[html5] r4778 - [agow] (2) Redefine how .cookie is handled. Fixing http://www.w3.org/Bugs/Public [...]

whatwg at whatwg.org whatwg at whatwg.org
Wed Feb 17 21:49:06 PST 2010 

Author: ianh
Date: 2010-02-17 21:49:04 -0800 (Wed, 17 Feb 2010)
New Revision: 4778

Modified:
   complete.html
   index
   source
Log:
[agow] (2) Redefine how .cookie is handled.
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=8822

Modified: complete.html
===================================================================
--- complete.html	2010-02-18 05:02:04 UTC (rev 4777)
+++ complete.html	2010-02-18 05:49:04 UTC (rev 4778)
@@ -7021,34 +7021,43 @@
   </dl><div class=impl>
 
   <p>The <dfn id=dom-document-cookie title=dom-document-cookie><code>cookie</code></dfn>
-  attribute represents the cookies of the resource.</p>
+  attribute represents the cookies of the resource from which the
+  <code><a href=#document>Document</a></code> was created.</p>
 
-  <p id=sandboxCookies>On getting, if the document is not associated
-  with a <a href=#browsing-context>browsing context</a> then the user agent must raise
-  an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
+  <p>Some <code><a href=#document>Document</a></code> objects are <dfn id=cookie-free-document-object title="cookie-free
+  Document object">cookie-free <code>Document</code>
+  objects</dfn>. Any <code><a href=#document>Document</a></code> object created by the <code title="">createDocument()</code> or <code title=dom-DOMHTMLImplementation-createHTMLDocument><a href=#dom-domhtmlimplementation-createhtmldocument>createHTMLDocument()</a></code>
+  factory methods is a <a href=#cookie-free-document-object>cookie-free <code>Document</code>
+  object</a>. Any <code><a href=#document>Document</a></code> whose <a href="#the-document's-address" title="the
+  document's address">address</a> does not use a server-based
+  naming authority is a <a href=#cookie-free-document-object>cookie-free <code>Document</code>
+  object</a>. Other specifications can also define
+  <code><a href=#document>Document</a></code> objects as being <a href=#cookie-free-document-object title="cookie-free
+  Document object">cookie-free <code>Document</code>
+  objects</a>.</p>
+
+  <p id=sandboxCookies>On getting, if the document is a
+  <a href=#cookie-free-document-object>cookie-free <code>Document</code> object</a>, then the user
+  agent must return the empty string. Otherwise, if the
   <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
   <a href=#browsing-context>browsing context</a> of the <code><a href=#document>Document</a></code> when the
   <code><a href=#document>Document</a></code> was created, the user agent must raise a
-  <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
-  document's address</a> does not use a server-based naming
-  authority, it must return the empty string. Otherwise, it must first
-  <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then return the
+  <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, the user agent must
+  first <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then return the
   cookie-string for <a href="#the-document's-address">the document's address</a> for a
   "non-HTTP" API. <a href=#refsCOOKIES>[COOKIES]</a></p>
 
-  <p>On setting, if the document is not associated with a
-  <a href=#browsing-context>browsing context</a> then the user agent must raise an
-  <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
-  <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
-  <a href=#browsing-context>browsing context</a> of the <code><a href=#document>Document</a></code> when the
-  <code><a href=#document>Document</a></code> was created, the user agent must raise a
-  <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
-  document's address</a> does not use a server-based naming
-  authority, it must do nothing. Otherwise, the user agent must
-  <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then act as it would when
-  <span title="receives a set-cookie-string">receiving a
-  set-cookie-string</span> for <a href="#the-document's-address">the document's address</a> via
-  a "non-HTTP" API, consisting of the new value. <a href=#refsCOOKIES>[COOKIES]</a></p>
+  <p>On setting, if the document is a <a href=#cookie-free-document-object>cookie-free
+  <code>Document</code> object</a>, then the user agent must do
+  nothing. Otherwise, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context
+  flag</a> was set on the <a href=#browsing-context>browsing context</a> of the
+  <code><a href=#document>Document</a></code> when the <code><a href=#document>Document</a></code> was created,
+  the user agent must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
+  exception. Otherwise, the user agent must <a href=#obtain-the-storage-mutex>obtain the storage
+  mutex</a> and then act as it would when <span title="receives a
+  set-cookie-string">receiving a set-cookie-string</span> for
+  <a href="#the-document's-address">the document's address</a> via a "non-HTTP" API, consisting
+  of the new value. <a href=#refsCOOKIES>[COOKIES]</a></p>
 
