[html5] r1508 - /
whatwg at whatwg.org
whatwg at whatwg.org
Tue Apr 29 02:10:27 PDT 2008
Author: ianh
Date: 2008-04-29 02:10:26 -0700 (Tue, 29 Apr 2008)
New Revision: 1508
Modified:
index
source
Log:
[] (0) Implement the descendant-navigation frame policy.
Modified: index
===================================================================
--- index 2008-04-29 03:07:35 UTC (rev 1507)
+++ index 2008-04-29 09:10:26 UTC (rev 1508)
@@ -1018,16 +1018,18 @@
<li><a href="#secondary"><span class=secno>4.1.3 </span>Secondary
browsing contexts</a>
- <li><a href="#threads"><span class=secno>4.1.4 </span>Threads</a>
+ <li><a href="#security2"><span class=secno>4.1.4 </span>Security</a>
- <li><a href="#browsing"><span class=secno>4.1.5 </span>Browsing
+ <li><a href="#threads"><span class=secno>4.1.5 </span>Threads</a>
+
+ <li><a href="#browsing"><span class=secno>4.1.6 </span>Browsing
context names</a>
</ul>
<li><a href="#the-default0"><span class=secno>4.2 </span>The default
view</a>
<ul class=toc>
- <li><a href="#security2"><span class=secno>4.2.1 </span>Security</a>
+ <li><a href="#security3"><span class=secno>4.2.1 </span>Security</a>
<li><a href="#constructors"><span class=secno>4.2.2
</span>Constructors</a>
@@ -1053,7 +1055,7 @@
<li><a href="#running"><span class=secno>4.4.1 </span>Running
executable code</a>
- <li><a href="#security3"><span class=secno>4.4.2 </span>Security
+ <li><a href="#security4"><span class=secno>4.4.2 </span>Security
exceptions</a>
<li><a href="#javascript-protocol"><span class=secno>4.4.3 </span>The
@@ -1090,7 +1092,7 @@
<li><a href="#custom-handlers"><span class=secno>4.6.1 </span>Custom
protocol and content handlers</a>
<ul class=toc>
- <li><a href="#security4"><span class=secno>4.6.1.1. </span>Security
+ <li><a href="#security5"><span class=secno>4.6.1.1. </span>Security
and privacy</a>
<li><a href="#sample-handler-impl"><span class=secno>4.6.1.2.
@@ -1149,7 +1151,7 @@
<li><a href="#the-location"><span class=secno>4.8.4 </span>The
<code>Location</code> interface</a>
<ul class=toc>
- <li><a href="#security5"><span class=secno>4.8.4.1.
+ <li><a href="#security6"><span class=secno>4.8.4.1.
</span>Security</a>
</ul>
@@ -1235,7 +1237,7 @@
</span>Threads</a>
</ul>
- <li><a href="#security6"><span class=secno>4.11.7 </span>Security and
+ <li><a href="#security7"><span class=secno>4.11.7 </span>Security and
privacy</a>
<ul class=toc>
<li><a href="#user-tracking"><span class=secno>4.11.7.1. </span>User
@@ -1277,7 +1279,7 @@
<li><a href="#privacy"><span class=secno>4.12.7 </span>Privacy</a>
- <li><a href="#security7"><span class=secno>4.12.8 </span>Security</a>
+ <li><a href="#security8"><span class=secno>4.12.8 </span>Security</a>
<ul class=toc>
<li><a href="#user-agents"><span class=secno>4.12.8.1. </span>User
agents</a>
@@ -1446,7 +1448,7 @@
selection</a>
</ul>
- <li><a href="#security8"><span class=secno>5.3.7 </span>Security risks
+ <li><a href="#security9"><span class=secno>5.3.7 </span>Security risks
in the drag-and-drop model</a>
</ul>
@@ -2676,7 +2678,7 @@
<h4 id=security><span class=secno>2.1.1 </span>Security</h4>
- <p>User agents must raise a <a href="#security9">security exception</a>
+ <p>User agents must raise a <a href="#security10">security exception</a>
whenever any of the members of an <code><a
href="#htmldocument">HTMLDocument</a></code> object are accessed by
scripts whose <a href="#effective3">effective script origin</a> is not the
@@ -26587,6 +26589,15 @@
title="">C</var> is said to be <dfn id=nested1 title="browsing context
nested through">nested through</dfn> <var title="">D</var>.
