[html5] r2683 - [giow] (2) Prevent cross-origin javascript: navigation of browsing contexts. Def [...]
whatwg at whatwg.org
whatwg at whatwg.org
Tue Jan 20 16:58:11 PST 2009
Author: ianh
Date: 2009-01-20 16:58:10 -0800 (Tue, 20 Jan 2009)
New Revision: 2683
Modified:
index
source
Log:
[giow] (2) Prevent cross-origin javascript: navigation of browsing contexts. Define the base URL and document's address of pages generated by javascript: URLs. Minor editorial tweaks.
Modified: index
===================================================================
--- index 2009-01-21 00:15:00 UTC (rev 2682)
+++ index 2009-01-21 00:58:10 UTC (rev 2683)
@@ -34937,25 +34937,11 @@
<i><a href=#initial-code-entry-point>initial code entry-point</a></i> of this <a href=#concept-script title=concept-script>script</a>. If an exception was
raised, let <var title="">result</var> be void instead.</p>
- </dd>
+ <p>When it comes time to <a href="#set-the-document's-address">set the document's address</a>
+ in the <a href=#navigate title=navigate>navigation algorithm</a>, use
+ the <a href="#script's-base-url">script's base URL</a> as the <a href=#override-url>override
+ URL</a>.</p>
- <dt>If a <a href=#browsing-context>browsing context</a> is being <a href=#navigate title=navigate>navigated</a> to a <code>javascript:</code>
- URL, and the <a href=#active-document>active document</a> of that browsing
- context has an <a href=#origin-0>origin</a> that is <em>not</em> the <a href=#same-origin title="same origin">same</a> as that of the script given by
- the URL</dt>
-
- <dd>
-
- <p><a href=#create-an-impotent-script>Create an impotent script</a> using the
- aforementioned script source, with the scripting language set to
- JavaScript, and with the <a href=#browsing-context>browsing context</a> being
- <a href=#navigate title=navigate>navigated</a> as the browsing
- context.</p>
-
- <p>Let <var title="">result</var> be the return value of the
- <i><a href=#initial-code-entry-point>initial code entry-point</a></i> of this <a href=#concept-script title=concept-script>script</a>. If an exception was
- raised, let <var title="">result</var> be void instead.</p>
-
</dd>
<dt>If the <code>Document</code> object of the element,
@@ -38499,18 +38485,12 @@
<p>If <var title="">candidate</var> is not marked as <a href=#concept-appcache-foreign title=concept-appcache-foreign>foreign</a>, then the user
agent must discard the failed load and instead continue along
these steps using <var title="">candidate</var> as the
- resource.</p>
+ resource. <a href="#the-document's-address">The document's address</a>, if appropriate,
+ will still be the originally requested URL, not the fallback URL,
+ but the user agent may indicate to the user that the original page
+ load failed, that the page used was a fallback resource, and what
+ the URL of the fallback resource actually is.</p>
- <p>For the purposes of session history (and features that depend
- on session history, e.g. bookmarking) the user agent must use the
- URL of the resource that was requested (the one that matched the
- <a href=#concept-appcache-fallback-ns title=concept-appcache-fallback-ns>fallback
- namespace</a>), not the fallback resource, as the resource's
- <a href="#the-document's-address" title="the document's address">address</a>. However, the
- user agent may indicate to the user that the original page load
- failed, that the page used was a fallback resource, and what the
- URL of the fallback resource actually is.</p>
-
</li>
<li><p>If the document's out-of-band metadata (e.g. HTTP headers),
@@ -38582,16 +38562,24 @@
<dd>Follow the steps given in the <a href=#read-plugin title=navigate-plugin>plugin</a> section, and abort these
steps.</dd>
- </dl><p>Any <code>Document</code> created by these steps must have its
- <a href="#the-document's-address" title="the document's address">address</a> set to the
+ </dl><p><dfn id="set-the-document's-address" title="set the document's address">Setting the document's
+ address</dfn>: If there is no <dfn id=override-url>override URL</dfn>, then any
+ <code>Document</code> created by these steps must have its <a href="#the-document's-address" title="the document's address">address</a> set to the
<a href=#url>URL</a> that was originally to be <a href=#fetch title=fetch>fetched</a>, ignoring any other data that was
used to obtain the resource (e.g. the entity body in the case of a
POST submission is not part of <a href="#the-document's-address">the document's
address</a>, nor is the URL of the fallback resource in the
case of the original load having failed and that URL having been
found to match a <a href=#concept-appcache-fallback-ns title=concept-appcache-fallback-ns>fallback
- namespace</a>).</p>
+ namespace</a>). However, if there <em>is</em> an <a href=#override-url>override
+ URL</a>, then any <code>Document</code> created by these steps
+ must have its <a href="#the-document's-address" title="the document's address">address</a>
+ set to that <a href=#url>URL</a> instead.</p>
+ <p class=note>An <a href=#override-url title="override URL">override URL</a>
+ is set when <a href=#concept-js-deref title=concept-js-deref>dereferencing a
+ <code>javascript:</code> URL</a>.</p>
+
</li>
<li id=navigate-non-Document><p><i>Non-document content</i>: If,
@@ -56204,6 +56192,11 @@
http://code.google.com/p/support/issues/detail?id=1#makechanges
XXX * become more consistent about what markup we use to mark up
productions (nothing? <i>? <code>?)
