Skip to content
Permalink
Browse files

[giow] (3) Block enumeration of cross-origin objects, and clean up th…

…e language around those objects to be more consistent so that differences can more easily be seen.

Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=22102
Affected topics: DOM APIs, Security

git-svn-id: http://svn.whatwg.org/webapps@7997 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
Hixie committed Jun 24, 2013
1 parent 724f938 commit 69458cbe8e05e47d500f0a1c8a0e78324cd27777
Showing with 129 additions and 69 deletions.
  1. +43 −23 complete.html
  2. +43 −23 index
  3. +43 −23 source
}
}, false);

</script><script async defer src="//survey.g.doubleclick.net/async_survey?site=5kr27scvp3mng"></script><body onload=init()>
</script><script async defer src="//survey.g.doubleclick.net/async_survey?site=52xlbs7js527m"></script><body onload=init()>

<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h4 id=security-document><span class=secno>3.1.2 </span>Security</h4>

<p id=security>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
properties of a <code><a href=#document>Document</a></code> object are accessed by scripts whose <a href=#effective-script-origin>effective script
origin</a> is not the <a href=#same-origin title="same origin">same</a> as the <code><a href=#document>Document</a></code>'s
<a href=#effective-script-origin>effective script origin</a>.</p>
properties of a <code><a href=#document>Document</a></code> object are accessed when the <a href=#incumbent-script>incumbent script</a>
has an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a>
as the <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>.</p>

<p>When the <a href=#incumbent-script>incumbent script</a>'s <a href=#effective-script-origin>effective script origin</a> is different than
a <code><a href=#document>Document</a></code> object's <a href=#effective-script-origin>effective script origin</a>, the user agent must act as
if <!--(redundant since you can't access any anyway) any changes to that <code>Document</code>
object's properties, getters, setters, etc, were not present, and as if--> all the properties of
that <code><a href=#document>Document</a></code> object had their [[Enumerable]] attribute set to false.</p>
<!--REMOVE-TOPIC:Security-->


<h4 id=security-window><span class=secno>6.2.1 </span>Security</h4>

<p id=security-2>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
properties of a <code><a href=#window>Window</a></code> object are accessed by scripts whose <a href=#effective-script-origin>effective script
origin</a> is not the <a href=#same-origin title="same origin">same</a> as the <code><a href=#window>Window</a></code> object's
<code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>, with the following exceptions:</p>
properties of a <code><a href=#window>Window</a></code> object are accessed when the <a href=#incumbent-script>incumbent script</a> has
an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a> as
the <code><a href=#window>Window</a></code> object's <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>,
with the following exceptions:</p>

<ul><li>The <code title=dom-location><a href=#dom-location>location</a></code> attribute


<li>The <a href=#dynamic-nested-browsing-context-properties>dynamic nested browsing context properties</a>

</ul><p>When a script whose <a href=#effective-script-origin>effective script origin</a> is not the same as the
<code><a href=#window>Window</a></code> object's <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a> attempts
to access that <code><a href=#window>Window</a></code> object's methods or attributes, the user agent must act as if
any changes to the <code><a href=#window>Window</a></code> object's properties, getters, setters, etc, were not
present.</p>
</ul><p>When the <a href=#incumbent-script>incumbent script</a>'s <a href=#effective-script-origin>effective script origin</a> is different than
a <code><a href=#window>Window</a></code> object's <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>, the
user agent must act as if any changes to that <code><a href=#window>Window</a></code> object's properties, getters,
setters, etc, were not present, and as if all the properties of that <code><a href=#window>Window</a></code> object
had their [[Enumerable]] attribute set to false.</p>

<p>For members that return objects (including function objects), each distinct <a href=#effective-script-origin>effective
script origin</a> that is not the same as the <code><a href=#window>Window</a></code> object's
<h5 id=security-location><span class=secno>6.5.3.1 </span>Security</h5>

<p id=security-3>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
properties of a <code><a href=#location>Location</a></code> object are accessed when the <a href=#entry-script>entry script</a>'s
<a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same origin">same</a> as the
properties of a <code><a href=#location>Location</a></code> object are accessed when the <a href=#entry-script>entry script</a> has an
<a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a> as the
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s
<a href=#active-document>active document</a>'s <a href=#effective-script-origin>effective script origin</a>, with the following
exceptions:</p>
origin</a> is the <a href=#same-origin>same origin</a> as the <code><a href=#location>Location</a></code> object's associated
<code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>

</ul><p>When the <a href=#entry-script>entry script</a>'s <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin>same
origin</a> as the <code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s
<a href=#effective-script-origin>effective script origin</a>, attempts to access that <code><a href=#location>Location</a></code> object's
methods or attributes must cause the user agent to act as if any changes to the
<code><a href=#location>Location</a></code> object's properties, getters, setters, etc, were not present.</p>
</ul><p>When the <a href=#entry-script>entry script</a>'s <a href=#effective-script-origin>effective script origin</a> is different than a
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script
origin</a>, the user agent must act as if any changes to that <code><a href=#location>Location</a></code> object's
properties, getters, setters, etc, were not present, and as if all the properties of that
<code><a href=#location>Location</a></code> object had their [[Enumerable]] attribute set to false.</p>

<p>For members that return objects (including function objects), each distinct <a href=#effective-script-origin>effective
script origin</a> that is not the <a href=#same-origin>same origin</a> as the <code><a href=#location>Location</a></code> object's
<!--ADD-TOPIC:Security-->
<h5 id=security-localStorage><span class=secno>11.2.3.1 </span>Security</h5>

<p>For the purposes of this section, a <code><a href=#storage-0>Storage</a></code> object originally returned by a <code title=dom-localStorage><a href=#dom-localstorage>localStorage</a></code> attribute is a <dfn id=protected-storage-object>protected <code>Storage</code>
object</dfn>.</p>

<p>For the purposes of this section, the <dfn id=original-origin>original origin</dfn> of a <a href=#protected-storage-object>protected
<code>Storage</code> object</a> is the <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> of the
<code><a href=#window>Window</a></code> object on which the <code title=dom-localStorage><a href=#dom-localstorage>localStorage</a></code>
attribute that returned the <code><a href=#storage-0>Storage</a></code> object was accessed.</p>

<p>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any properties of a
<code><a href=#storage-0>Storage</a></code> object originally returned by the <code title=dom-localStorage><a href=#dom-localstorage>localStorage</a></code> attribute are accessed by scripts whose
<a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same origin">same</a> as the
<a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> of the <code><a href=#window>Window</a></code> object on which the
<code title=dom-localStorage><a href=#dom-localstorage>localStorage</a></code> attribute was accessed.</p>
<a href=#protected-storage-object>protected <code>Storage</code> object</a> are accessed when the <a href=#incumbent-script>incumbent
script</a> has an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same
origin">same</a> as the <a href=#original-origin>original origin</a> of that <code><a href=#storage-0>Storage</a></code> object.</p>

<p>When the <a href=#incumbent-script>incumbent script</a>'s <a href=#effective-script-origin>effective script origin</a> is different than
a <a href=#protected-storage-object>protected <code>Storage</code> object</a>'s <a href=#original-origin>original origin</a>, the user
agent must act as if any changes to that <code><a href=#storage-0>Storage</a></code> object's properties, getters,
setters, etc, were not present, and as if all the properties of that <code><a href=#storage-0>Storage</a></code> object
had their [[Enumerable]] attribute set to false.</p>

<p class=note>This means <code><a href=#storage-0>Storage</a></code> objects are neutered
when the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code>

0 comments on commit 69458cb

Please sign in to comment.
You can’t perform that action at this time.