Couple more examples in the security section for storage.

git-svn-id: http://svn.whatwg.org/webapps@82 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Jul 13, 2006 · b0c4471 · b0c4471
1 parent 398a4cf
commit b0c4471
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 9 deletions.
diff --git a/index b/index
@@ -14962,14 +14962,15 @@ interface <dfn id="storageitem">StorageItem</dfn> {
   <h5 id="storage0"><span class="secno">5.9.8.9. </span>Storage areas in the
    face of untrusted subdomains</h5>
 
-  <p>If an author publishing content on one host wishes to use the <code
+  <p>If an author publishing content on one host, e.g.
+   <code>example.com</code>, wishes to use the <code
    title="dom-globalStorage"><a
    href="#globalstorage">globalStorage</a></code> API but does not wish any
    content on the host's subdomains to access the data, the author should use
    an otherwise non-existent subdomain name, e.g.,
    <code>private.example.com</code>, to store the data. This will be
    accessible only to that host (and its parent domains), and not to any of
-   the real subdomains.
+   the real subdomains (e.g. <code>upload.example.com</code>).
 
   <h5 id="implementation0"><span class="secno">5.9.8.10.
    </span>Implementation risks</h5>

diff --git a/source b/source
@@ -13185,13 +13185,15 @@ interface <dfn>StorageItem</dfn> {
 
   <h5>Storage areas in the face of untrusted subdomains</h5>
 
-  <p>If an author publishing content on one host wishes to use the
-  <code title="dom-globalStorage">globalStorage</code> API but does
-  not wish any content on the host's subdomains to access the data,
-  the author should use an otherwise non-existent subdomain name,
-  e.g., <code>private.example.com</code>, to store the data. This will
-  be accessible only to that host (and its parent domains), and not to
-  any of the real subdomains.</p>
+  <p>If an author publishing content on one host,
+  e.g. <code>example.com</code>, wishes to use the <code
+  title="dom-globalStorage">globalStorage</code> API but does not wish
+  any content on the host's subdomains to access the data, the author
+  should use an otherwise non-existent subdomain name, e.g.,
+  <code>private.example.com</code>, to store the data. This will be
+  accessible only to that host (and its parent domains), and not to
+  any of the real subdomains
+  (e.g. <code>upload.example.com</code>).</p>
 
 
   <h5>Implementation risks</h5>