   <p class=note>Since the <code title=dom-document-cookie><a href=#dom-document-cookie>cookie</a></code> attribute is accessible
   across frames, the path restrictions on cookies are only a tool to

Modified: index
===================================================================
--- index	2010-02-18 05:02:04 UTC (rev 4777)
+++ index	2010-02-18 05:49:04 UTC (rev 4778)
@@ -6920,34 +6920,43 @@
   </dl><div class=impl>
 
   <p>The <dfn id=dom-document-cookie title=dom-document-cookie><code>cookie</code></dfn>
-  attribute represents the cookies of the resource.</p>
+  attribute represents the cookies of the resource from which the
+  <code><a href=#document>Document</a></code> was created.</p>
 
-  <p id=sandboxCookies>On getting, if the document is not associated
-  with a <a href=#browsing-context>browsing context</a> then the user agent must raise
-  an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
+  <p>Some <code><a href=#document>Document</a></code> objects are <dfn id=cookie-free-document-object title="cookie-free
+  Document object">cookie-free <code>Document</code>
+  objects</dfn>. Any <code><a href=#document>Document</a></code> object created by the <code title="">createDocument()</code> or <code title=dom-DOMHTMLImplementation-createHTMLDocument><a href=#dom-domhtmlimplementation-createhtmldocument>createHTMLDocument()</a></code>
+  factory methods is a <a href=#cookie-free-document-object>cookie-free <code>Document</code>
+  object</a>. Any <code><a href=#document>Document</a></code> whose <a href="#the-document's-address" title="the
+  document's address">address</a> does not use a server-based
+  naming authority is a <a href=#cookie-free-document-object>cookie-free <code>Document</code>
+  object</a>. Other specifications can also define
+  <code><a href=#document>Document</a></code> objects as being <a href=#cookie-free-document-object title="cookie-free
+  Document object">cookie-free <code>Document</code>
+  objects</a>.</p>
+
+  <p id=sandboxCookies>On getting, if the document is a
+  <a href=#cookie-free-document-object>cookie-free <code>Document</code> object</a>, then the user
+  agent must return the empty string. Otherwise, if the
   <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
   <a href=#browsing-context>browsing context</a> of the <code><a href=#document>Document</a></code> when the
   <code><a href=#document>Document</a></code> was created, the user agent must raise a
-  <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
-  document's address</a> does not use a server-based naming
-  authority, it must return the empty string. Otherwise, it must first
-  <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then return the
+  <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, the user agent must
+  first <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then return the
   cookie-string for <a href="#the-document's-address">the document's address</a> for a
   "non-HTTP" API. <a href=#refsCOOKIES>[COOKIES]</a></p>
 
-  <p>On setting, if the document is not associated with a
-  <a href=#browsing-context>browsing context</a> then the user agent must raise an
-  <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
-  <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
-  <a href=#browsing-context>browsing context</a> of the <code><a href=#document>Document</a></code> when the
-  <code><a href=#document>Document</a></code> was created, the user agent must raise a
-  <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
-  document's address</a> does not use a server-based naming
-  authority, it must do nothing. Otherwise, the user agent must
-  <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then act as it would when
-  <span title="receives a set-cookie-string">receiving a
-  set-cookie-string</span> for <a href="#the-document's-address">the document's address</a> via
-  a "non-HTTP" API, consisting of the new value. <a href=#refsCOOKIES>[COOKIES]</a></p>
+  <p>On setting, if the document is a <a href=#cookie-free-document-object>cookie-free
+  <code>Document</code> object</a>, then the user agent must do
+  nothing. Otherwise, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context
+  flag</a> was set on the <a href=#browsing-context>browsing context</a> of the
+  <code><a href=#document>Document</a></code> when the <code><a href=#document>Document</a></code> was created,
+  the user agent must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
+  exception. Otherwise, the user agent must <a href=#obtain-the-storage-mutex>obtain the storage
+  mutex</a> and then act as it would when <span title="receives a
+  set-cookie-string">receiving a set-cookie-string</span> for
+  <a href="#the-document's-address">the document's address</a> via a "non-HTTP" API, consisting
+  of the new value. <a href=#refsCOOKIES>[COOKIES]</a></p>
 
