[html5] r7141 - [giow] (2) Recast how origins are defined to explicitly use the concept of an or [...]
whatwg at whatwg.org
whatwg at whatwg.org
Fri Jun 22 15:37:03 PDT 2012
Author: ianh
Date: 2012-06-22 15:37:01 -0700 (Fri, 22 Jun 2012)
New Revision: 7141
Modified:
complete.html
index
source
Log:
[giow] (2) Recast how origins are defined to explicitly use the concept of an origin 'alias' and fix the definitions for about:blank docs to use this new definition.
Affected topics: HTML, Security
Modified: complete.html
===================================================================
--- complete.html 2012-06-22 21:53:55 UTC (rev 7140)
+++ complete.html 2012-06-22 22:37:01 UTC (rev 7141)
@@ -64563,16 +64563,23 @@
specifically to be immediately navigated, then that initial
navigation will have <a href=#replacement-enabled>replacement enabled</a>.</p>
- <p id=about-blank-origin>The <a href=#origin>origin</a> of the
- <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is set when the
- <code><a href=#document>Document</a></code> is created. If the new <a href=#browsing-context>browsing
- context</a> has a <a href=#creator-browsing-context>creator browsing context</a>, then the
- <a href=#origin>origin</a> of the <code><a href=#about:blank>about:blank</a></code>
- <code><a href=#document>Document</a></code> is the <a href=#origin>origin</a> of the
- <a href=#creator-document>creator <code>Document</code></a>. Otherwise, the
- <a href=#origin>origin</a> of the <code><a href=#about:blank>about:blank</a></code>
- <code><a href=#document>Document</a></code> is a globally unique identifier assigned when
- the new <a href=#browsing-context>browsing context</a> is created.</p>
+ <p id=about-blank-origin>The <a href=#origin>origin</a> and
+ <a href=#effective-script-origin>effective script origin</a> of the <code><a href=#about:blank>about:blank</a></code>
+ <code><a href=#document>Document</a></code> are set when the <code><a href=#document>Document</a></code> is
+ created. If the new <a href=#browsing-context>browsing context</a> has a
+ <a href=#creator-browsing-context>creator browsing context</a>, then the <a href=#origin>origin</a>
+ of the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#origin>origin</a>
+ of the <a href=#creator-document>creator <code>Document</code></a> and the
+ <a href=#effective-script-origin>effective script origin</a> of the <code><a href=#about:blank>about:blank</a></code>
+ <code><a href=#document>Document</a></code> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#effective-script-origin>effective
+ script origin</a> of the <a href=#creator-document>creator
+ <code>Document</code></a>. Otherwise, the <a href=#origin>origin</a> of
+ the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is a globally
+ unique identifier assigned when the new <a href=#browsing-context>browsing
+ context</a> is created and the <a href=#effective-script-origin>effective script
+ origin</a> of the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code>
+ is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to
+ its <a href=#origin>origin</a>.</p>
</div>
@@ -66052,9 +66059,16 @@
secure certificate changes, the origin is considered to change as
well.</p>
-
<div class=impl>
+ <p>An <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script origin</a>
+ can be defined as an <dfn id=concept-origin-alias title=concept-origin-alias>alias</dfn>
+ to another <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script
+ origin</a>. The value of the <a href=#origin>origin</a> or
+ <a href=#effective-script-origin>effective script origin</a> is then the value of the
+ <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script origin</a> to which
+ it is an alias.</p>
+
<p>These characteristics are defined as follows:</p>
<dl><dt>For URLs</dt>
@@ -66076,72 +66090,141 @@
sandboxing flag set</a> has its <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin
browsing context flag</a> set</dt>
- <dd>The <a href=#origin>origin</a> is a globally unique identifier
- assigned when the <code><a href=#document>Document</a></code> is created.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> is a globally unique identifier
+ assigned when the <code><a href=#document>Document</a></code> is created.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code>
URL</a></dt>
- <dd>The <a href=#origin>origin</a> is equal to the <a href=#origin>origin</a>
- of the script of that <a href=#javascript-protocol title="javascript
- protocol"><code>javascript:</code> URL</a>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the script of that <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code>
+ URL</a>.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> was served over the network and
has an address that uses a URL scheme with a server-based naming
authority</dt>
- <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of
- <a href="#the-document's-address">the <code>Document</code>'s address</a>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of <a href="#the-document's-address">the <code>Document</code>'s
+ address</a>.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> that
