[giow] (2) Make sandboxed iframes block document.domain setting

Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23040 Affected topics: HTML, Security git-svn-id: http://svn.whatwg.org/webapps@8275 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Nov 13, 2013 · 1827bb8 · 1827bb8
1 parent 597f77e
commit 1827bb8
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 3 deletions.
diff --git a/complete.html b/complete.html
@@ -65200,7 +65200,7 @@ <h4 id=relaxing-the-same-origin-restriction><span class=secno>6.3.1 </span>Relax
 
     <p>Can be set to a value that removes subdomains, to change the <a href=#effective-script-origin>effective script
     origin</a> to allow pages on other subdomains of the same domain (if they do the same thing)
-    to access each other.</p>
+    to access each other. (Can't be set in sandboxed <code><a href=#the-iframe-element>iframe</a></code>s.)</p>
 
    </dd>
 
@@ -65225,6 +65225,14 @@ <h4 id=relaxing-the-same-origin-restriction><span class=secno>6.3.1 </span>Relax
 
    </li>
 
+   <li>
+
+    <p>If the <code><a href=#document>Document</a></code>'s <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> has its
+    <a href=#sandboxed-document.domain-browsing-context-flag>sandboxed <code title=dom-document-domain>document.domain</code> browsing context
+    flag</a> set, throw a <code><a href=#securityerror>SecurityError</a></code> exception and abort these steps.</p>
+
+   </li>
+
    <li>
 
     <p>If the new value is an IPv4 or IPv6 address, let <var title="">new value</var> be the new
@@ -65474,6 +65482,17 @@ <h3 id=sandboxing><span class=secno>6.4 </span>Sandboxing</h3>
 
    </dd>
 
+
+   <dt>The <dfn id=sandboxed-document.domain-browsing-context-flag>sandboxed <code title=dom-document-domain>document.domain</code> browsing context flag</dfn></dt>
+
+   <dd>
+
+    <p>This flag prevents content from using the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code> feature to change the <a href=#effective-script-origin>effective script
+    origin</a>.</p>
+
+   </dd>
+
+
   </dl><p>When the user agent is to <dfn id=parse-a-sandboxing-directive>parse a sandboxing directive</dfn>, given a string <var title="">input</var>, a <a href=#sandboxing-flag-set>sandboxing flag set</a> <var title="">output</var>, and
   optionally an <var title="">allow fullscreen flag</var>, it must run the following steps:</p>
 
@@ -65539,6 +65558,9 @@ <h3 id=sandboxing><span class=secno>6.4 </span>Sandboxing</h3>
      <li><p>The <a href=#sandboxed-fullscreen-browsing-context-flag>sandboxed fullscreen browsing context flag</a>, unless the <var title="">allow fullscreen flag</var> was passed to the <a href=#parse-a-sandboxing-directive>parse a sandboxing
      directive</a> flag.</li>
 
+     <li><p>The <a href=#sandboxed-document.domain-browsing-context-flag>sandboxed <code title=dom-document-domain>document.domain</code> browsing
+     context flag</a>.</li>
+
     </ul></li>
 
   </ol><hr><p>Every <a href=#top-level-browsing-context>top-level browsing context</a> has a <dfn id=popup-sandboxing-flag-set>popup sandboxing flag set</dfn>, which

diff --git a/index b/index
@@ -65200,7 +65200,7 @@ x === this; // true</pre>
 
     <p>Can be set to a value that removes subdomains, to change the <a href=#effective-script-origin>effective script
     origin</a> to allow pages on other subdomains of the same domain (if they do the same thing)
-    to access each other.</p>
+    to access each other. (Can't be set in sandboxed <code><a href=#the-iframe-element>iframe</a></code>s.)</p>
 
