[] (0) Security fix: document.location must not return document.defau…

…ltView.location, since the latter might be for another document, and would reveal the user's currently loaded page. Instead, make document.location return the Location object for that document. git-svn-id: http://svn.whatwg.org/webapps@836 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · May 22, 2007 · 16defd1 · 16defd1
1 parent ae8f9da
commit 16defd1
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 17 deletions.
diff --git a/index b/index
@@ -2338,7 +2338,7 @@
 
   <pre class=idl>interface <dfn id=htmldocument>HTMLDocument</dfn> {
   // <a href="#resource0">Resource metadata management</a>
-  readonly attribute Location <a href="#location1" title=dom-document-location>location</a>;
+  readonly attribute Location <a href="#location0" title=dom-document-location>location</a>;
   readonly attribute DOMString <a href="#url" title=dom-document-URL>URL</a>;
            attribute DOMString <a href="#domain" title=dom-document-domain>domain</a>;
   readonly attribute DOMString <a href="#referrer" title=dom-document-referrer>referrer</a>;
@@ -22820,12 +22820,12 @@ XXX selection ranges -->
    document</a>'s origin, with the following exceptions:
 
   <ul>
-   <li>The <code title=dom-location><a href="#location0">location</a></code>
+   <li>The <code title=dom-location><a href="#location1">location</a></code>
     object
   </ul>
 
   <p>User agents must not allow scripts to override the <code
-   title=dom-location><a href="#location0">location</a></code> object's
+   title=dom-location><a href="#location1">location</a></code> object's
    setter.
 
   <h4 id=constructors><span class=secno>4.2.2. </span>Constructors</h4>
@@ -23284,19 +23284,18 @@ XXX selection ranges -->
    history is associated with a unique instance of a <code><a
    href="#location2">Location</a></code> object.
 
-  <p>The <dfn id=location0 title=dom-location><code>location</code></dfn>
+  <p>The <dfn id=location0
+   title=dom-document-location><code>location</code></dfn> attribute of the
+   <code><a href="#htmldocument">HTMLDocument</a></code> interface must
+   return the <code><a href="#location2">Location</a></code> object for that
+   <code>Document</code> object.
+
+  <p>The <dfn id=location1 title=dom-location><code>location</code></dfn>
    attribute of the <code><a href="#window">Window</a></code> interface must
    return the <code><a href="#location2">Location</a></code> object for that
    <code><a href="#window">Window</a></code> object's <a
    href="#active">active document</a>.
 
-  <p>For historical reasons, the <dfn id=location1
-   title=dom-document-location><code>location</code></dfn> attribute of the
-   <code><a href="#htmldocument">HTMLDocument</a></code> interface must
-   return the same object as the <code title=dom-location><a
-   href="#location0">location</a></code> attribute on its associated <code><a
-   href="#window">Window</a></code> object.
-
   <p><code><a href="#location2">Location</a></code> objects provide a
    representation of the URI of their document, and allow the <a
    href="#current0">current entry</a> of the <a href="#browsing0">browsing

diff --git a/source b/source
@@ -20978,17 +20978,17 @@ XXX selection ranges -->
   history is associated with a unique instance of a
   <code>Location</code> object.</p>
 
+  <p>The <dfn
+  title="dom-document-location"><code>location</code></dfn> attribute
+  of the <code>HTMLDocument</code> interface must return the
+  <code>Location</code> object for that <code>Document</code>
+  object.</p>
+
   <p>The <dfn title="dom-location"><code>location</code></dfn>
   attribute of the <code>Window</code> interface must return the
   <code>Location</code> object for that <code>Window</code> object's
   <span>active document</span>.</p>
 
-  <p>For historical reasons, the <dfn
-  title="dom-document-location"><code>location</code></dfn> attribute
-  of the <code>HTMLDocument</code> interface must return the same
-  object as the <code title="dom-location">location</code> attribute
-  on its associated <code>Window</code> object.</p>
-
   <p><code>Location</code> objects provide a representation of the URI
   of their document, and allow the <span>current entry</span> of the
   <span>browsing context</span>'s session history to be changed, by