was returned as the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or equivalent</a> in
other protocols)</dt>
- <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
- <a href=#url>URL</a> that redirected to the <a href=#data-protocol title="data
- protocol"><code title="">data:</code> URL</a>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <a href=#url>URL</a> that redirected to
+ the <a href=#data-protocol title="data protocol"><code title="">data:</code>
+ URL</a>.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a>
found in another <code><a href=#document>Document</a></code> or in a script</dt>
- <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
- <code><a href=#document>Document</a></code> or script that initiated the <a href=#navigate title=navigate>navigation</a> to that <a href=#url>URL</a>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> or script that
+ initiated the <a href=#navigate title=navigate>navigation</a> to that
+ <a href=#url>URL</a>.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#effective-script-origin>effective script origin</a> of the
+ <code><a href=#document>Document</a></code> or script that initiated the <a href=#navigate title=navigate>navigation</a> to that <a href=#url>URL</a>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> has the <a href="#the-document's-address" title="the
document's address">address</a>
"<code><a href=#about:blank>about:blank</a></code>"</dt>
- <dd>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is <a href=#about-blank-origin>the <span>origin</span> it was
- assigned when its browsing context was created</a>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
+ origin</a> of the <code><a href=#document>Document</a></code> are <a href=#about-blank-origin>those it was assigned when its
+ browsing context was created</a>.</p>
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> is <a href=#an-iframe-srcdoc-document>an <code>iframe</code> <code title=attr-iframe-srcdoc>srcdoc</code> document</a></dt>
- <dd>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is the
- <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing
- context</a>'s <a href=#browsing-context-container>browsing context container</a>'s
- <code><a href=#document>Document</a></code>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>'s
+ <a href=#browsing-context>browsing context</a>'s <a href=#browsing-context-container>browsing context
+ container</a>'s <code><a href=#document>Document</a></code>.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#effective-script-origin>effective script origin</a> of the
+ <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s
+ <a href=#browsing-context-container>browsing context container</a>'s
+ <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> was obtained in some other manner
(e.g. a <a href=#data-protocol title="data protocol"><code title="">data:</code>
URL</a> typed in by the user, a <code><a href=#document>Document</a></code> created
using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code>
API, etc)</dt>
- <dd>The <a href=#origin>origin</a> is a globally unique identifier
- assigned when the <code><a href=#document>Document</a></code> is created.</dd>
+ <dd>
- </dl><p>When a <code><a href=#document>Document</a></code> is created, its <a href=#effective-script-origin>effective
- script origin</a> is initialized to the <a href=#origin>origin</a> of
- the <code><a href=#document>Document</a></code>. However, the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code> attribute can
- be used to change it.</p>
+ <p>The <a href=#origin>origin</a> is a globally unique identifier
+ assigned when the <code><a href=#document>Document</a></code> is created.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+ </dl><p class=note>The <a href=#effective-script-origin>effective script origin</a> of a
+ <code><a href=#document>Document</a></code> can be manipulated using the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code> IDL
+ attribute.</p>
+
</dd>
@@ -66159,16 +66242,19 @@
<dt>If an image is the image of an <code><a href=#the-img-element>img</a></code> element and
its image data is <a href=#cors-same-origin>CORS-same-origin</a></dt>
- <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
- <code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>.</dd>
+ <dd>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#the-img-element>img</a></code> element's
+ <code><a href=#document>Document</a></code>.</dd>
<!-- all image loads go through the "potentially CORS-enabled
fetch" algorithm so they're all either CORS-cross-origin or
CORS-same-origin if they succeed at all -->
- </dl></dd>
+ </dl><p>Images do not have an <a href=#effective-script-origin>effective script origin</a>.</p>
+ </dd>
+
<dt>For <code><a href=#the-audio-element>audio</a></code> and <code><a href=#the-video-element>video</a></code> elements</dt>
<dd>
@@ -66183,27 +66269,34 @@
<dt>If the <a href=#media-data>media data</a> is
<a href=#cors-same-origin>CORS-same-origin</a></dt>
- <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
- <a href=#media-element>media element</a>'s <code><a href=#document>Document</a></code>.</dd>