   <p class=note>Since the <code title=dom-document-cookie><a href=#dom-document-cookie>cookie</a></code> attribute is accessible
   across frames, the path restrictions on cookies are only a tool to

Modified: source
===================================================================
--- source	2010-02-18 05:02:04 UTC (rev 4777)
+++ source	2010-02-18 05:49:04 UTC (rev 4778)
@@ -6808,35 +6808,45 @@
   <div class="impl">
 
   <p>The <dfn title="dom-document-cookie"><code>cookie</code></dfn>
-  attribute represents the cookies of the resource.</p>
+  attribute represents the cookies of the resource from which the
+  <code>Document</code> was created.</p>
 
-  <p id="sandboxCookies">On getting, if the document is not associated
-  with a <span>browsing context</span> then the user agent must raise
-  an <code>INVALID_STATE_ERR</code> exception. Otherwise, if the
+  <p>Some <code>Document</code> objects are <dfn title="cookie-free
+  Document object">cookie-free <code>Document</code>
+  objects</dfn>. Any <code>Document</code> object created by the <code
+  title="">createDocument()</code> or <code
+  title="dom-DOMHTMLImplementation-createHTMLDocument">createHTMLDocument()</code>
+  factory methods is a <span>cookie-free <code>Document</code>
+  object</span>. Any <code>Document</code> whose <span title="the
+  document's address">address</span> does not use a server-based
+  naming authority is a <span>cookie-free <code>Document</code>
+  object</span>. Other specifications can also define
+  <code>Document</code> objects as being <span title="cookie-free
+  Document object">cookie-free <code>Document</code>
+  objects</span>.</p>
+
+  <p id="sandboxCookies">On getting, if the document is a
+  <span>cookie-free <code>Document</code> object</span>, then the user
+  agent must return the empty string. Otherwise, if the
   <span>sandboxed origin browsing context flag</span> was set on the
   <span>browsing context</span> of the <code>Document</code> when the
   <code>Document</code> was created, the user agent must raise a
-  <code>SECURITY_ERR</code> exception. Otherwise, if <span>the
-  document's address</span> does not use a server-based naming
-  authority, it must return the empty string. Otherwise, it must first
-  <span>obtain the storage mutex</span> and then return the
+  <code>SECURITY_ERR</code> exception. Otherwise, the user agent must
+  first <span>obtain the storage mutex</span> and then return the
   cookie-string for <span>the document's address</span> for a
   "non-HTTP" API. <a href="#refsCOOKIES">[COOKIES]</a></p>
 
-  <p>On setting, if the document is not associated with a
-  <span>browsing context</span> then the user agent must raise an
-  <code>INVALID_STATE_ERR</code> exception. Otherwise, if the
-  <span>sandboxed origin browsing context flag</span> was set on the
-  <span>browsing context</span> of the <code>Document</code> when the
-  <code>Document</code> was created, the user agent must raise a
-  <code>SECURITY_ERR</code> exception. Otherwise, if <span>the
-  document's address</span> does not use a server-based naming
-  authority, it must do nothing. Otherwise, the user agent must
-  <span>obtain the storage mutex</span> and then act as it would when
-  <span title="receives a set-cookie-string">receiving a
-  set-cookie-string</span> for <span>the document's address</span> via
-  a "non-HTTP" API, consisting of the new value. <a
-  href="#refsCOOKIES">[COOKIES]</a></p>
+  <p>On setting, if the document is a <span>cookie-free
+  <code>Document</code> object</span>, then the user agent must do
+  nothing. Otherwise, if the <span>sandboxed origin browsing context
+  flag</span> was set on the <span>browsing context</span> of the
+  <code>Document</code> when the <code>Document</code> was created,
+  the user agent must raise a <code>SECURITY_ERR</code>
+  exception. Otherwise, the user agent must <span>obtain the storage
+  mutex</span> and then act as it would when <span title="receives a
+  set-cookie-string">receiving a set-cookie-string</span> for
+  <span>the document's address</span> via a "non-HTTP" API, consisting
+  of the new value. <a href="#refsCOOKIES">[COOKIES]</a></p>
 
   <p class="note">Since the <code
   title="dom-document-cookie">cookie</code> attribute is accessible

More information about the Commit-Watchers mailing list