    </dd>
 
@@ -65225,6 +65225,14 @@ x === this; // true</pre>
 
    </li>
 
+   <li>
+
+    <p>If the <code><a href=#document>Document</a></code>'s <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> has its
+    <a href=#sandboxed-document.domain-browsing-context-flag>sandboxed <code title=dom-document-domain>document.domain</code> browsing context
+    flag</a> set, throw a <code><a href=#securityerror>SecurityError</a></code> exception and abort these steps.</p>
+
+   </li>
+
    <li>
 
     <p>If the new value is an IPv4 or IPv6 address, let <var title="">new value</var> be the new
@@ -65474,6 +65482,17 @@ x === this; // true</pre>
 
    </dd>
 
+
+   <dt>The <dfn id=sandboxed-document.domain-browsing-context-flag>sandboxed <code title=dom-document-domain>document.domain</code> browsing context flag</dfn></dt>
+
+   <dd>
+
+    <p>This flag prevents content from using the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code> feature to change the <a href=#effective-script-origin>effective script
+    origin</a>.</p>
+
+   </dd>
+
+
   </dl><p>When the user agent is to <dfn id=parse-a-sandboxing-directive>parse a sandboxing directive</dfn>, given a string <var title="">input</var>, a <a href=#sandboxing-flag-set>sandboxing flag set</a> <var title="">output</var>, and
   optionally an <var title="">allow fullscreen flag</var>, it must run the following steps:</p>
 
@@ -65539,6 +65558,9 @@ x === this; // true</pre>
      <li><p>The <a href=#sandboxed-fullscreen-browsing-context-flag>sandboxed fullscreen browsing context flag</a>, unless the <var title="">allow fullscreen flag</var> was passed to the <a href=#parse-a-sandboxing-directive>parse a sandboxing
      directive</a> flag.</li>
 
+     <li><p>The <a href=#sandboxed-document.domain-browsing-context-flag>sandboxed <code title=dom-document-domain>document.domain</code> browsing
+     context flag</a>.</li>
+
     </ul></li>
 
   </ol><hr><p>Every <a href=#top-level-browsing-context>top-level browsing context</a> has a <dfn id=popup-sandboxing-flag-set>popup sandboxing flag set</dfn>, which

diff --git a/source b/source
@@ -72594,7 +72594,7 @@ x === this; // true</pre>
 
     <p>Can be set to a value that removes subdomains, to change the <span>effective script
     origin</span> to allow pages on other subdomains of the same domain (if they do the same thing)
-    to access each other.</p>
+    to access each other. (Can't be set in sandboxed <code>iframe</code>s.)</p>
 
    </dd>
 
@@ -72623,6 +72623,14 @@ x === this; // true</pre>
 
    </li>
 
+   <li>
+
+    <p>If the <code>Document</code>'s <span>active sandboxing flag set</span> has its
+    <span>sandboxed <code data-x="dom-document-domain">document.domain</code> browsing context
+    flag</span> set, throw a <code>SecurityError</code> exception and abort these steps.</p>
+
+   </li>
+
    <li>
 
     <p>If the new value is an IPv4 or IPv6 address, let <var data-x="">new value</var> be the new
@@ -72901,6 +72909,18 @@ x === this; // true</pre>
 
    </dd>
 
+
+   <dt>The <dfn>sandboxed <code data-x="dom-document-domain">document.domain</code> browsing context flag</dfn></dt>
+
+   <dd>
+
+    <p>This flag prevents content from using the <code
+    data-x="dom-document-domain">document.domain</code> feature to change the <span>effective script
+    origin</span>.</p>
+
+   </dd>
+
+
   </dl>
 
   <p>When the user agent is to <dfn>parse a sandboxing directive</dfn>, given a string <var
@@ -72988,6 +73008,9 @@ x === this; // true</pre>
      data-x="">allow fullscreen flag</var> was passed to the <span>parse a sandboxing
      directive</span> flag.</p></li>
 
+     <li><p>The <span>sandboxed <code data-x="dom-document-domain">document.domain</code> browsing
+     context flag</span>.</p></li>
+
     </ul>
 
    </li>