[e] (0) Add warning notes to the Security sections of Location and Wi…

…ndow since they are in flux with no end in sight. Affected topics: DOM APIs, Security git-svn-id: http://svn.whatwg.org/webapps@8196 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Sep 23, 2013 · 2b70548 · 2b70548
1 parent 627ce03
commit 2b70548
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 0 deletions.
diff --git a/complete.html b/complete.html
@@ -65601,6 +65601,12 @@ <h3 id=the-window-object><span class=secno>6.2 </span>The <code><a href=#window>
 
   <h4 id=security-window><span class=secno>6.2.1 </span>Security</h4>
 
+  <p class=XXX>This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code><a href=#window>Window</a></code> and <code><a href=#location>Location</a></code> objects should
+  work.</p>
+
   <p id=security-2>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
   properties of a <code><a href=#window>Window</a></code> object are accessed when the <a href=#incumbent-script>incumbent script</a> has
   an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a> as
@@ -67691,6 +67697,12 @@ <h4 id=the-location-interface><span class=secno>6.5.3 </span>The <code><a href=#
 
   <h5 id=security-location><span class=secno>6.5.3.1 </span>Security</h5>
 
+  <p class=XXX>This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code><a href=#window>Window</a></code> and <code><a href=#location>Location</a></code> objects should
+  work.</p>
+
   <p id=security-3>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
   properties of a <code><a href=#location>Location</a></code> object are accessed when the <a href=#entry-script>entry script</a> has an
   <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a> as the

diff --git a/index b/index
@@ -65601,6 +65601,12 @@ END:VCARD</pre>
 
   <h4 id=security-window><span class=secno>6.2.1 </span>Security</h4>
 
+  <p class=XXX>This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code><a href=#window>Window</a></code> and <code><a href=#location>Location</a></code> objects should
+  work.</p>
+
   <p id=security-2>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
   properties of a <code><a href=#window>Window</a></code> object are accessed when the <a href=#incumbent-script>incumbent script</a> has
   an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a> as
@@ -67691,6 +67697,12 @@ State: &lt;OUTPUT NAME=I&gt;1&lt;/OUTPUT&gt; &lt;INPUT VALUE="Increment" TYPE=BU
 
   <h5 id=security-location><span class=secno>6.5.3.1 </span>Security</h5>
 
+  <p class=XXX>This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code><a href=#window>Window</a></code> and <code><a href=#location>Location</a></code> objects should
+  work.</p>
+
   <p id=security-3>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
   properties of a <code><a href=#location>Location</a></code> object are accessed when the <a href=#entry-script>entry script</a> has an
   <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a> as the

diff --git a/source b/source
@@ -73147,6 +73147,12 @@ END:VCARD</pre>
 
   <h4 id="security-window">Security</h4>
 
+  <p class="XXX">This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code>Window</code> and <code>Location</code> objects should
+  work.</p>
+
   <p id="security-2">User agents must throw a <code>SecurityError</code> exception whenever any
   properties of a <code>Window</code> object are accessed when the <span>incumbent script</span> has
   an <span>effective script origin</span> that is not the <span title="same origin">same</span> as
@@ -75555,6 +75561,12 @@ State: &lt;OUTPUT NAME=I>1&lt;/OUTPUT> &lt;INPUT VALUE="Increment" TYPE=BUTTON O
 
   <h5 id="security-location">Security</h5>
 
+  <p class="XXX">This section describes a security model that is underdefined, imperfect, and does
+  not match implementations. Work is ongoing to attempt to resolve this, but in the meantime, please
+  do not rely on this section for precision. Implementors are urged to send their feedback on how
+  cross-origin cross-global access to <code>Window</code> and <code>Location</code> objects should
+  work.</p>
+
   <p id="security-3">User agents must throw a <code>SecurityError</code> exception whenever any
   properties of a <code>Location</code> object are accessed when the <span>entry script</span> has an
   <span>effective script origin</span> that is not the <span title="same origin">same</span> as the