+ <p>A browsing context <var title="">A</var> is said to be an ancestor of a
+ browsing context <var title="">B</var> if there exists a browsing context
+ <var title="">A'</var> that is a <a href="#child">child browsing
+ context</a> of <var title="">A</var> and that is itself an ancestor of
+ <var title="">B</var>, or if there is a browsing context <var
+ title="">P</var> that is a <a href="#child">child browsing context</a> of
+ <var title="">A</var> and that is the <a href="#parent">parent browsing
+ context</a> of <var title="">B</var>.
+
<p>The browsing context with no <a href="#parent">parent browsing
context</a> is the <dfn id=top-level>top-level browsing context</dfn> of
all the browsing contexts <a href="#nested0" title="nested browsing
@@ -26642,8 +26653,36 @@
title="browsing context">browsing contexts</a> that form part of the user
agent's interface, apart from the main content area.
- <h4 id=threads><span class=secno>4.1.4 </span>Threads</h4>
+ <h4 id=security2><span class=secno>4.1.4 </span>Security</h4>
+ <p>A <a href="#browsing0">browsing context</a> <var title="">A</var> is
+ <dfn id=allowed>allowed to navigate</dfn> a second <a
+ href="#browsing0">browsing context</a> <var title="">B</var> if one of the
+ following conditions is true:
+
+ <ul>
+ <li>Either the <a href="#origin0">origin</a> of the <a
+ href="#active">active document</a> of <var title="">A</var> is the same
+ as the <a href="#origin0">origin</a> of the <a href="#active">active
+ document</a> of <var title="">B</var>, or
+
+ <li>The browsing context <var title="">B</var> an <a
+ href="#auxiliary0">auxiliary browsing context</a> and either its <a
+ href="#opener">opener browsing context</a> is <var title="">A</var> or
+ <var title="">A</var> is <a href="#allowed">allowed to navigate</a> <var
+ title="">B</var>'s <a href="#opener">opener browsing context</a>, or
+
+ <li>The browsing context <var title="">B</var> is not a <a
+ href="#top-level">top-level browsing context</a>, but there exists an
+ <span>ancestor browsing context</span> of <var title="">B</var> whose <a
+ href="#active">active document</a> has the same <a
+ href="#origin0">origin</a> as the <a href="#active">active document</a>
+ of <var title="">A</var> (possibly in fact being <var title="">A</var>
+ itself).
+ </ul>
+
+ <h4 id=threads><span class=secno>4.1.5 </span>Threads</h4>
+
<p>Each <a href="#browsing0">browsing context</a> is defined as having a
list of zero or more <dfn id=directly>directly reachable browsing
contexts</dfn>. These are:
@@ -26680,7 +26719,7 @@
this applies to anything firing events or calling callbacks
asynchronously. -->
- <h4 id=browsing><span class=secno>4.1.5 </span>Browsing context names</h4>
+ <h4 id=browsing><span class=secno>4.1.6 </span>Browsing context names</h4>
<p>Browsing contexts can have a <dfn id=browsing1>browsing context
name</dfn>. By default, a browsing context has no name (its name is not
@@ -26723,35 +26762,15 @@
<p>If the given browsing context name is not <code title="">_blank</code>
and there exists a browsing context whose <a href="#browsing1"
title="browsing context name">name</a> is the same as the given browsing
- context name, and one of the following is true:
+ context name, and the current browsing context is <a
+ href="#allowed">allowed to navigate</a> that browsing context, and the
+ user agent determines that the two browsing contexts are related enough
+ that it is ok if they reach each other, then that browsing context must
+ be the chosen one. If there are multiple matching browsing contexts, the
+ user agent should select one in some arbitrary consistent manner, such
+ as the most recently opened, most recently focused, or more closely
+ related.</p>
- <ul>
- <li>Either the <a href="#origin0">origin</a> of that browsing context's
- <a href="#active">active document</a> is the same as the <a
- href="#origin0">origin</a> of the current browsing context's <a
- href="#active">active document</a>,
-
- <li>Or that browsing context is an <a href="#auxiliary0">auxiliary
- browsing context</a> and its <a href="#opener">opener browsing
- context</a> is either the current browsing context or a browsing
- context that the user agent considers is closely enough related to the
- current browsing context,
-
- <li>Or that browsing context is not a <a href="#top-level">top-level
- browsing context</a>, and the <a href="#origin0">origin</a> of the <a
- href="#active">active document</a> of the <a href="#parent">parent
- browsing context</a> of that browsing context is the same as the <a
- href="#origin0">origin</a> of the current browsing context's <a
- href="#active">active document</a>,
- </ul>
-
- <p>...and the user agent determines that the two browsing contexts are
- related enough that it is ok if they reach each other, then that
- browsing context must be the chosen one. If there are multiple matching
- browsing contexts, the user agent should select one in some arbitrary
- consistent manner, such as the most recently opened, most recently
- focused, or more closely related.</p>
-
<li>
<p>Otherwise, a new browsing context is being requested, and what happens
depends on the user agent's configuration and/or abilities:</p>
@@ -26893,9 +26912,9 @@
title=dom-item>have an implicit [[Get]] method</span> which returns
<span>nested browsing contexts</span>.
