[html5] r2824 - [] (0) Clarify that sandbox's origin features only take effect at navigation.

whatwg at whatwg.org whatwg at whatwg.org
Fri Feb 13 15:18:40 PST 2009


Author: ianh
Date: 2009-02-13 15:18:39 -0800 (Fri, 13 Feb 2009)
New Revision: 2824

Modified:
   index
   source
Log:
[] (0) Clarify that sandbox's origin features only take effect at navigation.

Modified: index
===================================================================
--- index	2009-02-13 23:13:23 UTC (rev 2823)
+++ index	2009-02-13 23:18:39 UTC (rev 2824)
@@ -6400,9 +6400,10 @@
   <p id=sandboxCookies>On getting, if the document is not associated
   with a <a href=#browsing-context>browsing context</a> then the user agent must raise
   an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
-  <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> is set on the
-  <a href=#browsing-context>browsing context</a> of the document, the user agent must
-  raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
+  <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
+  <a href=#browsing-context>browsing context</a> of the <code>Document</code> when the
+  <code>Document</code> was created, the user agent must raise a
+  <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
   document's address</a> does not use a server-based naming
   authority, it must return the empty string. Otherwise, it must
   return the same string as the value of the <code title="">Cookie</code> HTTP header it would include if <a href=#fetch title=fetch>fetching</a> the resource indicated by <a href="#the-document's-address">the
@@ -6412,9 +6413,10 @@
   <p>On setting, if the document is not associated with a
   <a href=#browsing-context>browsing context</a> then the user agent must raise an
   <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
-  <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> is set on the
-  <a href=#browsing-context>browsing context</a> of the document, the user agent must
-  raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
+  <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
+  <a href=#browsing-context>browsing context</a> of the <code>Document</code> when the
+  <code>Document</code> was created, the user agent must raise a
+  <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
   document's address</a> does not use a server-based naming
   authority, it must do nothing. Otherwise, the user agent must act as
   it would when processing cookies if it had just attempted to
@@ -16752,6 +16754,10 @@
 
     </div>
 
+    <p class=warning>This flag only takes effect when the
+    <a href=#nested-browsing-context>nested browsing context</a> of the <code><a href=#the-iframe-element>iframe</a></code> is
+    <a href=#navigate title=navigate>navigated</a>.</p>
+
    </dd>
 
 
@@ -35013,7 +35019,8 @@
 
     <dl class=switch><dt id=sandboxOrigin>If a <code>Document</code> is in a
      <a href=#browsing-context>browsing context</a> whose <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin
-     browsing context flag</a> is set</dt>
+     browsing context flag</a> was set when the
+     <code>Document</code> was created</dt>
 
      <dd>The <a href=#origin-0>origin</a> is a globally unique identifier
      assigned when the <code>Document</code> is created.</dd>

Modified: source
===================================================================
--- source	2009-02-13 23:13:23 UTC (rev 2823)
+++ source	2009-02-13 23:18:39 UTC (rev 2824)
@@ -6391,9 +6391,10 @@
   <p id="sandboxCookies">On getting, if the document is not associated
   with a <span>browsing context</span> then the user agent must raise
   an <code>INVALID_STATE_ERR</code> exception. Otherwise, if the
-  <span>sandboxed origin browsing context flag</span> is set on the
-  <span>browsing context</span> of the document, the user agent must
-  raise a <code>SECURITY_ERR</code> exception. Otherwise, if <span>the
+  <span>sandboxed origin browsing context flag</span> was set on the
+  <span>browsing context</span> of the <code>Document</code> when the
+  <code>Document</code> was created, the user agent must raise a
+  <code>SECURITY_ERR</code> exception. Otherwise, if <span>the
   document's address</span> does not use a server-based naming
   authority, it must return the empty string. Otherwise, it must
   return the same string as the value of the <code
@@ -6407,9 +6408,10 @@
   <p>On setting, if the document is not associated with a
   <span>browsing context</span> then the user agent must raise an
   <code>INVALID_STATE_ERR</code> exception. Otherwise, if the
-  <span>sandboxed origin browsing context flag</span> is set on the
-  <span>browsing context</span> of the document, the user agent must
-  raise a <code>SECURITY_ERR</code> exception. Otherwise, if <span>the
+  <span>sandboxed origin browsing context flag</span> was set on the
+  <span>browsing context</span> of the <code>Document</code> when the
+  <code>Document</code> was created, the user agent must raise a
+  <code>SECURITY_ERR</code> exception. Otherwise, if <span>the
   document's address</span> does not use a server-based naming
   authority, it must do nothing. Otherwise, the user agent must act as
   it would when processing cookies if it had just attempted to
@@ -17876,6 +17878,10 @@
 
     </div>
 
+    <p class="warning">This flag only takes effect when the
+    <span>nested browsing context</span> of the <code>iframe</code> is
+    <span title="navigate">navigated</span>.</p>
+
    </dd>
 
 
@@ -39776,7 +39782,8 @@
 
      <dt id="sandboxOrigin">If a <code>Document</code> is in a
      <span>browsing context</span> whose <span>sandboxed origin
-     browsing context flag</span> is set</dt>
+     browsing context flag</span> was set when the
+     <code>Document</code> was created</dt>
 
      <dd>The <span>origin</span> is a globally unique identifier
      assigned when the <code>Document</code> is created.</dd>




More information about the Commit-Watchers mailing list