are accessed by scripts whose <a href="#effective-script-origin">effective script origin</a> is not the same as the <code><a href="#window">Window</a></code> object's <code><a href="#document">Document</a></code>'s <a href="#effective-script-origin">effective script origin</a>, with the following exceptions:</p> - <ul><li>The <code title="dom-location"><a href="#dom-location">location</a></code> object + <ul><li>The <code title="dom-location"><a href="#dom-location">location</a></code> attribute <li>The <code title="dom-window-postMessage">postMessage()</code> method
Received on Thursday, 14 July 2011 22:30:23 UTC