- <h4 id=security2><span class=secno>4.2.1 </span>Security</h4>
+ <h4 id=security3><span class=secno>4.2.1 </span>Security</h4>
- <p>User agents must raise a <a href="#security9">security exception</a>
+ <p>User agents must raise a <a href="#security10">security exception</a>
whenever any of the members of a <code><a href="#window">Window</a></code>
object are accessed by scripts whose <a href="#effective3">effective
script origin</a> is not the same as the <code><a
@@ -26910,6 +26929,10 @@
<li>The <code title=dom-window-postMessage><a
href="#postmessage">postMessage()</a></code> method
+
+ <li>The <code title=dom-window-frames>frames</code> attribute
+
+ <li>The <code title=dom-XXX4><a href="#xxx4index">XXX4</a></code> method
</ul>
<p>User agents must not allow scripts to override the <code
@@ -27288,7 +27311,7 @@
<p>If ToASCII fails to convert one of the components of the string, e.g.
because it is too long or because it contains invalid characters, then
- throw a <a href="#security9">security exception</a> and abort these
+ throw a <a href="#security10">security exception</a> and abort these
steps. <a href="#refsRFC3490">[RFC3490]</a></p>
<li>
@@ -27300,12 +27323,12 @@
<ol>
<li>
<p>If the current value is an IP address, throw a <a
- href="#security9">security exception</a> and abort these steps.</p>
+ href="#security10">security exception</a> and abort these steps.</p>
<li>
<p>If <var title="">new value</var>, prefixed by a U+002E FULL STOP
("."), does not exactly match the end of the current value, throw a <a
- href="#security9">security exception</a> and abort these steps.</p>
+ href="#security10">security exception</a> and abort these steps.</p>
</ol>
<li>
@@ -27386,9 +27409,9 @@
title="User agents with no scripting support">user agent with no scripting
support</a> for the purposes of conformance.
- <h4 id=security3><span class=secno>4.4.2 </span>Security exceptions</h4>
+ <h4 id=security4><span class=secno>4.4.2 </span>Security exceptions</h4>
- <p class=big-issue>Define <dfn id=security9>security exception</dfn>.
+ <p class=big-issue>Define <dfn id=security10>security exception</dfn>.
<h4 id=javascript-protocol><span class=secno>4.4.3 </span><dfn
id=the-javascript title="javascript protocol">The <code
@@ -28333,7 +28356,7 @@
the user what the site in question is.</p>
</dl>
- <p>User agents should raise <a href="#security9" title="security
+ <p>User agents should raise <a href="#security10" title="security
exception">security exceptions</a> if the methods are called with <var
title="">protocol</var> or <var title="">mimeType</var> values that the UA
deems to be "privileged". For example, a site attempting to register a
@@ -28361,7 +28384,7 @@
non-idempotent transaction), as the remote site would not be able to fetch
the same data.
- <h5 id=security4><span class=secno>4.6.1.1. </span>Security and privacy</h5>
+ <h5 id=security5><span class=secno>4.6.1.1. </span>Security and privacy</h5>
<p>These mechanisms can introduce a number of concerns, in particular
privacy concerns.
