Skip to content
Permalink
Browse files

[giow] (3) Make Location be protected from cross-origin access like W…

…indow.

Affected topics: DOM APIs, Security

git-svn-id: http://svn.whatwg.org/webapps@7514 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
Hixie committed Nov 20, 2012
1 parent 22030a8 commit 624dafd7391499254fee13020ea43c630b769bbe
Showing with 44 additions and 2 deletions.
  1. +15 −1 complete.html
  2. +15 −1 index
  3. +14 −0 source
<a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with which
the <code><a href=#location>Location</a></code> object is associated

</ul></div>
</ul><p>When a script whose <a href=#effective-script-origin>effective script origin</a> is not the same as the
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script
origin</a> attempts to access that <code><a href=#location>Location</a></code> object's methods or attributes, the
user agent must act as if any changes to the <code><a href=#location>Location</a></code> object's properties, getters,
setters, etc, were not present.</p>

<p>For members that return objects (including function objects), each distinct <a href=#effective-script-origin>effective
script origin</a> that is not the same as the <code><a href=#location>Location</a></code> object's
<code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a> must be provided with a separate set
of objects. These objects must have the prototype chain appropriate for the script for which the
objects are created (not those that would be appropriate for scripts whose <a href="#script's-global-object">script's global
object</a> is the <code><a href=#location>Location</a></code> object's <code><a href=#document>Document</a></code>'s <code><a href=#window>Window</a></code>
object).</p>

</div>
<!--REMOVE-TOPIC:Security-->


16 index
<a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with which
the <code><a href=#location>Location</a></code> object is associated

</ul></div>
</ul><p>When a script whose <a href=#effective-script-origin>effective script origin</a> is not the same as the
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script
origin</a> attempts to access that <code><a href=#location>Location</a></code> object's methods or attributes, the
user agent must act as if any changes to the <code><a href=#location>Location</a></code> object's properties, getters,
setters, etc, were not present.</p>

<p>For members that return objects (including function objects), each distinct <a href=#effective-script-origin>effective
script origin</a> that is not the same as the <code><a href=#location>Location</a></code> object's
<code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a> must be provided with a separate set
of objects. These objects must have the prototype chain appropriate for the script for which the
objects are created (not those that would be appropriate for scripts whose <a href="#script's-global-object">script's global
object</a> is the <code><a href=#location>Location</a></code> object's <code><a href=#document>Document</a></code>'s <code><a href=#window>Window</a></code>
object).</p>

</div>
<!--REMOVE-TOPIC:Security-->


14 source

</ul>

<p>When a script whose <span>effective script origin</span> is not the same as the
<code>Location</code> object's associated <code>Document</code>'s <span>effective script
origin</span> attempts to access that <code>Location</code> object's methods or attributes, the
user agent must act as if any changes to the <code>Location</code> object's properties, getters,
setters, etc, were not present.</p>

<p>For members that return objects (including function objects), each distinct <span>effective
script origin</span> that is not the same as the <code>Location</code> object's
<code>Document</code>'s <span>effective script origin</span> must be provided with a separate set
of objects. These objects must have the prototype chain appropriate for the script for which the
objects are created (not those that would be appropriate for scripts whose <span>script's global
object</span> is the <code>Location</code> object's <code>Document</code>'s <code>Window</code>
object).</p>

</div>
<!--REMOVE-TOPIC:Security-->

0 comments on commit 624dafd

Please sign in to comment.
You can’t perform that action at this time.