Skip to content
Permalink
Browse files

[giow] (0) Make showModalDialog()'s dialogArguments and returnValue o…

…nly be useful same-origin, to avoid origins attacking each other

Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=21932
Affected topics: DOM APIs

git-svn-id: http://svn.whatwg.org/webapps@7975 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
Hixie committed Jun 14, 2013
1 parent ecd5e75 commit 0b28aa0fa917f5bb40b2cad0fc230bdd8ded7964
Showing with 55 additions and 26 deletions.
  1. +18 −9 complete.html
  2. +18 −9 index
  3. +19 −8 source

<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 13 June 2013</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 14 June 2013</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>

<li>

<p>Let <var title="">incumbent origin</var> be the <span>effective origin</span> of the
<p>Let <var title="">incumbent origin</var> be the <a href=#effective-script-origin>effective script origin</a> of the
<a href=#incumbent-script>incumbent script</a> at the time the <code title=dom-showModalDialog><a href=#dom-showmodaldialog>showModalDialog()</a></code> method was called.</p>

</li>

<li>

<p><a href=#spin-the-event-loop>Spin the event loop</a> until the new <a href=#browsing-context>browsing context</a> is closed. (The
user agent must allow the user to indicate that the <a href=#browsing-context>browsing context</a> is to be
closed.)</p>
<p><a href=#spin-the-event-loop>Spin the event loop</a> until the new <a href=#browsing-context>browsing context</a> is <a href=#close-a-browsing-context title="close a browsing context">closed</a>. The user agent must allow the user to indicate
that the <a href=#browsing-context>browsing context</a> is to be closed.</p>

</li>


<li>

<p>Return the <a href=#auxiliary-browsing-context>auxiliary browsing context</a>'s <a href=#return-value>return value</a>.</p>
<p>If the <a href=#effective-script-origin>effective script origin</a> of the <a href=#auxiliary-browsing-context>auxiliary browsing context</a>'s
<a href=#active-document>active document</a> at the time the browsing context was <a href=#close-a-browsing-context title="close a browsing
context">closed</a> was the <a href=#same-origin>same origin</a> as the <a href="#dialog-arguments'-origin">dialog arguments'
origin</a>, then let <var title="">return value</var> be the <a href=#auxiliary-browsing-context>auxiliary browsing
context</a>'s <a href=#return-value>return value</a> as it stood when the browsing context was <a href=#close-a-browsing-context title="close a browsing context">closed</a>.</p>

<p>Otherwise, let <var title="">return value</var> be undefined.</p>

</li>

<li>

<p>Return <var title="">return value</var>.</p>

</li>

attribute, on getting, must check whether its browsing context's <a href=#active-document>active document</a>'s
<a href=#origin>origin</a> is the <a href=#same-origin title="same origin">same</a> as the <a href="#dialog-arguments'-origin">dialog arguments'
origin</a>. If it is, then the browsing context's <a href=#dialog-arguments>dialog arguments</a> must be
returned unchanged. Otherwise, if the <a href=#dialog-arguments>dialog arguments</a> are an object, then the empty
string must be returned, and if the <a href=#dialog-arguments>dialog arguments</a> are not an object, then the
stringification of the <a href=#dialog-arguments>dialog arguments</a> must be returned.
returned unchanged. Otherwise, the IDL attribute must return <i>undefined</i>.</p>

<p>These browsing contexts also have an associated <dfn id=return-value>return value</dfn>. The <a href=#return-value>return
value</a> of a browsing context must be initialized to the empty string when the browsing
27 index

<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 13 June 2013</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 14 June 2013</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>

<li>

<p>Let <var title="">incumbent origin</var> be the <span>effective origin</span> of the
<p>Let <var title="">incumbent origin</var> be the <a href=#effective-script-origin>effective script origin</a> of the
<a href=#incumbent-script>incumbent script</a> at the time the <code title=dom-showModalDialog><a href=#dom-showmodaldialog>showModalDialog()</a></code> method was called.</p>

</li>

<li>

<p><a href=#spin-the-event-loop>Spin the event loop</a> until the new <a href=#browsing-context>browsing context</a> is closed. (The
user agent must allow the user to indicate that the <a href=#browsing-context>browsing context</a> is to be
closed.)</p>
<p><a href=#spin-the-event-loop>Spin the event loop</a> until the new <a href=#browsing-context>browsing context</a> is <a href=#close-a-browsing-context title="close a browsing context">closed</a>. The user agent must allow the user to indicate
that the <a href=#browsing-context>browsing context</a> is to be closed.</p>