@@ -29722,7 +29745,7 @@
<li>
<p>If <var title="">uri</var> has a different <scheme> component than
- the manifest's URI, then raise a <a href="#security9">security
+ the manifest's URI, then raise a <a href="#security10">security
exception</a>.
<li>
@@ -30078,7 +30101,7 @@
<li>
<p>If there is no longer a <code>Document</code> object for the entry in
question, the user agent must <a href="#navigate">navigate</a> the
- browsing context to the location for that entry to preform an <a
+ browsing context to the location for that entry to perform an <a
href="#entry">entry update</a> of that entry, and abort these steps. The
"<a href="#navigate">navigate</a>" algorithm reinvokes this "traverse"
algorithm to complete the traversal, at which point there <em>is</em> a
@@ -30248,7 +30271,7 @@
hierarchical <scheme>). If the verification fails (either because
the argument is syntactically incorrect, or differs in a way not described
as acceptable in the previous sentence) then the user agent must raise a
- <a href="#security9">security exception</a>. <a
+ <a href="#security10">security exception</a>. <a
href="#refsRFC3986">[RFC3986]</a> <a href="#refsRFC3987">[RFC3987]</a>
<p>If the third argument passes its verification step, or if the third
@@ -30422,8 +30445,9 @@
<p>When the <dfn id=replace title=dom-location-replace><code>replace(<var
title="">url</var>)</code></dfn> method is invoked, the UA must <a
- href="#navigate">navigate</a> to the specified <var title="">url</var>
- with <a href="#replacement">replacement enabled</a>.
+ href="#navigate">navigate</a> the <a href="#browsing0">browsing
+ context</a> to the specified <var title="">url</var> with <a
+ href="#replacement">replacement enabled</a>.
<p>Relative <var title="">url</var> arguments for <code
title=dom-location-assign><a href="#assign">assign()</a></code> and <code
@@ -30463,9 +30487,9 @@
user reload must be equivalent to .reload()
-->
- <h5 id=security5><span class=secno>4.8.4.1. </span>Security</h5>
+ <h5 id=security6><span class=secno>4.8.4.1. </span>Security</h5>
- <p>User agents must raise a <a href="#security9">security exception</a>
+ <p>User agents must raise a <a href="#security10">security exception</a>
whenever any of the members of a <code><a
href="#location2">Location</a></code> object are accessed by scripts whose
<a href="#effective3">effective script origin</a> is not the same as the
@@ -30475,7 +30499,10 @@
<ul>
<li>The <code title=dom-location-href><a href="#href5">href</a></code>
- setter
+ setter, if the script is running in a <a href="#browsing0">browsing
+ context</a> that is <a href="#allowed">allowed to navigate</a> the
+ browsing context with which the <code><a
+ href="#location2">Location</a></code> object is associated
</ul>
<p>User agents must not allow scripts to override the <code
@@ -32324,7 +32351,7 @@
execution. This specification does not require any particular
implementation strategy, so long as the requirement above is met.
- <h4 id=security6><span class=secno>4.11.7 </span>Security and privacy</h4>
+ <h4 id=security7><span class=secno>4.11.7 </span>Security and privacy</h4>
<h5 id=user-tracking><span class=secno>4.11.7.1. </span>User tracking</h5>
@@ -33023,7 +33050,7 @@
way as cookies for the purposes of user interfaces, to reduce the risk of
using this feature for cookie resurrection.
- <h4 id=security7><span class=secno>4.12.8 </span>Security</h4>
+ <h4 id=security8><span class=secno>4.12.8 </span>Security</h4>
<h5 id=user-agents><span class=secno>4.12.8.1. </span>User agents</h5>
@@ -35957,7 +35984,7 @@
element with the keyboard focus, and then ended the drag-and-drop
operation without canceling it.
