Short URL: http://html5.org/r/4900
| SVN | Bug | Comment | Time (UTC) |
|---|---|---|---|
| 4900 | 9173 | stablise ids for security sections | 2010-03-30 01:39 |
Index: source =================================================================== --- source (revision 4899) +++ source (revision 4900) @@ -7282,9 +7282,9 @@ this interface are described in various different sections.</p> - <h4>Security</h4> + <h4 id="security-document">Security</h4> - <p>User agents <span class="impl">must</span> raise a + <p id="security">User agents <span class="impl">must</span> raise a <code>SECURITY_ERR</code> exception whenever any of the members of an <code>HTMLDocument</code> object are accessed by scripts whose <span>effective script origin</span> is not the <span title="same @@ -45906,13 +45906,13 @@ </div> - <h5>Security</h5> + <h5 id="security-forms">Security</h5> - <p>Servers should not rely on client-side validation. Client-side - validation can be intentionally bypassed by hostile users, and - unintentionally bypassed by users of older user agents or automated - tools that do not implement these features. The constraint - validation features are only intended to improve the user + <p id="security-0">Servers should not rely on client-side + validation. Client-side validation can be intentionally bypassed by + hostile users, and unintentionally bypassed by users of older user + agents or automated tools that do not implement these features. The + constraint validation features are only intended to improve the user experience, not to provide any kind of security mechanism.</p> @@ -59833,12 +59833,12 @@ <div class="impl"> - <h4>Security</h4> + <h4 id="security-nav">Security</h4> - <p>A <span>browsing context</span> <var title="">A</var> is - <dfn>allowed to navigate</dfn> a second <span>browsing - context</span> <var title="">B</var> if one of the following - conditions is true:</p> + <p id="security-1">A <span>browsing context</span> <var + title="">A</var> is <dfn>allowed to navigate</dfn> a second + <span>browsing context</span> <var title="">B</var> if one of the + following conditions is true:</p> <ul> @@ -60233,14 +60233,14 @@ <div class="impl"> - <h4>Security</h4> + <h4 id="security-window">Security</h4> - <p>User agents must raise a <code>SECURITY_ERR</code> exception - whenever any of the members of a <code>Window</code> object are - accessed by scripts whose <span>effective script origin</span> is - not the same as the <code>Window</code> object's - <code>Document</code>'s <span>effective script origin</span>, with - the following exceptions:</p> + <p id="security-2">User agents must raise a + <code>SECURITY_ERR</code> exception whenever any of the members of a + <code>Window</code> object are accessed by scripts whose + <span>effective script origin</span> is not the same as the + <code>Window</code> object's <code>Document</code>'s <span>effective + script origin</span>, with the following exceptions:</p> <ul> @@ -62214,14 +62214,15 @@ <div class="impl"> - <h5>Security</h5> + <h5 id="security-location">Security</h5> - <p>User agents must raise a <code>SECURITY_ERR</code> exception whenever - any of the members of a <code>Location</code> object are accessed by - scripts whose <span>effective script origin</span> is not the <span - title="same origin">same</span> as the <code>Location</code> - object's associated <code>Document</code>'s <span>effective script - origin</span>, with the following exceptions:</p> + <p id="security-3">User agents must raise a + <code>SECURITY_ERR</code> exception whenever any of the members of a + <code>Location</code> object are accessed by scripts whose + <span>effective script origin</span> is not the <span title="same + origin">same</span> as the <code>Location</code> object's associated + <code>Document</code>'s <span>effective script origin</span>, with + the following exceptions:</p> <ul> @@ -79807,7 +79808,7 @@ </div> - <h4>Security</h4> + <h4 id="security-postmsg">Security</h4> <div class="impl"> @@ -79815,9 +79816,9 @@ </div> - <p class="warning">Use of this API requires extra care to protect - users from hostile entities abusing a site for their own - purposes.</p> + <p id="security-4" class="warning">Use of this API requires extra + care to protect users from hostile entities abusing a site for their + own purposes.</p> <p>Authors should check the <code title="dom-MessageEvent-origin">origin</code> attribute to ensure @@ -82490,7 +82491,7 @@ it is promptly deleted from the underlying storage.</p> - <h4>Security</h4> + <h4 id="security-storage">Security</h4> <h5>DNS spoofing attacks</h5>