changeset
[cssom] Add some cross-origin security considerations. https://www.w3.org/Bugs/Public/show_bug.cgi?id=22453
Tue, 25 Jun 2013 16:39:03 +0200
- author
- Simon Pieters <simonp@opera.com>
- date
- Tue, 25 Jun 2013 16:39:03 +0200
- changeset 8552
- 52694ed72ece
- parent 8551
- 69b6f0e49a6c
- child 8553
- 54e567e9a073
[cssom] Add some cross-origin security considerations. https://www.w3.org/Bugs/Public/show_bug.cgi?id=22453
| cssom/Overview.html | file | annotate | diff | comparison | revisions | |
| cssom/Overview.src.html | file | annotate | diff | comparison | revisions |
1.1 --- a/cssom/Overview.html Tue Jun 25 14:03:43 2013 +0200 1.2 +++ b/cssom/Overview.html Tue Jun 25 16:39:03 2013 +0200 1.3 @@ -1012,8 +1012,11 @@ 1.4 <li><p>Create a new <a href="#css-style-sheet">CSS style sheet</a> object and set its 1.5 properties as specified.</li> 1.6 1.7 - <li><p>Then run the <a href="#add-a-css-style-sheet">add a CSS style sheet</a> steps for the newly 1.8 - created <a href="#css-style-sheet">CSS style sheet</a>.</li> 1.9 + <li> 1.10 + <p>Then run the <a href="#add-a-css-style-sheet">add a CSS style sheet</a> steps for the newly created <a href="#css-style-sheet">CSS style sheet</a>. 1.11 + 1.12 + <p class="warning">If the <a href="#concept-css-style-sheet-origin-clean-flag" title="concept-css-style-sheet-origin-clean-flag">origin-clean flag</a> is unset, this can expose information from the user's 1.13 + intranet. 1.14 </ol> 1.15 1.16 <p>To <dfn id="add-a-css-style-sheet">add a CSS style sheet</dfn>, run these 1.17 @@ -2753,7 +2756,8 @@ 1.18 <p class="note">Because of historical IDL limitations the <code title="dom-Window-getComputedStyle"><a href="#dom-window-getcomputedstyle">getComputedStyle()</a></code> method used to be on 1.19 a separate interface, <code title="">ViewCSS</code>.</p> 1.20 1.21 - 1.22 +<p class="warning">The <code title="dom-Window-getComputedStyle"><a href="#dom-window-getcomputedstyle">getComputedStyle()</a></code> method exposes information from <a href="#css-style-sheet" title="CSS style sheet">CSS style 1.23 +sheets</a> with the <a href="#concept-css-style-sheet-origin-clean-flag" title="concept-css-style-sheet-origin-clean-flag">origin-clean flag</a> unset. 1.24 1.25 <h3 id="the-getstyleutils-interface"><span class="secno">7.3 </span>The <code title="">GetStyleUtils</code> Interface</h3> 1.26 1.27 @@ -2798,6 +2802,9 @@ 1.28 computed for the <a class="external" data-anolis-spec="dom" href="http://dom.spec.whatwg.org/#context-object">context object</a> using the style rules associated 1.29 with the <a class="external" data-anolis-spec="dom" href="http://dom.spec.whatwg.org/#context-object">context object</a>'s <a href="#associated-document">associated document</a>.</p> 1.30 1.31 +<p class="warning">The <code title="dom-GetStyleUtils-specifiedStyle"><a href="#dom-getstyleutils-specifiedstyle">specifiedStyle</a></code>, <code title="dom-GetStyleUtils-computedStyle"><a href="#dom-getstyleutils-computedstyle">computedStyle</a></code> and 1.32 +<code title="dom-GetStyleUtils-usedStyle"><a href="#dom-getstyleutils-usedstyle">usedStyle</a></code> methods expose information from <a href="#css-style-sheet" title="CSS style sheet">CSS style sheets</a> with the 1.33 +<a href="#concept-css-style-sheet-origin-clean-flag" title="concept-css-style-sheet-origin-clean-flag">origin-clean flag</a> unset. 1.34 1.35 1.36 <h3 id="extensions-to-the-element-interface"><span class="secno">7.4 </span>Extensions to the <code title="">Element</code> Interface</h3>
2.1 --- a/cssom/Overview.src.html Tue Jun 25 14:03:43 2013 +0200 2.2 +++ b/cssom/Overview.src.html Tue Jun 25 16:39:03 2013 +0200 2.3 @@ -933,8 +933,11 @@ 2.4 <li><p>Create a new <span>CSS style sheet</span> object and set its 2.5 properties as specified.</p></li> 2.6 2.7 - <li><p>Then run the <span>add a CSS style sheet</span> steps for the newly 2.8 - created <span>CSS style sheet</span>.</p></li> 2.9 + <li> 2.10 + <p>Then run the <span>add a CSS style sheet</span> steps for the newly created <span>CSS style sheet</span>. 2.11 + 2.12 + <p class=warning>If the <span title=concept-css-style-sheet-origin-clean-flag>origin-clean flag</span> is unset, this can expose information from the user's 2.13 + intranet. 2.14 </ol> 2.15 2.16 <p>To <dfn>add a CSS style sheet</dfn>, run these 2.17 @@ -2674,7 +2677,8 @@ 2.18 <p class='note'>Because of historical IDL limitations the <code title=dom-Window-getComputedStyle>getComputedStyle()</code> method used to be on 2.19 a separate interface, <code title>ViewCSS</code>.</p> 2.20 2.21 - 2.22 +<p class=warning>The <code title=dom-Window-getComputedStyle>getComputedStyle()</code> method exposes information from <span title="CSS style sheet">CSS style 2.23 +sheets</span> with the <span title=concept-css-style-sheet-origin-clean-flag>origin-clean flag</span> unset. 2.24 2.25 <h3>The <code title>GetStyleUtils</code> Interface</h3> 2.26 2.27 @@ -2719,6 +2723,9 @@ 2.28 computed for the <span data-anolis-spec=dom>context object</span> using the style rules associated 2.29 with the <span data-anolis-spec=dom>context object</span>'s <span>associated document</span>.</p> 2.30 2.31 +<p class=warning>The <code title=dom-GetStyleUtils-specifiedStyle>specifiedStyle</code>, <code title=dom-GetStyleUtils-computedStyle>computedStyle</code> and 2.32 +<code title=dom-GetStyleUtils-usedStyle>usedStyle</code> methods expose information from <span title="CSS style sheet">CSS style sheets</span> with the 2.33 +<span title=concept-css-style-sheet-origin-clean-flag>origin-clean flag</span> unset. 2.34 2.35 2.36 <h3>Extensions to the <code title>Element</code> Interface</h3>
