[giow] (2) Rework the security model for cross-origin access, so that…

… we can be surer that prototype objects are safe. git-svn-id: http://svn.whatwg.org/webapps@3622 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Aug 14, 2009 · 28e2c37 · 28e2c37
1 parent 922c3a8
commit 28e2c37
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 13 deletions.
diff --git a/index b/index
@@ -46321,7 +46321,31 @@ interface <dfn id=window>Window</dfn> {
 
    <li>The <a href=#dynamic-nested-browsing-context-properties>dynamic nested browsing context properties</a>
 
-  </ul><p>User agents must not allow scripts to override the <code title=dom-location><a href=#dom-location>location</a></code> object's setter.</p>
+  </ul><p>When a script whose <a href=#effective-script-origin>effective script origin</a> is not
+  the same as the <code><a href=#window>Window</a></code> object's <code>Document</code>'s
+  <a href=#effective-script-origin>effective script origin</a> attempts to access that
+  <code><a href=#window>Window</a></code> object's methods or attributes, the user agent
+  must act as if any changes to the <code><a href=#window>Window</a></code> object's
+  properties, getters, setters, etc, were not present.</p>
+
+  <p>For members that return objects (including function objects),
+  each distinct <a href=#effective-script-origin>effective script origin</a> that is not the
+  same as the <code><a href=#window>Window</a></code> object's <code>Document</code>'s
+  <a href=#effective-script-origin>effective script origin</a> must be provided with a
+  separate set of objects. These objects must have the prototype chain
+  appropriate for the script for which the objects are created (not
+  those that would be appropriate for scripts whose <a href="#script's-global-object">script's
+  global object</a> is the <code><a href=#window>Window</a></code> object in
+  question).</p>
+
+  <div class=example>
+
+   <p>For instance, if two frames containing <code>Document</code>s
+   from different <a href=#origin-0 title=origin>origins</a> access the same
+   <code><a href=#window>Window</a></code> object's <code title=dom-window-postMessage-2><a href=#dom-window-postmessage-2>postMessage()</a></code> method, they
+   will get distinct objects that are not equal.</p>
+
+  </div>
 
   </div>
 
@@ -51914,11 +51938,7 @@ style/default.css</pre>
    <a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with which
    the <code><a href=#location>Location</a></code> object is associated
 
-  </ul><p>User agents must not allow scripts to override the <code title=dom-location-href><a href=#dom-location-href>href</a></code> attribute's setter or the
-  <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> method on the
-  <code><a href=#location>Location</a></code> object.</p>
-
-  </div>
+  </ul></div>
 
 
   <div class=impl>

diff --git a/source b/source
@@ -52302,8 +52302,32 @@ interface <dfn>Window</dfn> {
 
   </ul>
 
-  <p>User agents must not allow scripts to override the <code
-  title="dom-location">location</code> object's setter.</p>
+  <p>When a script whose <span>effective script origin</span> is not
+  the same as the <code>Window</code> object's <code>Document</code>'s
+  <span>effective script origin</span> attempts to access that
+  <code>Window</code> object's methods or attributes, the user agent
+  must act as if any changes to the <code>Window</code> object's
+  properties, getters, setters, etc, were not present.</p>
+
+  <p>For members that return objects (including function objects),
+  each distinct <span>effective script origin</span> that is not the
+  same as the <code>Window</code> object's <code>Document</code>'s
+  <span>effective script origin</span> must be provided with a
+  separate set of objects. These objects must have the prototype chain
+  appropriate for the script for which the objects are created (not
+  those that would be appropriate for scripts whose <span>script's
+  global object</span> is the <code>Window</code> object in
+  question).</p>
+
+  <div class="example">
+
+   <p>For instance, if two frames containing <code>Document</code>s
+   from different <span title="origin">origins</span> access the same
+   <code>Window</code> object's <code
+   title="dom-window-postMessage-2">postMessage()</code> method, they
+   will get distinct objects that are not equal.</p>
+
+  </div>
 
   </div>
 
@@ -58814,11 +58838,6 @@ style/default.css</pre>
 
   </ul>
 
-  <p>User agents must not allow scripts to override the <code
-  title="dom-location-href">href</code> attribute's setter or the
-  <code title="dom-location-replace">replace()</code> method on the
-  <code>Location</code> object.</p>
-
   </div>