[] (3) Remove security checks on Document since there should now be n…

…o way to get to a Document from another origin. Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23219 Affected topics: DOM APIs, HTML Syntax and Parsing, Security git-svn-id: http://svn.whatwg.org/webapps@8273 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Nov 12, 2013 · 3f221df · 3f221df
1 parent 3bc328b
commit 3f221df
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 75 deletions.
diff --git a/complete.html b/complete.html
@@ -444,10 +444,9 @@ <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 12 November 2013<
    <li><a href=#documents><span class=secno>3.1 </span>Documents</a>
     <ol>
      <li><a href=#the-document-object><span class=secno>3.1.1 </span>The <code>Document</code> object</a></li>
-     <li><a href=#security-document><span class=secno>3.1.2 </span>Security</a></li>
-     <li><a href=#resource-metadata-management><span class=secno>3.1.3 </span>Resource metadata management</a></li>
-     <li><a href=#dom-tree-accessors><span class=secno>3.1.4 </span>DOM tree accessors</a></li>
-     <li><a href=#loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</a></ol></li>
+     <li><a href=#resource-metadata-management><span class=secno>3.1.2 </span>Resource metadata management</a></li>
+     <li><a href=#dom-tree-accessors><span class=secno>3.1.3 </span>DOM tree accessors</a></li>
+     <li><a href=#loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</a></ol></li>
    <li><a href=#elements><span class=secno>3.2 </span>Elements</a>
     <ol>
      <li><a href=#semantics-0><span class=secno>3.2.1 </span>Semantics</a></li>
@@ -8485,26 +8484,8 @@ <h3 id=documents><span class=secno>3.1 </span>Documents</h3>
 <a href=#document>Document</a> implements <a href=#globaleventhandlers>GlobalEventHandlers</a>;</pre>
 
 
-<!--ADD-TOPIC:Security-->
-  <h4 id=security-document><span class=secno>3.1.2 </span>Security</h4>
-
-<!--CLEANUP-->
-  <p id=security>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
-  properties of a <code><a href=#document>Document</a></code> object are accessed when the <a href=#incumbent-settings-object>incumbent settings object</a>
-  specifies an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a>
-  as the <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>.</p>
-
-<!--CLEANUP-->
-  <p>When the <a href=#incumbent-settings-object>incumbent settings object</a> specifies an <a href=#effective-script-origin>effective script origin</a> that is different than
-  a <code><a href=#document>Document</a></code> object's <a href=#effective-script-origin>effective script origin</a>, the user agent must act as
-  if <!--(redundant since you can't access any anyway) any changes to that <code>Document</code>
-  object's properties, getters, setters, etc, were not present, and as if--> all the properties of
-  that <code><a href=#document>Document</a></code> object had their [[Enumerable]] attribute set to false.</p>
-<!--REMOVE-TOPIC:Security-->
-
-
 
-  <h4 id=resource-metadata-management><span class=secno>3.1.3 </span><dfn>Resource metadata management</dfn></h4>
+  <h4 id=resource-metadata-management><span class=secno>3.1.2 </span><dfn>Resource metadata management</dfn></h4>
 
   <dl class=domintro><dt><var title="">document</var> . <code title=dom-document-referrer><a href=#dom-document-referrer>referrer</a></code></dt>
    <dd>
@@ -8658,7 +8639,7 @@ <h4 id=resource-metadata-management><span class=secno>3.1.3 </span><dfn>Resource
 
 
 
-  <h4 id=dom-tree-accessors><span class=secno>3.1.4 </span><dfn>DOM tree accessors</dfn></h4>
+  <h4 id=dom-tree-accessors><span class=secno>3.1.3 </span><dfn>DOM tree accessors</dfn></h4>
 
   <p><dfn id=the-html-element-0>The <code>html</code> element</dfn> of a document is the
   document's root element, if there is one and it's an
@@ -9064,7 +9045,7 @@ <h4 id=dom-tree-accessors><span class=secno>3.1.4 </span><dfn>DOM tree accessors
 
   <div class=impl> <!-- very deprecated API; use XHR instead -->
 
-  <h4 id=loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</h4>
+  <h4 id=loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</h4>
 
