[html5] r4780 - [giow] (0) Define how .cookie works with text/html-sandboxed. Fixing http://www. [...]
whatwg at whatwg.org
whatwg at whatwg.org
Wed Feb 17 23:44:23 PST 2010
Author: ianh
Date: 2010-02-17 23:44:21 -0800 (Wed, 17 Feb 2010)
New Revision: 4780
Modified:
complete.html
index
source
Log:
[giow] (0) Define how .cookie works with text/html-sandboxed.
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=8999
Modified: complete.html
===================================================================
--- complete.html 2010-02-18 07:06:06 UTC (rev 4779)
+++ complete.html 2010-02-18 07:44:21 UTC (rev 4780)
@@ -7011,10 +7011,10 @@
applied to this resource, the empty string will be returned.</p>
<p>Can be set, to add a new cookie to the element's set of HTTP
cookies.</p>
- <p>If the <code><a href=#document>Document</a></code> has no <a href=#browsing-context>browsing
- context</a> an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception will be
- thrown. If the contents are <a href=#sandboxed-origin-browsing-context-flag title="sandboxed origin browsing
- context flag">sandboxed into a unique origin</a>, a
+ <p>Cookies of <code><a href=#document>Document</a></code>s that weren't obtained by
+ downloading a resource from a Web site will always be blank, even
+ after being set. If the contents are <a href=#sandboxed-origin-browsing-context-flag title="sandboxed origin
+ browsing context flag">sandboxed into a unique origin</a>, a
<code><a href=#security_err>SECURITY_ERR</a></code> exception will be thrown.</p>
</dd>
@@ -7039,9 +7039,8 @@
<p id=sandboxCookies>On getting, if the document is a
<a href=#cookie-free-document-object>cookie-free <code>Document</code> object</a>, then the user
agent must return the empty string. Otherwise, if the
- <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
- <a href=#browsing-context>browsing context</a> of the <code><a href=#document>Document</a></code> when the
- <code><a href=#document>Document</a></code> was created, the user agent must raise a
+ <code><a href=#document>Document</a></code>'s <a href=#origin>origin</a> is not a
+ scheme/host/port tuple, the user agent must raise a
<code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, the user agent must
first <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then return the
cookie-string for <a href="#the-document's-address">the document's address</a> for a
@@ -7049,12 +7048,11 @@
<p>On setting, if the document is a <a href=#cookie-free-document-object>cookie-free
<code>Document</code> object</a>, then the user agent must do
- nothing. Otherwise, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context
- flag</a> was set on the <a href=#browsing-context>browsing context</a> of the
- <code><a href=#document>Document</a></code> when the <code><a href=#document>Document</a></code> was created,
- the user agent must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
- exception. Otherwise, the user agent must <a href=#obtain-the-storage-mutex>obtain the storage
- mutex</a> and then act as it would when <span title="receives a
+ nothing. Otherwise, if the <code><a href=#document>Document</a></code>'s
+ <a href=#origin>origin</a> is not a scheme/host/port tuple, the user agent
+ must raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, the
+ user agent must <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then act
+ as it would when <span title="receives a
set-cookie-string">receiving a set-cookie-string</span> for
<a href="#the-document's-address">the document's address</a> via a "non-HTTP" API, consisting
of the new value. <a href=#refsCOOKIES>[COOKIES]</a></p>
Modified: index
===================================================================
--- index 2010-02-18 07:06:06 UTC (rev 4779)
+++ index 2010-02-18 07:44:21 UTC (rev 4780)
@@ -6910,10 +6910,10 @@
applied to this resource, the empty string will be returned.</p>
<p>Can be set, to add a new cookie to the element's set of HTTP
cookies.</p>
- <p>If the <code><a href=#document>Document</a></code> has no <a href=#browsing-context>browsing
- context</a> an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception will be
- thrown. If the contents are <a href=#sandboxed-origin-browsing-context-flag title="sandboxed origin browsing
- context flag">sandboxed into a unique origin</a>, a
+ <p>Cookies of <code><a href=#document>Document</a></code>s that weren't obtained by
+ downloading a resource from a Web site will always be blank, even
+ after being set. If the contents are <a href=#sandboxed-origin-browsing-context-flag title="sandboxed origin
+ browsing context flag">sandboxed into a unique origin</a>, a
<code><a href=#security_err>SECURITY_ERR</a></code> exception will be thrown.</p>
</dd>
@@ -6938,9 +6938,8 @@