</li>


<li>

<p>Return the <a href=#auxiliary-browsing-context>auxiliary browsing context</a>'s <a href=#return-value>return value</a>.</p>
<p>If the <a href=#effective-script-origin>effective script origin</a> of the <a href=#auxiliary-browsing-context>auxiliary browsing context</a>'s
<a href=#active-document>active document</a> at the time the browsing context was <a href=#close-a-browsing-context title="close a browsing
context">closed</a> was the <a href=#same-origin>same origin</a> as the <a href="#dialog-arguments'-origin">dialog arguments'
origin</a>, then let <var title="">return value</var> be the <a href=#auxiliary-browsing-context>auxiliary browsing
context</a>'s <a href=#return-value>return value</a> as it stood when the browsing context was <a href=#close-a-browsing-context title="close a browsing context">closed</a>.</p>

<p>Otherwise, let <var title="">return value</var> be undefined.</p>

</li>

<li>

<p>Return <var title="">return value</var>.</p>

</li>

attribute, on getting, must check whether its browsing context's <a href=#active-document>active document</a>'s
<a href=#origin>origin</a> is the <a href=#same-origin title="same origin">same</a> as the <a href="#dialog-arguments'-origin">dialog arguments'
origin</a>. If it is, then the browsing context's <a href=#dialog-arguments>dialog arguments</a> must be
returned unchanged. Otherwise, if the <a href=#dialog-arguments>dialog arguments</a> are an object, then the empty
string must be returned, and if the <a href=#dialog-arguments>dialog arguments</a> are not an object, then the
stringification of the <a href=#dialog-arguments>dialog arguments</a> must be returned.
returned unchanged. Otherwise, the IDL attribute must return <i>undefined</i>.</p>

<p>These browsing contexts also have an associated <dfn id=return-value>return value</dfn>. The <a href=#return-value>return
value</a> of a browsing context must be initialized to the empty string when the browsing
27 source

<li>

<p>Let <var title="">incumbent origin</var> be the <span>effective origin</span> of the
<p>Let <var title="">incumbent origin</var> be the <span>effective script origin</span> of the
<span>incumbent script</span> at the time the <code
title="dom-showModalDialog">showModalDialog()</code> method was called.</p>


<li>

<p><span>Spin the event loop</span> until the new <span>browsing context</span> is closed. (The
user agent must allow the user to indicate that the <span>browsing context</span> is to be
closed.)</p>
<p><span>Spin the event loop</span> until the new <span>browsing context</span> is <span
title="close a browsing context">closed</span>. The user agent must allow the user to indicate
that the <span>browsing context</span> is to be closed.</p>

</li>


<li>

<p>Return the <span>auxiliary browsing context</span>'s <span>return value</span>.</p>
<p>If the <span>effective script origin</span> of the <span>auxiliary browsing context</span>'s
<span>active document</span> at the time the browsing context was <span title="close a browsing
context">closed</span> was the <span>same origin</span> as the <span>dialog arguments'
origin</span>, then let <var title="">return value</var> be the <span>auxiliary browsing
context</span>'s <span>return value</span> as it stood when the browsing context was <span
title="close a browsing context">closed</span>.</p>

<p>Otherwise, let <var title="">return value</var> be undefined.</p>

</li>

<li>

<p>Return <var title="">return value</var>.</p>

</li>

attribute, on getting, must check whether its browsing context's <span>active document</span>'s
<span>origin</span> is the <span title="same origin">same</span> as the <span>dialog arguments'
origin</span>. If it is, then the browsing context's <span>dialog arguments</span> must be
returned unchanged. Otherwise, if the <span>dialog arguments</span> are an object, then the empty
string must be returned, and if the <span>dialog arguments</span> are not an object, then the
stringification of the <span>dialog arguments</span> must be returned.
returned unchanged. Otherwise, the IDL attribute must return <i>undefined</i>.</p>

<p>These browsing contexts also have an associated <dfn>return value</dfn>. The <span>return
value</span> of a browsing context must be initialized to the empty string when the browsing

0 comments on commit 0b28aa0

Please sign in to comment.
You can’t perform that action at this time.