   <pre class=idl>partial interface <dfn id=xmldocument>XMLDocument</dfn> {
 <!--SYNCLOAD           attribute boolean <span title="dom-XMLDocument-async">async</span>;
@@ -91629,9 +91610,9 @@ <h4 id=the-end><span class=secno>12.2.6 </span>The end</h4>
      this also fires an event synchronously during the task -->.</li>
 
      <li><p>If the <code><a href=#document>Document</a></code> is in a <a href=#browsing-context>browsing context</a>, create a <a href=#concept-events-trusted title=concept-events-trusted>trusted</a> event named <code title=event-load>load</code> that does not bubble and is not cancelable and which uses the
-     <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch it at
-     the <code>Document</code>'s <code>Window</code> object, with <i>target override</i> set to the
-     <code>Document</code> object.</a></li>
+     <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch</a> it at
+     the <code><a href=#document>Document</a></code>'s <code><a href=#window>Window</a></code> object, with <i>target override</i> set to the
+     <code><a href=#document>Document</a></code> object.</li>
 
     </ol></li>
 

diff --git a/index b/index
@@ -444,10 +444,9 @@
    <li><a href=#documents><span class=secno>3.1 </span>Documents</a>
     <ol>
      <li><a href=#the-document-object><span class=secno>3.1.1 </span>The <code>Document</code> object</a></li>
-     <li><a href=#security-document><span class=secno>3.1.2 </span>Security</a></li>
-     <li><a href=#resource-metadata-management><span class=secno>3.1.3 </span>Resource metadata management</a></li>
-     <li><a href=#dom-tree-accessors><span class=secno>3.1.4 </span>DOM tree accessors</a></li>
-     <li><a href=#loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</a></ol></li>
+     <li><a href=#resource-metadata-management><span class=secno>3.1.2 </span>Resource metadata management</a></li>
+     <li><a href=#dom-tree-accessors><span class=secno>3.1.3 </span>DOM tree accessors</a></li>
+     <li><a href=#loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</a></ol></li>
    <li><a href=#elements><span class=secno>3.2 </span>Elements</a>
     <ol>
      <li><a href=#semantics-0><span class=secno>3.2.1 </span>Semantics</a></li>
@@ -8485,26 +8484,8 @@ partial /*sealed*/ interface <dfn id=document>Document</dfn> {
 <a href=#document>Document</a> implements <a href=#globaleventhandlers>GlobalEventHandlers</a>;</pre>
 
 
-<!--ADD-TOPIC:Security-->
-  <h4 id=security-document><span class=secno>3.1.2 </span>Security</h4>
-
-<!--CLEANUP-->
-  <p id=security>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
-  properties of a <code><a href=#document>Document</a></code> object are accessed when the <a href=#incumbent-settings-object>incumbent settings object</a>
-  specifies an <a href=#effective-script-origin>effective script origin</a> that is not the <a href=#same-origin title="same origin">same</a>
-  as the <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>.</p>
-
-<!--CLEANUP-->
-  <p>When the <a href=#incumbent-settings-object>incumbent settings object</a> specifies an <a href=#effective-script-origin>effective script origin</a> that is different than
-  a <code><a href=#document>Document</a></code> object's <a href=#effective-script-origin>effective script origin</a>, the user agent must act as
-  if <!--(redundant since you can't access any anyway) any changes to that <code>Document</code>
-  object's properties, getters, setters, etc, were not present, and as if--> all the properties of
-  that <code><a href=#document>Document</a></code> object had their [[Enumerable]] attribute set to false.</p>
-<!--REMOVE-TOPIC:Security-->
-
-
 
-  <h4 id=resource-metadata-management><span class=secno>3.1.3 </span><dfn>Resource metadata management</dfn></h4>
+  <h4 id=resource-metadata-management><span class=secno>3.1.2 </span><dfn>Resource metadata management</dfn></h4>
 
