HTML Standard Tracker

Filter

File a bug

SVNBugCommentTime (UTC)
3878[Gecko] [Internet Explorer] [Opera] [Webkit] Setting document.domain has to make localStorage unusable because otherwise you can cause deadlocks with per-origin localStorage locks2009-09-16 22:22
@@ -62476,31 +62476,41 @@ interface <span>WindowLocalStorage</span> {
 
   <p>User agents must have a set of local storage areas, one for each
   <span>origin</span>.</p>
 
   <p>User agents should expire data from the local storage areas only
   for security reasons or when requested to do so by the user. User
   agents should always avoid deleting data while a script that could
   access that data is running.</p>
 
   <p>When the <code title="dom-localStorage">localStorage</code>
-  attribute is accessed, the user agent must check to see if it has
-  allocated a local storage area for the <span>origin</span> of the
-  <code>Document</code> of the <code>Window</code> object on which the
-  method was invoked. If it has not, a new storage area for that
-  <span>origin</span> must be created.</p>
-
-  <p>The user agent must then return the <code>Storage</code> object
-  associated with that origin's local storage area. Each
-  <code>Document</code> object must have a separate object for its
-  <code>Window</code>'s <code
-  title="dom-localStorage">localStorage</code> attribute.</p>
+  attribute is accessed, the user agent must run the following steps:</p>
+
+  <ol>
+
+   <li><p>If the <code>Document</code>'s <span>effective script
+   origin</span> is not the <span>same origin</span> as the
+   <code>Document</code>'s <span>origin</span>, then throw a
+   <code>SECURITY_ERR</code> exception and abort these steps.</p></li>
+
+   <li><p>Check to see if the user agent has allocated a local storage
+   area for the <span>origin</span> of the <code>Document</code> of
+   the <code>Window</code> object on which the method was invoked. If
+   it has not, create a new storage area for that
+   <span>origin</span>.</p></li>
+
+   <li><p>Return the <code>Storage</code> object associated with that
+   origin's local storage area. Each <code>Document</code> object must
+   have a separate object for its <code>Window</code>'s <code
+   title="dom-localStorage">localStorage</code> attribute.</p>
+
+  </ol>
 
   <p id="localStorageEvent">When the <code
   title="dom-Storage-setItem">setItem()</code>, <code
   title="dom-Storage-removeItem">removeItem()</code>, and <code
   title="dom-Storage-clear">clear()</code> methods are called on a
   <code>Storage</code> object <var title="">x</var> that is associated
   with a local storage area, if the methods did something, then in
   every <code>HTMLDocument</code> object whose <code>Window</code>
   object's <code title="dom-localStorage">localStorage</code>
   attribute's <code>Storage</code> object is associated with the same

|