webstorage; hixie: Don't overpromise in security sections... (whatwg r6169) from poot on 2011-06-17 (public-html-diffs@w3.org from June 2011)

From: poot <cvsmail@w3.org>
Date: Fri, 17 Jun 2011 05:55:30 -0400
To: public-html-diffs@w3.org
Message-Id: <E1QXVly-00050G-2v@jay.w3.org>
webstorage; hixie: Don't overpromise in security sections... (whatwg
r6169)

http://dev.w3.org/cvsweb/html5/webstorage/Overview.html?r1=1.169&r2=1.170&f=h
http://html5.org/tools/web-apps-tracker?from=6168&to=6169

===================================================================
RCS file: /sources/public/html5/webstorage/Overview.html,v
retrieving revision 1.169
retrieving revision 1.170
diff -u -d -r1.169 -r1.170
--- Overview.html 12 May 2011 07:08:53 -0000 1.169
+++ Overview.html 1 Jun 2011 17:43:33 -0000 1.170
@@ -210,7 +210,7 @@
    <p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
 
    <h1>Web Storage</h1>
-   <h2 class="no-num no-toc" id="editor-s-draft-12-may-2011">Editor's Draft 12 May 2011</h2>
+   <h2 class="no-num no-toc" id="editor-s-draft-1-june-2011">Editor's Draft 1 June 2011</h2>
    <dl><dt>Latest Published Version:</dt>
     <dd><a href="http://www.w3.org/TR/webstorage/">http://www.w3.org/TR/webstorage/</a></dd>
     <dt>Latest Editor's Draft:</dt>
@@ -263,22 +263,23 @@
     <p class="note">Please don't use section numbers as these tend to
     change rapidly and make your feedback harder to understand.</p>
     <script type="text/javascript">
-     function checkFeedbackForm(form) {
-       if (form.elements.text.value.match(/^ *</)) {
-         alert('Please don\'t start your feedback with an angle bracket, instead explain what topic your feedback is about first.');
-         return true;
-       } else if (form.elements.text.value.match(/ [^ ]+ [^ ]+ [^ ]+ [^ ]+ /)) {
-       if (form.elements.text.value.match(/^Please enter your feedback, carefully/)) {
-         alert('Please enter your feedback, explaining what is wrong, and without repeating the instructions. Thanks!');
-         return true;
-       } else if (form.elements.text.value.match(/ [^ ]+ [^ ]+ [^ ]+ [^ ]+ /)) {
-         form.action = "http://www.whatwg.org/specs/web-apps/current-work/file-bug.cgi";
-         return true;
-       } else {
-         alert('Please include significantly more detail about exactly what problem you are trying to solve.');
-         return false;
-       }
-     }
+    function checkFeedbackForm(form) {
+      if (form.elements.text.value.match(/^ *</)) {
+        alert('Please don\'t start your feedback with an angle bracket, instead explain what topic your feedback is about first.');
+        return true;
+      } else if (form.elements.text.value.match(/ [^ ]+ [^ ]+ [^ ]+ [^ ]+ /)) {
+        if (form.elements.text.value.match(/^Please enter your feedback, carefully/)) {
+          alert('Please enter your feedback, explaining what is wrong, and without repeating the instructions. Thanks!');
+          return true;
+        } else if (form.elements.text.value.match(/ [^ ]+ [^ ]+ [^ ]+ [^ ]+ /)) {
+          form.action = "http://www.whatwg.org/specs/web-apps/current-work/file-bug.cgi";
+          return true;
+        } else {
+          alert('Please include significantly more detail about exactly what problem you are trying to solve.');
+          return false;
+        }
+      }
+    }
     </script><p>
      <input onclick="return checkFeedbackForm(form)" type="submit" value="Submit feedback"><small>(Note: Your IP address and user agent will be publicly recorded for spam prevention purposes.)</small>
     </p>
@@ -312,7 +313,7 @@
   </dl><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Applications
   Working Group</a> is the W3C working group responsible for this
   specification's progress along the W3C Recommendation track.
-  This specification is the 12 May 2011 Editor's Draft.
+  This specification is the 1 June 2011 Editor's Draft.
   </p><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5
   February 2004 W3C Patent Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of
   any patent disclosures</a> made in connection with the deliverables
@@ -825,8 +826,9 @@
   it is promptly deleted from the underlying storage.<h2 id="security-storage"><span class="secno">7 </span>Security</h2><h3 id="dns-spoofing-attacks"><span class="secno">7.1 </span>DNS spoofing attacks</h3><p>Because of the potential for DNS spoofing attacks, one cannot
   guarantee that a host claiming to be in a certain domain really is
   from that domain. To mitigate this, pages can use TLS. Pages using
-  TLS can be sure that only pages using TLS that have certificates
-  identifying them as being from the same domain can access their
+  TLS can be sure that only the user, software working on behalf of
+  the user, and other pages using TLS that have certificates
+  identifying them as being from the same domain, can access their
   storage areas.<h3 id="cross-directory-attacks"><span class="secno">7.2 </span>Cross-directory attacks</h3><p>Different authors sharing one host name, for example users
   hosting content on <code>geocities.com</code>, all share one local
   storage object. There is no feature to restrict the access by
Received on Friday, 17 June 2011 09:55:36 UTC