Short URL: http://html5.org/r/82
| SVN | Bug | Comment | Time (UTC) |
|---|---|---|---|
| 82 | Couple more examples in the security section for storage. | 2006-07-13 07:56 |
Index: source =================================================================== --- source (revision 81) +++ source (revision 82) @@ -13185,13 +13185,15 @@ <h5>Storage areas in the face of untrusted subdomains</h5> - <p>If an author publishing content on one host wishes to use the - <code title="dom-globalStorage">globalStorage</code> API but does - not wish any content on the host's subdomains to access the data, - the author should use an otherwise non-existent subdomain name, - e.g., <code>private.example.com</code>, to store the data. This will - be accessible only to that host (and its parent domains), and not to - any of the real subdomains.</p> + <p>If an author publishing content on one host, + e.g. <code>example.com</code>, wishes to use the <code + title="dom-globalStorage">globalStorage</code> API but does not wish + any content on the host's subdomains to access the data, the author + should use an otherwise non-existent subdomain name, e.g., + <code>private.example.com</code>, to store the data. This will be + accessible only to that host (and its parent domains), and not to + any of the real subdomains + (e.g. <code>upload.example.com</code>).</p> <h5>Implementation risks</h5>