[html5] r8370 - [giow] (2) Make the case of an API call trying to navigate a browsing context th [...]

whatwg at whatwg.org whatwg at whatwg.org
Fri Jan 3 13:33:46 PST 2014


Author: ianh
Date: 2014-01-03 13:33:45 -0800 (Fri, 03 Jan 2014)
New Revision: 8370

Modified:
   complete.html
   index
   source
Log:
[giow] (2) Make the case of an API call trying to navigate a browsing context that it can't navigate due to sandboxing throw a security exception rather than silently fail.
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=24110
Affected topics: DOM APIs, HTML

Modified: complete.html
===================================================================
--- complete.html	2014-01-03 20:03:15 UTC (rev 8369)
+++ complete.html	2014-01-03 21:33:45 UTC (rev 8370)
@@ -8424,7 +8424,8 @@
 
 <!--CLEANUP-->
    <li><p><a href=#navigate>Navigate</a><!--DONAV reload after d.open()--> the <a href=#browsing-context>browsing context</a>
-   to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>.
+   to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>
+   and <a href=#exceptions-enabled>exceptions enabled</a>.
    The <a href=#source-browsing-context>source browsing context</a> is that given to the <a href=#an-overridden-reload title="an overridden
    reload">overridden reload</a> algorithm.
    When the <a href=#navigate>navigate</a> algorithm creates a <code><a href=#document>Document</a></code> object for this purpose,
@@ -64863,13 +64864,13 @@
 <!--CLEANUP-->
   <p>Otherwise, if <var title="">url</var> is not "<code><a href=#about:blank>about:blank</a></code>", the user agent must
   <a href=#navigate>navigate</a><!--DONAV window.open()--> the selected <a href=#browsing-context>browsing context</a> to the
-  <a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
+  <a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
   context</a> was just created as part of <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a browsing context given a
   browsing context name</a>, then <a href=#replacement-enabled title="replacement enabled">replacement must be
-  enabled</a>. The navigation must be done with the <a href=#responsible-browsing-context>responsible
+  enabled</a> also. The navigation must be done with the <a href=#responsible-browsing-context>responsible
   browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a> as the <a href=#source-browsing-context>source browsing
   context</a>. If the <a href=#resolve-a-url>resolve a URL</a> algorithm failed, then the user agent may either
-  instead <a href=#navigate>navigate</a> to an inline error page, using the same replacement behavior and
+  instead <a href=#navigate>navigate</a> to an inline error page, with <a href=#exceptions-enabled>exceptions enabled</a> and using the same replacement behavior and
   source browsing context behavior as described earlier in this paragraph; or treat the <var title="">url</var> as "<code><a href=#about:blank>about:blank</a></code>", acting as described in the next paragraph.</p>
 
   <p>If <var title="">url</var> <em>is</em> "<code><a href=#about:blank>about:blank</a></code>", and the <a href=#browsing-context>browsing
@@ -66635,7 +66636,7 @@
   method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
   to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
   successful, must <a href=#navigate>navigate</a><!--DONAV location.href/assign--> the <a href=#browsing-context>browsing
-  context</a> to the specified <var title="">url</var>. If the <a href=#browsing-context>browsing context</a>'s
+  context</a> to the specified <var title="">url</var>, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <a href=#browsing-context>browsing context</a>'s
   <a href=#session-history>session history</a> contains only one <code><a href=#document>Document</a></code>, and that was the
   <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> created when the <a href=#browsing-context>browsing context</a> was
   created, then the navigation must be done with <a href=#replacement-enabled>replacement enabled</a>.</p> <!-- READ ME
@@ -66648,7 +66649,7 @@
   method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
   to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
   successful, <a href=#navigate>navigate</a><!--DONAV location.href/replace--> the <a href=#browsing-context>browsing
-  context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a>.</p>
+  context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>.</p>
 
