[Bug 13072] New: Section 5.3 Origin. "Two origins are said to be the same origin if the following algorithm returns true: [...] If A and B have port components that are not identical, return false." IE8 and IE9 do not conform to this. Per http://msdn.microsoft.com/en-us

http://www.w3.org/Bugs/Public/show_bug.cgi?id=13072

           Summary: Section 5.3 Origin.  "Two origins are said to be the
                    same origin if the following algorithm returns true:
                    [...] If A and B have port components that are not
                    identical, return false." IE8 and IE9 do not conform
                    to this.  Per http://msdn.microsoft.com/en-us
           Product: HTML WG
           Version: unspecified
          Platform: Other
               URL: http://www.whatwg.org/specs/web-apps/current-work/#top
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P3
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: contributor@whatwg.org
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


Specification: http://dev.w3.org/html5/spec/Overview.html
Multipage: http://www.whatwg.org/C#top
Complete: http://www.whatwg.org/c#top

Comment:
Section 5.3 Origin.  "Two origins are said to be the same origin if the
following algorithm returns true: [...] If A and B have port components that
are not identical, return false."

IE8 and IE9 do not conform to this.  Per
http://msdn.microsoft.com/en-us/library/ms537505.aspx : "In Internet Explorer
8 and later, that restriction has been removed. Internet Explorer does not
consider the port to be a part of the Security Identifier (origin) used for
Same Origin Policy enforcement."

If the outlined algorithm becomes the standard that developers code by, then
it is crucial that all browsers follow this algorithm otherwise serious
security problems could arise.    If the outlined algorithm is the way forward,
please put pressure on Microsoft to patch IE8 and beyond to conform.

Posted from: 66.188.21.138
User agent: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.8.131 Version/11.11

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Received on Monday, 27 June 2011 17:39:45 UTC