+ XXX * expose the value of a radio button group
+ - either on the NodeList returned by HTMLFormControlCollection
+ - or on the radio button itself
+ - or both, so it works even when the form controls have names
+ that vary more than HTMLFormControlCollection allows?
-->
Modified: source
===================================================================
--- source 2009-01-21 00:15:00 UTC (rev 2682)
+++ source 2009-01-21 00:58:10 UTC (rev 2683)
@@ -39723,28 +39723,11 @@
title="concept-script">script</span>. If an exception was
raised, let <var title="">result</var> be void instead.</p>
- </dd>
+ <p>When it comes time to <span>set the document's address</span>
+ in the <span title="navigate">navigation algorithm</span>, use
+ the <span>script's base URL</span> as the <span>override
+ URL</span>.</p>
- <dt>If a <span>browsing context</span> is being <span
- title="navigate">navigated</span> to a <code>javascript:</code>
- URL, and the <span>active document</span> of that browsing
- context has an <span>origin</span> that is <em>not</em> the <span
- title="same origin">same</span> as that of the script given by
- the URL</dt>
-
- <dd>
-
- <p><span>Create an impotent script</span> using the
- aforementioned script source, with the scripting language set to
- JavaScript, and with the <span>browsing context</span> being
- <span title="navigate">navigated</span> as the browsing
- context.</p>
-
- <p>Let <var title="">result</var> be the return value of the
- <i>initial code entry-point</i> of this <span
- title="concept-script">script</span>. If an exception was
- raised, let <var title="">result</var> be void instead.</p>
-
</dd>
<dt>If the <code>Document</code> object of the element,
@@ -43838,18 +43821,12 @@
title="concept-appcache-foreign">foreign</span>, then the user
agent must discard the failed load and instead continue along
these steps using <var title="">candidate</var> as the
- resource.</p>
+ resource. <span>The document's address</span>, if appropriate,
+ will still be the originally requested URL, not the fallback URL,
+ but the user agent may indicate to the user that the original page
+ load failed, that the page used was a fallback resource, and what
+ the URL of the fallback resource actually is.</p>
- <p>For the purposes of session history (and features that depend
- on session history, e.g. bookmarking) the user agent must use the
- URL of the resource that was requested (the one that matched the
- <span title="concept-appcache-fallback-ns">fallback
- namespace</span>), not the fallback resource, as the resource's
- <span title="the document's address">address</span>. However, the
- user agent may indicate to the user that the original page load
- failed, that the page used was a fallback resource, and what the
- URL of the fallback resource actually is.</p>
-
</li>
<li><p>If the document's out-of-band metadata (e.g. HTTP headers),
@@ -43931,8 +43908,10 @@
</dl>
- <p>Any <code>Document</code> created by these steps must have its
- <span title="the document's address">address</span> set to the
+ <p><dfn title="set the document's address">Setting the document's
+ address</dfn>: If there is no <dfn>override URL</dfn>, then any
+ <code>Document</code> created by these steps must have its <span
+ title="the document's address">address</span> set to the
<span>URL</span> that was originally to be <span
title="fetch">fetched</span>, ignoring any other data that was
used to obtain the resource (e.g. the entity body in the case of a
@@ -43941,8 +43920,15 @@
case of the original load having failed and that URL having been
found to match a <span
title="concept-appcache-fallback-ns">fallback
- namespace</span>).</p>
+ namespace</span>). However, if there <em>is</em> an <span>override
+ URL</span>, then any <code>Document</code> created by these steps
+ must have its <span title="the document's address">address</span>
+ set to that <span>URL</span> instead.</p>
+ <p class="note">An <span title="override URL">override URL</span>
+ is set when <span title="concept-js-deref">dereferencing a
+ <code>javascript:</code> URL</span>.</p>
+
</li>
<li id="navigate-non-Document"><p><i>Non-document content</i>: If,
@@ -61469,6 +61455,11 @@
http://code.google.com/p/support/issues/detail?id=1#makechanges
XXX * become more consistent about what markup we use to mark up
productions (nothing? <i>? <code>?)
+ XXX * expose the value of a radio button group
+ - either on the NodeList returned by HTMLFormControlCollection
+ - or on the radio button itself
+ - or both, so it works even when the form controls have names
+ that vary more than HTMLFormControlCollection allows?
-->
</body>
More information about the Commit-Watchers
mailing list