- <h4 id=security8><span class=secno>5.3.7 </span>Security risks in the
+ <h4 id=security9><span class=secno>5.3.7 </span>Security risks in the
drag-and-drop model</h4>
<p>User agents must not make the data added to the <code><a
@@ -37949,7 +37976,7 @@
<p>First, if the domain part of the script's <a href="#origin0">origin</a>
is not a host name (e.g. it is an IP address) then the UA must raise a <a
- href="#security9">security exception</a>. <span class=issue>We currently
+ href="#security10">security exception</a>. <span class=issue>We currently
don't allow connections to be set up back to an originating IP address,
but we could, if the subdomain is the empty string.</span>
@@ -37969,15 +37996,16 @@
65535,
</ul>
- <p>...then the UA must raise a <a href="#security9">security exception</a>.</p>
+ <p>...then the UA must raise a <a href="#security10">security
+ exception</a>.</p>
<!-- XXX we should have our own port for this too, e.g. 980 -->
<p>Otherwise, the user agent must verify that the <a
href="#the-string0">the string representing the script's domain in IDNA
format</a> can be obtained without errors. If it cannot, then the user
- agent must raise a <a href="#security9">security exception</a>.
+ agent must raise a <a href="#security10">security exception</a>.
- <p>The user agent may also raise a <a href="#security9">security
+ <p>The user agent may also raise a <a href="#security10">security
exception</a> at this time if, for some reason, permission to create a
direct TCP connection to the relevant host is denied. Reasons could
include the UA being instructed by the user to not allow direct
@@ -38039,7 +38067,7 @@
href="#network1">network</a></code> attribute of the object must be set to
<a href="#the-string0">the string representing the script's domain in IDNA
format</a>. If this string cannot be obtained, then the user agent must
- raise a <a href="#security9">security exception</a> exception when the
+ raise a <a href="#security10">security exception</a> exception when the
constructor is called.
<p>The <code title=dom-Connection-peer><a href="#peer">peer</a></code>
@@ -38047,7 +38075,7 @@
<p>The object must then be returned, unless, for some reason, permission to
broadcast on the local network is to be denied. In the latter case, a <a
- href="#security9">security exception</a> must be raised instead. User
+ href="#security10">security exception</a> must be raised instead. User
agents may deny such permission for any reason, for example a user
preference.
@@ -38177,7 +38205,7 @@
href="#network1">network</a></code> attribute of the object must be set to
<a href="#the-string0">the string representing the script's domain in IDNA
format</a>. If this string cannot be obtained, then the user agent must
- raise a <a href="#security9">security exception</a> exception when the
+ raise a <a href="#security10">security exception</a> exception when the
constructor is called.
<p>The <code title=dom-Connection-peer><a href="#peer">peer</a></code>
@@ -38186,7 +38214,7 @@
<p>The object must then be returned, unless, for some reason, permission to
establish peer-to-peer connections is generally disallowed, for example
due to administrator settings. In the latter case, a <a
- href="#security9">security exception</a> must be raised instead.
+ href="#security10">security exception</a> must be raised instead.
<p>The user agent must then, typically while the script resumes execution,
find a remote host to establish a connection to. To do this it must start
@@ -49087,10 +49115,10 @@
<h2 class=no-num id=acknowledgements>Acknowledgements</h2>
<!-- ACKS -->
- <p>Thanks to Aankhen, Aaron Boodman, Aaron Leventhal, Adam Roben, Addison
- Phillips, Adrian Sutton, Agustín Fernández, Alastair
- Campbell, Alexey Feldgendler, Andrew Gove, Andrew Sidwell, Anne van
- Kesteren, Anthony Hickson, Antti Koivisto, Arphen Lin, Asbjørn
+ <p>Thanks to Aankhen, Aaron Boodman, Aaron Leventhal, Adam Barth, Adam
+ Roben, Addison Phillips, Adrian Sutton, Agustín Fernández,
+ Alastair Campbell, Alexey Feldgendler, Andrew Gove, Andrew Sidwell, Anne
+ van Kesteren, Anthony Hickson, Antti Koivisto, Arphen Lin, Asbjørn
Ulsberg, Aurelien Levy, Ben Godfrey, Ben Meadowcroft, Ben Millard,