 <!--CLEANUP-->
   <p>Navigation for the <code title=dom-location-assign><a href=#dom-location-assign>assign()</a></code> and <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> methods must be done with the <a href=#responsible-browsing-context>responsible browsing context</a> specified by
@@ -66687,7 +66688,7 @@
 <!--CLEANUP-->
    <dd><p><a href=#navigate>Navigate</a><!--DONAV location.reload()--> the
    <a href=#browsing-context>browsing context</a> to <a href="#the-document's-address">the document's
-   address</a> with <a href=#replacement-enabled>replacement enabled</a>. The
+   address</a> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>. The
    <a href=#source-browsing-context>source browsing context</a> must be the <a href=#browsing-context>browsing
    context</a> being navigated.</dd> <!-- it appears that
    document.reload() always uses GET and does not, e.g., re-POST. -->
@@ -66892,6 +66893,10 @@
     <p class=note>Doing so, however, can be dangerous, as it means that the user is overriding the
     author's explicit request to sandbox the content.</p>
 
+    <p>If the <a href=#navigate>navigate</a> algorithm was invoked with <dfn id=exceptions-enabled>exceptions enabled</dfn>, and it
+    is aborted on this step, then in addition to aborting this algorithm, the user agent must also
+    throw a <code><a href=#securityerror>SecurityError</a></code> exception.</p>
+
    </li>
 
    <li id=seamlessLinks><p>If the <a href=#source-browsing-context>source browsing context</a> is the same as the
@@ -73302,6 +73307,10 @@
     browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a>
     as the <a href=#source-browsing-context>source browsing context</a>.</p>
 
+    <!-- we don't call this with <span>exceptions enabled</span>, since that would risk leaving the
+    browser in an unusuable state (or would require that we catch and rethrow the exception, and
+    this API is deprecated so we're not worried about keeping it sane) -->
+
    </li>
 
    <li>

Modified: index
===================================================================
--- index	2014-01-03 20:03:15 UTC (rev 8369)
+++ index	2014-01-03 21:33:45 UTC (rev 8370)
@@ -8424,7 +8424,8 @@
 
 <!--CLEANUP-->
    <li><p><a href=#navigate>Navigate</a><!--DONAV reload after d.open()--> the <a href=#browsing-context>browsing context</a>
-   to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>.
+   to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>
+   and <a href=#exceptions-enabled>exceptions enabled</a>.
    The <a href=#source-browsing-context>source browsing context</a> is that given to the <a href=#an-overridden-reload title="an overridden
    reload">overridden reload</a> algorithm.
    When the <a href=#navigate>navigate</a> algorithm creates a <code><a href=#document>Document</a></code> object for this purpose,
@@ -64863,13 +64864,13 @@
 <!--CLEANUP-->
   <p>Otherwise, if <var title="">url</var> is not "<code><a href=#about:blank>about:blank</a></code>", the user agent must
   <a href=#navigate>navigate</a><!--DONAV window.open()--> the selected <a href=#browsing-context>browsing context</a> to the
-  <a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
+  <a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
   context</a> was just created as part of <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a browsing context given a
   browsing context name</a>, then <a href=#replacement-enabled title="replacement enabled">replacement must be
-  enabled</a>. The navigation must be done with the <a href=#responsible-browsing-context>responsible
+  enabled</a> also. The navigation must be done with the <a href=#responsible-browsing-context>responsible
   browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a> as the <a href=#source-browsing-context>source browsing
   context</a>. If the <a href=#resolve-a-url>resolve a URL</a> algorithm failed, then the user agent may either
-  instead <a href=#navigate>navigate</a> to an inline error page, using the same replacement behavior and
+  instead <a href=#navigate>navigate</a> to an inline error page, with <a href=#exceptions-enabled>exceptions enabled</a> and using the same replacement behavior and
   source browsing context behavior as described earlier in this paragraph; or treat the <var title="">url</var> as "<code><a href=#about:blank>about:blank</a></code>", acting as described in the next paragraph.</p>
 