<p id=sandboxCookies>On getting, if the document is a
<a href=#cookie-free-document-object>cookie-free <code>Document</code> object</a>, then the user
agent must return the empty string. Otherwise, if the
- <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
- <a href=#browsing-context>browsing context</a> of the <code><a href=#document>Document</a></code> when the
- <code><a href=#document>Document</a></code> was created, the user agent must raise a
+ <code><a href=#document>Document</a></code>'s <a href=#origin>origin</a> is not a
+ scheme/host/port tuple, the user agent must raise a
<code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, the user agent must
first <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then return the
cookie-string for <a href="#the-document's-address">the document's address</a> for a
@@ -6948,12 +6947,11 @@
<p>On setting, if the document is a <a href=#cookie-free-document-object>cookie-free
<code>Document</code> object</a>, then the user agent must do
- nothing. Otherwise, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context
- flag</a> was set on the <a href=#browsing-context>browsing context</a> of the
- <code><a href=#document>Document</a></code> when the <code><a href=#document>Document</a></code> was created,
- the user agent must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
- exception. Otherwise, the user agent must <a href=#obtain-the-storage-mutex>obtain the storage
- mutex</a> and then act as it would when <span title="receives a
+ nothing. Otherwise, if the <code><a href=#document>Document</a></code>'s
+ <a href=#origin>origin</a> is not a scheme/host/port tuple, the user agent
+ must raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, the
+ user agent must <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then act
+ as it would when <span title="receives a
set-cookie-string">receiving a set-cookie-string</span> for
<a href="#the-document's-address">the document's address</a> via a "non-HTTP" API, consisting
of the new value. <a href=#refsCOOKIES>[COOKIES]</a></p>
Modified: source
===================================================================
--- source 2010-02-18 07:06:06 UTC (rev 4779)
+++ source 2010-02-18 07:44:21 UTC (rev 4780)
@@ -6796,10 +6796,10 @@
applied to this resource, the empty string will be returned.</p>
<p>Can be set, to add a new cookie to the element's set of HTTP
cookies.</p>
- <p>If the <code>Document</code> has no <span>browsing
- context</span> an <code>INVALID_STATE_ERR</code> exception will be
- thrown. If the contents are <span title="sandboxed origin browsing
- context flag">sandboxed into a unique origin</span>, a
+ <p>Cookies of <code>Document</code>s that weren't obtained by
+ downloading a resource from a Web site will always be blank, even
+ after being set. If the contents are <span title="sandboxed origin
+ browsing context flag">sandboxed into a unique origin</span>, a
<code>SECURITY_ERR</code> exception will be thrown.</p>
</dd>
@@ -6828,9 +6828,8 @@
<p id="sandboxCookies">On getting, if the document is a
<span>cookie-free <code>Document</code> object</span>, then the user
agent must return the empty string. Otherwise, if the
- <span>sandboxed origin browsing context flag</span> was set on the
- <span>browsing context</span> of the <code>Document</code> when the
- <code>Document</code> was created, the user agent must raise a
+ <code>Document</code>'s <span>origin</span> is not a
+ scheme/host/port tuple, the user agent must raise a
<code>SECURITY_ERR</code> exception. Otherwise, the user agent must
first <span>obtain the storage mutex</span> and then return the
cookie-string for <span>the document's address</span> for a
@@ -6838,12 +6837,11 @@
<p>On setting, if the document is a <span>cookie-free
<code>Document</code> object</span>, then the user agent must do
- nothing. Otherwise, if the <span>sandboxed origin browsing context
- flag</span> was set on the <span>browsing context</span> of the
- <code>Document</code> when the <code>Document</code> was created,
- the user agent must raise a <code>SECURITY_ERR</code>
- exception. Otherwise, the user agent must <span>obtain the storage
- mutex</span> and then act as it would when <span title="receives a
+ nothing. Otherwise, if the <code>Document</code>'s
+ <span>origin</span> is not a scheme/host/port tuple, the user agent
+ must raise a <code>SECURITY_ERR</code> exception. Otherwise, the
+ user agent must <span>obtain the storage mutex</span> and then act
+ as it would when <span title="receives a
set-cookie-string">receiving a set-cookie-string</span> for
<span>the document's address</span> via a "non-HTTP" API, consisting
of the new value. <a href="#refsCOOKIES">[COOKIES]</a></p>
More information about the Commit-Watchers
mailing list