Benjamin Hawkes-Lewis, Bert Bos, Billy Wong, Bjoern Hoehrmann, Boris
Zbarsky, Brad Fults, Brad Neuberg, Brady Eidson, Brendan Eich, Brett
Modified: source
===================================================================
--- source 2008-04-29 03:07:35 UTC (rev 1507)
+++ source 2008-04-29 09:10:26 UTC (rev 1508)
@@ -24265,6 +24265,15 @@
said to be <dfn title="browsing context nested through">nested
through</dfn> <var title="">D</var>.</p>
+ <p>A browsing context <var title="">A</var> is said to be an
+ ancestor of a browsing context <var title="">B</var> if there exists
+ a browsing context <var title="">A'</var> that is a <span>child
+ browsing context</span> of <var title="">A</var> and that is itself
+ an ancestor of <var title="">B</var>, or if there is a browsing
+ context <var title="">P</var> that is a <span>child browsing
+ context</span> of <var title="">A</var> and that is the <span>parent
+ browsing context</span> of <var title="">B</var>.</p>
+
<p>The browsing context with no <span>parent browsing context</span>
is the <dfn>top-level browsing context</dfn> of all the browsing
contexts <span title="nested browsing context">nested</span> within
@@ -24322,6 +24331,37 @@
the user agent's interface, apart from the main content area.</p>
+ <h4>Security</h4>
+
+ <p>A <span>browsing context</span> <var title="">A</var> is
+ <dfn>allowed to navigate</dfn> a second <span>browsing
+ context</span> <var title="">B</var> if one of the following
+ conditions is true:</p>
+
+ <ul>
+
+ <li>Either the <span>origin</span> of the <span>active
+ document</span> of <var title="">A</var> is the same as the
+ <span>origin</span> of the <span>active document</span> of <var
+ title="">B</var>, or</li>
+
+ <li>The browsing context <var title="">B</var> an <span>auxiliary
+ browsing context</span> and either its <span>opener browsing
+ context</span> is <var title="">A</var> or <var title="">A</var> is
+ <span>allowed to navigate</span> <var title="">B</var>'s
+ <span>opener browsing context</span>, or</li>
+
+ <li>The browsing context <var title="">B</var> is not a
+ <span>top-level browsing context</span>, but there exists an
+ <span>ancestor browsing context</span> of <var title="">B</var>
+ whose <span>active document</span> has the same <span>origin</span>
+ as the <span>active document</span> of <var title="">A</var>
+ (possibly in fact being <var title="">A</var> itself).</li>
+
+ </ul>
+
+
+
<h4>Threads</h4>
<p>Each <span>browsing context</span> is defined as having a list of
@@ -24407,36 +24447,15 @@
<p>If the given browsing context name is not <code
title="">_blank</code> and there exists a browsing context whose
<span title="browsing context name">name</span> is the same as the
- given browsing context name, and one of the following is true:
+ given browsing context name, and the current browsing context is
+ <span>allowed to navigate</span> that browsing context, and the
+ user agent determines that the two browsing contexts are related
+ enough that it is ok if they reach each other, then that browsing
+ context must be the chosen one. If there are multiple matching
+ browsing contexts, the user agent should select one in some
+ arbitrary consistent manner, such as the most recently opened,
+ most recently focused, or more closely related.</p>
- <ul>
-
- <li>Either the <span>origin</span> of that browsing context's
- <span>active document</span> is the same as the
- <span>origin</span> of the current browsing context's
- <span>active document</span>,
-
- <li>Or that browsing context is an <span>auxiliary browsing
- context</span> and its <span>opener browsing context</span> is
- either the current browsing context or a browsing context that
- the user agent considers is closely enough related to the current
- browsing context,
-
- <li>Or that browsing context is not a <span>top-level browsing
- context</span>, and the <span>origin</span> of the <span>active
- document</span> of the <span>parent browsing context</span> of
- that browsing context is the same as the <span>origin</span> of
- the current browsing context's <span>active document</span>,
-
- </ul>
-
