8866 2010-02-02 15:52:39 +0000 definition of "same-origin policy" 2010-10-04 13:58:28 +0000 1 1 1 Unclassified HTML WG pre-LC1 HTML5 spec (editor: Ian Hickson) unspecified PC Windows NT RESOLVED FIXED P2 normal --- 1 julian.reschke ian ian mike public-html-admin public-html-wg-issue-tracking wycats public-html-bugzilla oldest_to_newest 31401 0 julian.reschke 2010-02-02 15:52:39 +0000 <http://dev.w3.org/html5/spec/Overview.html#the-iframe-element> has: "This flag forces content into a unique origin for the purposes of the same-origin policy." ...where "same-origin policy" just links to the definition of "origin". It would be helpful if there actually was a paragraph that said what the policy is (the information may be there, it's just not obvious how to find it). 31706 1 wycats 2010-02-10 09:23:22 +0000 I think we should define the same-origin policy (even if we just reference the full spec), specifically to improve the verbiage in other parts of the spec where we reference "effective script origin" in an effort to describe the same origin policy. 32072 2 ian 2010-02-14 11:23:07 +0000 EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document: http://dev.w3.org/html5/decision-policy/decision-policy.html Status: Partially Accepted Change Description: see diff given below Rationale: I removed that mention of the "same-origin policy", since it really wasn't helping anything, and replaced it with a more helpful brief statement explaining the implications of doing this. I haven't defined "same-origin policy" anywhere because I really have no idea how to do so. The whole HTML spec plus other specs like CORS, Web Storage, the Web Sockets protocol, etc, together describe the same-origin policy. It's not something that can be summarised in a few paragraphs. 32073 3 contributor 2010-02-14 11:24:38 +0000 Checked in as WHATWG revision r4736. Check-in comment: Make this sentence more useful. http://html5.org/tools/web-apps-tracker?from=4735&to=4736