Skip to content

Commit

Permalink
[giow] (0) Block pushState() and replaceState() from changing URLs wh…
Browse files Browse the repository at this point in the history
…en used by text/html-sandboxed content, to prevent them from spoofing other pages on the same origin.

git-svn-id: http://svn.whatwg.org/webapps@4630 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Jan 27, 2010
1 parent ea2e594 commit e5ace39
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 3 deletions.
11 changes: 10 additions & 1 deletion complete.html
Original file line number Diff line number Diff line change
Expand Up @@ -56009,7 +56009,16 @@ <h4 id=the-history-interface><span class=secno>6.10.2 </span>The <code><a href=#
raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception and abort these
steps.</li>

</ol><p>For the purposes of the comparison in the above substeps, the
<li>If the <a href=#origin>origin</a> of the resulting <a href=#absolute-url>absolute
URL</a> is not the same as the <a href=#origin>origin</a> of the
<a href=#entry-script>entry script</a>'s <code title="script's browsing
context"><a href="#script's-browsing-context">browsing context, and either the <span title=url-path>&lt;path&gt;</span> or <span title=url-query>&lt;query&gt;</span> components of the two
<span title=URL>URLs</span> comparedi in the previous step
differ, raise a <code>SECURITY_ERR</code> exception and abort
these steps. (This prevents sandboxed content from spoofing other
pages on the same origin.)</a></code></li>

</ol><p>For the purposes of the comparisons in the above substeps, the
<a href=#url-path title=url-path>&lt;path&gt;</a> and <a href=#url-query title=url-query>&lt;query&gt;</a> components can only be the
same if the URLs use a hierarchical <a href=#url-scheme title=url-scheme>&lt;scheme&gt;</a>.</p>

Expand Down
11 changes: 10 additions & 1 deletion index
Original file line number Diff line number Diff line change
Expand Up @@ -55923,7 +55923,16 @@ NETWORK:
raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception and abort these
steps.</li>

</ol><p>For the purposes of the comparison in the above substeps, the
<li>If the <a href=#origin>origin</a> of the resulting <a href=#absolute-url>absolute
URL</a> is not the same as the <a href=#origin>origin</a> of the
<a href=#entry-script>entry script</a>'s <code title="script's browsing
context"><a href="#script's-browsing-context">browsing context, and either the <span title=url-path>&lt;path&gt;</span> or <span title=url-query>&lt;query&gt;</span> components of the two
<span title=URL>URLs</span> comparedi in the previous step
differ, raise a <code>SECURITY_ERR</code> exception and abort
these steps. (This prevents sandboxed content from spoofing other
pages on the same origin.)</a></code></li>

</ol><p>For the purposes of the comparisons in the above substeps, the
<a href=#url-path title=url-path>&lt;path&gt;</a> and <a href=#url-query title=url-query>&lt;query&gt;</a> components can only be the
same if the URLs use a hierarchical <a href=#url-scheme title=url-scheme>&lt;scheme&gt;</a>.</p>

Expand Down
13 changes: 12 additions & 1 deletion source
Original file line number Diff line number Diff line change
Expand Up @@ -63294,9 +63294,20 @@ NETWORK:
raise a <code>SECURITY_ERR</code> exception and abort these
steps.</li>

<li>If the <span>origin</span> of the resulting <span>absolute
URL</span> is not the same as the <span>origin</span> of the
<span>entry script</span>'s <code title="script's browsing
context">browsing context</span>, and either the <span
title="url-path">&lt;path&gt;</span> or <span
title="url-query">&lt;query&gt;</span> components of the two
<span title="URL">URLs</span> comparedi in the previous step
differ, raise a <code>SECURITY_ERR</code> exception and abort
these steps. (This prevents sandboxed content from spoofing other
pages on the same origin.)</li>

</ol>

<p>For the purposes of the comparison in the above substeps, the
<p>For the purposes of the comparisons in the above substeps, the
<span title="url-path">&lt;path&gt;</span> and <span
title="url-query">&lt;query&gt;</span> components can only be the
same if the URLs use a hierarchical <span
Expand Down

0 comments on commit e5ace39

Please sign in to comment.