- <p>...and the user agent determines that the two browsing contexts
- are related enough that it is ok if they reach each other, then
- that browsing context must be the chosen one. If there are
- multiple matching browsing contexts, the user agent should select
- one in some arbitrary consistent manner, such as the most recently
- opened, most recently focused, or more closely related.</p>
-
</li>
<li>
@@ -24609,6 +24628,10 @@
<li>The <code title="dom-window-postMessage">postMessage()</code>
method
+ <li>The <code title="dom-window-frames">frames</code> attribute
+
+ <li>The <code title="dom-XXX4">XXX4</code> method
+
</ul>
<p>User agents must not allow scripts to override the <code
@@ -27896,7 +27919,7 @@
<li><p>If there is no longer a <code>Document</code> object for the
entry in question, the user agent must <span>navigate</span> the
- browsing context to the location for that entry to preform an
+ browsing context to the location for that entry to perform an
<span>entry update</span> of that entry, and abort these steps. The
"<span>navigate</span>" algorithm reinvokes this "traverse"
algorithm to complete the traversal, at which point there
@@ -28237,8 +28260,9 @@
<p>When the <dfn title="dom-location-replace"><code>replace(<var
title="">url</var>)</code></dfn> method is invoked, the UA must
- <span>navigate</span> to the specified <var title="">url</var> with
- <span>replacement enabled</span>.</p>
+ <span>navigate</span> the <span>browsing context</span> to the
+ specified <var title="">url</var> with <span>replacement
+ enabled</span>.</p>
<p>Relative <var title="">url</var> arguments for <code
title="dom-location-assign">assign()</code> and <code
@@ -28288,7 +28312,12 @@
the following exceptions:</p>
<ul>
- <li>The <code title="dom-location-href">href</code> setter
+
+ <li>The <code title="dom-location-href">href</code> setter, if the
+ script is running in a <span>browsing context</span> that is
+ <span>allowed to navigate</span> the browsing context with which
+ the <code>Location</code> object is associated
+
</ul>
<p>User agents must not allow scripts to override the <code
@@ -44321,20 +44350,20 @@
<h2 class="no-num">Acknowledgements</h2> <!-- ACKS -->
- <p>Thanks to Aankhen, Aaron Boodman, Aaron Leventhal, Adam Roben,
- Addison Phillips, Adrian Sutton, Agustín Fernández,
- Alastair Campbell, Alexey Feldgendler, Andrew Gove, Andrew Sidwell,
- Anne van Kesteren, Anthony Hickson, Antti Koivisto, Arphen Lin,
- Asbjørn Ulsberg, Aurelien Levy, Ben Godfrey, Ben Meadowcroft,
- Ben Millard, Benjamin Hawkes-Lewis, Bert Bos, Billy Wong, Bjoern
- Hoehrmann, Boris Zbarsky, Brad Fults, Brad Neuberg, Brady Eidson,
- Brendan Eich, Brett Wilson, Brian Campbell, Brian Smith, Bruce
- Miller, Cameron McCormack, Carlos Perelló Marín, Chao
- Cai, 윤석찬 (Channy Yun), Charl van Niekerk,
- Charles Iliya Krempeaux, Charles McCathieNevile, Christian
- Biesinger, Christian Johansen, Chriswa, Cole Robison, Collin
- Jackson, Daniel Brumbaugh Keeney, Daniel Glazman, Daniel Peng,
- Daniel Spång, Darin Adler, Darin Fisher, Dave Camp, Dave
+ <p>Thanks to Aankhen, Aaron Boodman, Aaron Leventhal, Adam Barth,
+ Adam Roben, Addison Phillips, Adrian Sutton, Agustín
+ Fernández, Alastair Campbell, Alexey Feldgendler, Andrew
+ Gove, Andrew Sidwell, Anne van Kesteren, Anthony Hickson, Antti
+ Koivisto, Arphen Lin, Asbjørn Ulsberg, Aurelien Levy, Ben
+ Godfrey, Ben Meadowcroft, Ben Millard, Benjamin Hawkes-Lewis, Bert
+ Bos, Billy Wong, Bjoern Hoehrmann, Boris Zbarsky, Brad Fults, Brad
+ Neuberg, Brady Eidson, Brendan Eich, Brett Wilson, Brian Campbell,
+ Brian Smith, Bruce Miller, Cameron McCormack, Carlos Perelló
+ Marín, Chao Cai, 윤석찬 (Channy Yun), Charl
+ van Niekerk, Charles Iliya Krempeaux, Charles McCathieNevile,
+ Christian Biesinger, Christian Johansen, Chriswa, Cole Robison,
+ Collin Jackson, Daniel Brumbaugh Keeney, Daniel Glazman, Daniel
+ Peng, Daniel Spång, Darin Adler, Darin Fisher, Dave Camp, Dave
Singer, Dave Townsend<!-- Mossop on moz irc -->, David Baron, David
Bloom, David Carlisle, David Flanagan, David Håsäther,
David Hyatt, Debi Orton, Derek Featherstone, DeWitt Clinton, Dimitri
More information about the Commit-Watchers
mailing list