   <p>If <var title="">url</var> <em>is</em> "<code><a href=#about:blank>about:blank</a></code>", and the <a href=#browsing-context>browsing
@@ -66635,7 +66636,7 @@
   method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
   to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
   successful, must <a href=#navigate>navigate</a><!--DONAV location.href/assign--> the <a href=#browsing-context>browsing
-  context</a> to the specified <var title="">url</var>. If the <a href=#browsing-context>browsing context</a>'s
+  context</a> to the specified <var title="">url</var>, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <a href=#browsing-context>browsing context</a>'s
   <a href=#session-history>session history</a> contains only one <code><a href=#document>Document</a></code>, and that was the
   <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> created when the <a href=#browsing-context>browsing context</a> was
   created, then the navigation must be done with <a href=#replacement-enabled>replacement enabled</a>.</p> <!-- READ ME
@@ -66648,7 +66649,7 @@
   method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
   to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
   successful, <a href=#navigate>navigate</a><!--DONAV location.href/replace--> the <a href=#browsing-context>browsing
-  context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a>.</p>
+  context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>.</p>
 
 <!--CLEANUP-->
   <p>Navigation for the <code title=dom-location-assign><a href=#dom-location-assign>assign()</a></code> and <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> methods must be done with the <a href=#responsible-browsing-context>responsible browsing context</a> specified by
@@ -66687,7 +66688,7 @@
 <!--CLEANUP-->
    <dd><p><a href=#navigate>Navigate</a><!--DONAV location.reload()--> the
    <a href=#browsing-context>browsing context</a> to <a href="#the-document's-address">the document's
-   address</a> with <a href=#replacement-enabled>replacement enabled</a>. The
+   address</a> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>. The
    <a href=#source-browsing-context>source browsing context</a> must be the <a href=#browsing-context>browsing
    context</a> being navigated.</dd> <!-- it appears that
    document.reload() always uses GET and does not, e.g., re-POST. -->
@@ -66892,6 +66893,10 @@
     <p class=note>Doing so, however, can be dangerous, as it means that the user is overriding the
     author's explicit request to sandbox the content.</p>
 
+    <p>If the <a href=#navigate>navigate</a> algorithm was invoked with <dfn id=exceptions-enabled>exceptions enabled</dfn>, and it
+    is aborted on this step, then in addition to aborting this algorithm, the user agent must also
+    throw a <code><a href=#securityerror>SecurityError</a></code> exception.</p>
+
    </li>
 
    <li id=seamlessLinks><p>If the <a href=#source-browsing-context>source browsing context</a> is the same as the
@@ -73302,6 +73307,10 @@
     browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a>
     as the <a href=#source-browsing-context>source browsing context</a>.</p>
 
+    <!-- we don't call this with <span>exceptions enabled</span>, since that would risk leaving the
+    browser in an unusuable state (or would require that we catch and rethrow the exception, and
+    this API is deprecated so we're not worried about keeping it sane) -->
+
    </li>
 
    <li>

Modified: source
===================================================================
--- source	2014-01-03 20:03:15 UTC (rev 8369)
+++ source	2014-01-03 21:33:45 UTC (rev 8370)
@@ -8061,7 +8061,8 @@
 
