Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[giow] (3) Security: data: URLs shouldn't get the origin of a redirec…
…tor, since that redirector might be tricked into redirecting a data: URLs by a hostile origin, thus letting that hostile origin expose a same-origin data: URL.

Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=21506
Affected topics: Security

git-svn-id: http://svn.whatwg.org/webapps@7881 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed May 31, 2013
1 parent 12465df commit 9d54bd4
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 54 deletions.
20 changes: 3 additions & 17 deletions complete.html
Expand Up @@ -65343,20 +65343,6 @@ <h3 id=origin-0><span class=secno>6.3 </span>Origin</h3>
</dd>


<dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> that was returned as the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or equivalent</a> in other protocols)</dt>

<dd>

<p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
<a href=#origin>origin</a> of the <a href=#url>URL</a> that redirected to the <a href=#data-protocol title="data
protocol"><code title="">data:</code> URL</a>.</p>

<p>The <a href=#effective-script-origin>effective script origin</a> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#origin>origin</a> of the
<code><a href=#document>Document</a></code>.</p>

</dd>


<dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> found in another <code><a href=#document>Document</a></code> or in a script</dt>

<dd>
Expand Down Expand Up @@ -65399,9 +65385,9 @@ <h3 id=origin-0><span class=secno>6.3 </span>Origin</h3>


<dt>If a <code><a href=#document>Document</a></code> was obtained in some other manner (e.g. a <a href=#data-protocol title="data
protocol"><code title="">data:</code> URL</a> typed in by the user, a <code><a href=#document>Document</a></code>
created using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code>
API, etc)</dt>
protocol"><code title="">data:</code> URL</a> typed in by the user or that was returned as
the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or
equivalent</a> in other protocols), a <code><a href=#document>Document</a></code> created using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code> API, etc)</dt>

<dd>

Expand Down
20 changes: 3 additions & 17 deletions index
Expand Up @@ -65343,20 +65343,6 @@ x === this; // true</pre>
</dd>


<dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> that was returned as the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or equivalent</a> in other protocols)</dt>

<dd>

<p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
<a href=#origin>origin</a> of the <a href=#url>URL</a> that redirected to the <a href=#data-protocol title="data
protocol"><code title="">data:</code> URL</a>.</p>

<p>The <a href=#effective-script-origin>effective script origin</a> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#origin>origin</a> of the
<code><a href=#document>Document</a></code>.</p>

</dd>


<dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> found in another <code><a href=#document>Document</a></code> or in a script</dt>

<dd>
Expand Down Expand Up @@ -65399,9 +65385,9 @@ x === this; // true</pre>


<dt>If a <code><a href=#document>Document</a></code> was obtained in some other manner (e.g. a <a href=#data-protocol title="data
protocol"><code title="">data:</code> URL</a> typed in by the user, a <code><a href=#document>Document</a></code>
created using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code>
API, etc)</dt>
protocol"><code title="">data:</code> URL</a> typed in by the user or that was returned as
the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or
equivalent</a> in other protocols), a <code><a href=#document>Document</a></code> created using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code> API, etc)</dt>

<dd>

Expand Down
24 changes: 4 additions & 20 deletions source
Expand Up @@ -73061,23 +73061,6 @@ x === this; // true</pre>
</dd>


<dt>If a <code>Document</code> was generated from a <span title="data protocol"><code
title="">data:</code> URL</span> that was returned as the location of an HTTP redirect (<span
title="concept-http-equivalent-codes">or equivalent</span> in other protocols)</dt>

<dd>

<p>The <span>origin</span> is an <span title="concept-origin-alias">alias</span> to the
<span>origin</span> of the <span>URL</span> that redirected to the <span title="data
protocol"><code title="">data:</code> URL</span>.</p>

<p>The <span>effective script origin</span> is initially an <span
title="concept-origin-alias">alias</span> to the <span>origin</span> of the
<code>Document</code>.</p>

</dd>


<dt>If a <code>Document</code> was generated from a <span title="data protocol"><code
title="">data:</code> URL</span> found in another <code>Document</code> or in a script</dt>

Expand Down Expand Up @@ -73126,9 +73109,10 @@ x === this; // true</pre>


<dt>If a <code>Document</code> was obtained in some other manner (e.g. a <span title="data
protocol"><code title="">data:</code> URL</span> typed in by the user, a <code>Document</code>
created using the <code title="dom-DOMImplementation-createDocument">createDocument()</code>
API, etc)</dt>
protocol"><code title="">data:</code> URL</span> typed in by the user or that was returned as
the location of an HTTP redirect (<span title="concept-http-equivalent-codes">or
equivalent</span> in other protocols), a <code>Document</code> created using the <code
title="dom-DOMImplementation-createDocument">createDocument()</code> API, etc)</dt>

<dd>

Expand Down

0 comments on commit 9d54bd4

Please sign in to comment.