[e] (0) Mention some DOS risks with window.postMessage().

Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=14329 git-svn-id: http://svn.whatwg.org/webapps@6743 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Oct 24, 2011 · 96a1d84 · 96a1d84
1 parent 45cef9a
commit 96a1d84
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 2 deletions.
diff --git a/complete.html b/complete.html
@@ -240,7 +240,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 24 October 2011</h2>
+    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 25 October 2011</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -81555,6 +81555,15 @@ <h5 id=authors><span class=secno>11.4.2.1 </span>Authors</h5>
   that the message is only delivered to the recipient to which it was
   intended.</p>
 
+  <hr><p>Authors who accept messages from any origin are encouraged to
+  consider the risks of a denial-of-service attack. An attacker could
+  send a high volume of messages; if the receiving page performs
+  expensive computation or causes network traffic to be sent for each
+  such message, the attacker's message could be multplied into a
+  denial-of-service attack. Authors are encouraged to employ rate
+  limiting (only accepting a certain number of messages per minute) to
+  make such attacks impractical.</p>
+
 
   <div class=impl>
 
@@ -81571,6 +81580,10 @@ <h5 id=user-agents><span class=secno>11.4.2.2 </span>User agents</h5>
   disallowed for security reasons. It also requires that UAs be
   careful to allow access to certain properties but not others.</p>
 
+  <hr><p>User agents are also encouraged to consider rate-limiting message
+  traffic between different <a href=#origin title=origin>origins</a>, to
+  protect na&iuml;ve sites from denial-of-service attacks.</p>
+
   </div>
 
 
@@ -81760,6 +81773,7 @@ <h4 id=posting-messages><span class=secno>11.4.3 </span>Posting messages</h4>
 
 
 
+
   <h3 id=channel-messaging><span class=secno>11.5 </span><dfn>Channel messaging</dfn></h3>
 
   <h4 id=introduction-15><span class=secno>11.5.1 </span>Introduction</h4>

diff --git a/index b/index
@@ -240,7 +240,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 24 October 2011</h2>
+    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 25 October 2011</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -81555,6 +81555,15 @@ function receiver(e) {
   that the message is only delivered to the recipient to which it was
   intended.</p>
 
+  <hr><p>Authors who accept messages from any origin are encouraged to
+  consider the risks of a denial-of-service attack. An attacker could
+  send a high volume of messages; if the receiving page performs
+  expensive computation or causes network traffic to be sent for each
+  such message, the attacker's message could be multplied into a
+  denial-of-service attack. Authors are encouraged to employ rate
+  limiting (only accepting a certain number of messages per minute) to
+  make such attacks impractical.</p>
+
 
   <div class=impl>
 
@@ -81571,6 +81580,10 @@ function receiver(e) {
   disallowed for security reasons. It also requires that UAs be
   careful to allow access to certain properties but not others.</p>
 
+  <hr><p>User agents are also encouraged to consider rate-limiting message
+  traffic between different <a href=#origin title=origin>origins</a>, to
+  protect na&iuml;ve sites from denial-of-service attacks.</p>
+
   </div>
 
 
@@ -81760,6 +81773,7 @@ function receiver(e) {
 
 
 
+
   <h3 id=channel-messaging><span class=secno>11.5 </span><dfn>Channel messaging</dfn></h3>
 
   <h4 id=introduction-15><span class=secno>11.5.1 </span>Introduction</h4>

diff --git a/source b/source
@@ -92390,6 +92390,17 @@ function receiver(e) {
   that the message is only delivered to the recipient to which it was
   intended.</p>
 
+  <hr>
+
+  <p>Authors who accept messages from any origin are encouraged to
+  consider the risks of a denial-of-service attack. An attacker could
+  send a high volume of messages; if the receiving page performs
+  expensive computation or causes network traffic to be sent for each
+  such message, the attacker's message could be multplied into a
+  denial-of-service attack. Authors are encouraged to employ rate
+  limiting (only accepting a certain number of messages per minute) to
+  make such attacks impractical.</p>
+
 
   <div class="impl">
 
@@ -92407,6 +92418,12 @@ function receiver(e) {
   disallowed for security reasons. It also requires that UAs be
   careful to allow access to certain properties but not others.</p>
 
+  <hr>
+
+  <p>User agents are also encouraged to consider rate-limiting message
+  traffic between different <span title="origin">origins</span>, to
+  protect na&iuml;ve sites from denial-of-service attacks.</p>
+
   </div>
 
 
@@ -92635,6 +92652,7 @@ function receiver(e) {
 
 
 
+
   <h3><dfn>Channel messaging</dfn></h3>
 
   <h4>Introduction</h4>