 <!--CLEANUP-->
    <li><p><span>Navigate</span><!--DONAV reload after d.open()--> the <span>browsing context</span>
-   to a resource whose source is <var data-x="">source</var>, with <span>replacement enabled</span>.
+   to a resource whose source is <var data-x="">source</var>, with <span>replacement enabled</span>
+   and <span>exceptions enabled</span>.
    The <span>source browsing context</span> is that given to the <span data-x="an overridden
    reload">overridden reload</span> algorithm.
    When the <span>navigate</span> algorithm creates a <code>Document</code> object for this purpose,
@@ -72191,13 +72192,13 @@
   <p>Otherwise, if <var data-x="">url</var> is not "<code>about:blank</code>", the user agent must
   <span>navigate</span><!--DONAV window.open()--> the selected <span>browsing context</span> to the
   <span>absolute URL</span> obtained from <span data-x="resolve a url">resolving</span> <var
-  data-x="">url</var> earlier. If the <var data-x="">replace</var> is true or if the <span>browsing
+  data-x="">url</var> earlier, with <span>exceptions enabled</span>. If the <var data-x="">replace</var> is true or if the <span>browsing
   context</span> was just created as part of <span>the rules for choosing a browsing context given a
   browsing context name</span>, then <span data-x="replacement enabled">replacement must be
-  enabled</span>. The navigation must be done with the <span>responsible
+  enabled</span> also. The navigation must be done with the <span>responsible
   browsing context</span> specified by the <span>incumbent settings object</span> as the <span>source browsing
   context</span>. If the <span>resolve a URL</span> algorithm failed, then the user agent may either
-  instead <span>navigate</span> to an inline error page, using the same replacement behavior and
+  instead <span>navigate</span> to an inline error page, with <span>exceptions enabled</span> and using the same replacement behavior and
   source browsing context behavior as described earlier in this paragraph; or treat the <var
   data-x="">url</var> as "<code>about:blank</code>", acting as described in the next paragraph.</p>
 
@@ -74240,7 +74241,7 @@
   method is invoked, the UA must <span data-x="resolve a url">resolve</span> the argument, relative
   to the <span>API base URL</span> specified by the <span>entry settings object</span>, and if that is
   successful, must <span>navigate</span><!--DONAV location.href/assign--> the <span>browsing
-  context</span> to the specified <var data-x="">url</var>. If the <span>browsing context</span>'s
+  context</span> to the specified <var data-x="">url</var>, with <span>exceptions enabled</span>. If the <span>browsing context</span>'s
   <span>session history</span> contains only one <code>Document</code>, and that was the
   <code>about:blank</code> <code>Document</code> created when the <span>browsing context</span> was
   created, then the navigation must be done with <span>replacement enabled</span>.</p> <!-- READ ME
@@ -74253,7 +74254,7 @@
   method is invoked, the UA must <span data-x="resolve a url">resolve</span> the argument, relative
   to the <span>API base URL</span> specified by the <span>entry settings object</span>, and if that is
   successful, <span>navigate</span><!--DONAV location.href/replace--> the <span>browsing
-  context</span> to the specified <var data-x="">url</var> with <span>replacement enabled</span>.</p>
+  context</span> to the specified <var data-x="">url</var> with <span>replacement enabled</span> and <span>exceptions enabled</span>.</p>
 
 <!--CLEANUP-->
   <p>Navigation for the <code data-x="dom-location-assign">assign()</code> and <code
@@ -74298,7 +74299,7 @@
 <!--CLEANUP-->
    <dd><p><span>Navigate</span><!--DONAV location.reload()--> the
    <span>browsing context</span> to <span>the document's
-   address</span> with <span>replacement enabled</span>. The
+   address</span> with <span>replacement enabled</span> and <span>exceptions enabled</span>. The
    <span>source browsing context</span> must be the <span>browsing
    context</span> being navigated.</p></dd> <!-- it appears that
    document.reload() always uses GET and does not, e.g., re-POST. -->
@@ -74534,6 +74535,10 @@
     <p class="note">Doing so, however, can be dangerous, as it means that the user is overriding the
     author's explicit request to sandbox the content.</p>
 
+    <p>If the <span>navigate</span> algorithm was invoked with <dfn>exceptions enabled</dfn>, and it
+    is aborted on this step, then in addition to aborting this algorithm, the user agent must also
+    throw a <code>SecurityError</code> exception.</p>
+
    </li>
 
    <li id="seamlessLinks"><p>If the <span>source browsing context</span> is the same as the
@@ -81924,6 +81929,10 @@
     browsing context</span> specified by the <span>incumbent settings object</span>
     as the <span>source browsing context</span>.</p>
 
+    <!-- we don't call this with <span>exceptions enabled</span>, since that would risk leaving the
+    browser in an unusuable state (or would require that we catch and rethrow the exception, and
+    this API is deprecated so we're not worried about keeping it sane) -->
+
    </li>
 
    <li>




More information about the Commit-Watchers mailing list