   <dl class=domintro><dt><var title="">document</var> . <code title=dom-document-referrer><a href=#dom-document-referrer>referrer</a></code></dt>
    <dd>
@@ -8658,7 +8639,7 @@ partial /*sealed*/ interface <dfn id=document>Document</dfn> {
 
 
 
-  <h4 id=dom-tree-accessors><span class=secno>3.1.4 </span><dfn>DOM tree accessors</dfn></h4>
+  <h4 id=dom-tree-accessors><span class=secno>3.1.3 </span><dfn>DOM tree accessors</dfn></h4>
 
   <p><dfn id=the-html-element-0>The <code>html</code> element</dfn> of a document is the
   document's root element, if there is one and it's an
@@ -9064,7 +9045,7 @@ partial /*sealed*/ interface <dfn id=document>Document</dfn> {
 
   <div class=impl> <!-- very deprecated API; use XHR instead -->
 
-  <h4 id=loading-xml-documents><span class=secno>3.1.5 </span>Loading XML documents</h4>
+  <h4 id=loading-xml-documents><span class=secno>3.1.4 </span>Loading XML documents</h4>
 
   <pre class=idl>partial interface <dfn id=xmldocument>XMLDocument</dfn> {
 <!--SYNCLOAD           attribute boolean <span title="dom-XMLDocument-async">async</span>;
@@ -91629,9 +91610,9 @@ document.body.appendChild(text);
      this also fires an event synchronously during the task -->.</li>
 
      <li><p>If the <code><a href=#document>Document</a></code> is in a <a href=#browsing-context>browsing context</a>, create a <a href=#concept-events-trusted title=concept-events-trusted>trusted</a> event named <code title=event-load>load</code> that does not bubble and is not cancelable and which uses the
-     <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch it at
-     the <code>Document</code>'s <code>Window</code> object, with <i>target override</i> set to the
-     <code>Document</code> object.</a></li>
+     <code><a href=#event>Event</a></code> interface, and <a href=#concept-event-dispatch title=concept-event-dispatch>dispatch</a> it at
+     the <code><a href=#document>Document</a></code>'s <code><a href=#window>Window</a></code> object, with <i>target override</i> set to the
+     <code><a href=#document>Document</a></code> object.</li>
 
     </ol></li>
 

diff --git a/source b/source
@@ -8124,24 +8124,6 @@ partial /*sealed*/ interface <dfn>Document</dfn> {
 <span>Document</span> implements <span>GlobalEventHandlers</span>;</pre>
 
 
-<!--ADD-TOPIC:Security-->
-  <h4 id="security-document">Security</h4>
-
-<!--CLEANUP-->
-  <p id="security">User agents must throw a <code>SecurityError</code> exception whenever any
-  properties of a <code>Document</code> object are accessed when the <span>incumbent settings object</span>
-  specifies an <span>effective script origin</span> that is not the <span data-x="same origin">same</span>
-  as the <code>Document</code>'s <span>effective script origin</span>.</p>
-
-<!--CLEANUP-->
-  <p>When the <span>incumbent settings object</span> specifies an <span>effective script origin</span> that is different than
-  a <code>Document</code> object's <span>effective script origin</span>, the user agent must act as
-  if <!--(redundant since you can't access any anyway) any changes to that <code>Document</code>
-  object's properties, getters, setters, etc, were not present, and as if--> all the properties of
-  that <code>Document</code> object had their [[Enumerable]] attribute set to false.</p>
-<!--REMOVE-TOPIC:Security-->
-
-
 
   <h4><dfn>Resource metadata management</dfn></h4>
 
@@ -102022,7 +102004,7 @@ document.body.appendChild(text);
      <li><p>If the <code>Document</code> is in a <span>browsing context</span>, create a <span
      data-x="concept-events-trusted">trusted</span> event named <code
      data-x="event-load">load</code> that does not bubble and is not cancelable and which uses the
-     <code>Event</code> interface, and <span data-x="concept-event-dispatch">dispatch</soan> it at
+     <code>Event</code> interface, and <span data-x="concept-event-dispatch">dispatch</span> it at
      the <code>Document</code>'s <code>Window</code> object, with <i>target override</i> set to the
      <code>Document</code> object.</p></li>