- From: <bugzilla@jessica.w3.org>
- Date: Mon, 27 Jun 2011 17:39:39 +0000
- To: public-html@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13072 Summary: Section 5.3 Origin. "Two origins are said to be the same origin if the following algorithm returns true: [...] If A and B have port components that are not identical, return false." IE8 and IE9 do not conform to this. Per http://msdn.microsoft.com/en-us Product: HTML WG Version: unspecified Platform: Other URL: http://www.whatwg.org/specs/web-apps/current-work/#top OS/Version: other Status: NEW Severity: normal Priority: P3 Component: HTML5 spec (editor: Ian Hickson) AssignedTo: ian@hixie.ch ReportedBy: contributor@whatwg.org QAContact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-wg-issue-tracking@w3.org, public-html@w3.org Specification: http://dev.w3.org/html5/spec/Overview.html Multipage: http://www.whatwg.org/C#top Complete: http://www.whatwg.org/c#top Comment: Section 5.3 Origin. "Two origins are said to be the same origin if the following algorithm returns true: [...] If A and B have port components that are not identical, return false." IE8 and IE9 do not conform to this. Per http://msdn.microsoft.com/en-us/library/ms537505.aspx : "In Internet Explorer 8 and later, that restriction has been removed. Internet Explorer does not consider the port to be a part of the Security Identifier (origin) used for Same Origin Policy enforcement." If the outlined algorithm becomes the standard that developers code by, then it is crucial that all browsers follow this algorithm otherwise serious security problems could arise. If the outlined algorithm is the way forward, please put pressure on Microsoft to patch IE8 and beyond to conform. Posted from: 66.188.21.138 User agent: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.8.131 Version/11.11 -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
Received on Monday, 27 June 2011 17:39:45 UTC