+ <dd>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <a href=#media-element>media element</a>'s
+ <code><a href=#document>Document</a></code>.</dd>
- </dl></dd>
+ </dl><p><a href=#media-element title="media element">Media elements</a> do not have
+ an <a href=#effective-script-origin>effective script origin</a>.</p>
+ </dd>
+
<dt>For fonts</dt>
<dd>
- <p>The <a href=#origin>origin</a> of a downloadable Web font is equal to
- the <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> used to
+ <p>The <a href=#origin>origin</a> of a downloadable Web font is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> used to
obtain the font (after any redirects). <a href=#refsCSSFONTS>[CSSFONTS]</a></p> <!-- this means you can
get data from a remote site if you can make it redirect to your
own site in some fashion controlled by the data you want to read
-->
<p>The <a href=#origin>origin</a> of a locally installed system font is
- equal to the <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> in
- which that font is being used.</p>
+ an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> in which that
+ font is being used.</p>
+ <p>Fonts do not have an <a href=#effective-script-origin>effective script origin</a>.</p>
+
</dd>
@@ -66277,21 +66370,23 @@
<dd>The owner is the script that provided the URL.</dd>
- </dl><p>The <a href=#origin>origin</a> of the script is then equal to the
+ </dl><p>The <a href=#origin>origin</a> of the script is then an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
<a href=#origin>origin</a> of the owner, and the <a href=#effective-script-origin>effective script
- origin</a> of the script is equal to the <a href=#effective-script-origin>effective script
- origin</a> of the owner.</p>
+ origin</a> of the script is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#effective-script-origin>effective
+ script origin</a> of the owner.</p>
</dd>
</dl><p>Other specifications can override the above definitions by
- themselves specifying the origin of a particular URL, script,
- <code><a href=#document>Document</a></code>, or image.</p>
+ themselves specifying the origin of a particular <a href=#url>URL</a>,
+ <code><a href=#document>Document</a></code>, image, <a href=#media-element>media element</a>, font, or
+ <a href=#concept-script title=concept-script>script</a>.</p>
<!-- e.g.:
<p>The <span>origin</span> of a <code>Document</code> object
- returned by the <code>XMLHttpRequest</code> API is equal to the
+ returned by the <code>XMLHttpRequest</code> API is an <span
+ title="concept-origin-alias">alias</span> to the
<span>XMLHttpRequest origin</span> of the
<code>XMLHttpRequest</code> object.</p>
@@ -66459,6 +66554,10 @@
throw a <code><a href=#securityerror>SecurityError</a></code> exception and abort these
steps.</p>
+ <!-- this is the step that prevents us from ever setting
+ document.domain if the >effective script origin< isn't a
+ scheme/host/port tuple -->
+
</li>
<li>
@@ -66488,26 +66587,43 @@
<li>
- <p>Set the host part of the <a href=#effective-script-origin>effective script origin</a>
- tuple of the <code><a href=#document>Document</a></code> to <var title="">new
- value</var>.</p>
+ <p>If the <a href=#effective-script-origin>effective script origin</a> of the
+ <code><a href=#document>Document</a></code> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a>, set it to the value of
+ the <a href=#effective-script-origin>effective script origin</a> (essentially de-aliasing
+ the <a href=#effective-script-origin>effective script origin</a>).</p>
</li>
<li>
- <p>Set the port part of the <a href=#effective-script-origin>effective script origin</a>
- tuple of the <code><a href=#document>Document</a></code> to "manual override" (a value
- that, for the purposes of <a href=#same-origin title="same origin">comparing
- origins</a>, is identical to "manual override" but not
- identical to any other value).</p>
+ <p>If <var title="">new value</var> is not the empty string, then
+ run these substeps:</p>
- </li>
+ <ol><li>
+ <p>Set the host part of the <a href=#effective-script-origin>effective script origin</a>
+ tuple of the <code><a href=#document>Document</a></code> to <var title="">new
+ value</var>.</p>
+
+ </li>
+
+ <li>
+
+ <p>Set the port part of the <a href=#effective-script-origin>effective script origin</a>
+ tuple of the <code><a href=#document>Document</a></code> to "manual override" (a value
+ that, for the purposes of <a href=#same-origin title="same origin">comparing
+ origins</a>, is identical to "manual override" but not
+ identical to any other value).</p>
+
+ </li>
+
+ </ol></li>
+
</ol><p>The <dfn id="the-document's-domain" title="the document's domain">domain</dfn> of a
<code><a href=#document>Document</a></code> is the host part of the document's
- <a href=#origin>origin</a>, if that is a scheme/host/port tuple. If it
- isn't, then the document does not have a domain.</p>
+ <a href=#origin>origin</a>, if the value of that <a href=#origin>origin</a> is a
+ scheme/host/port tuple. If it isn't, then the document does not have
+ a domain.</p>
</div>
Modified: index
===================================================================
--- index 2012-06-22 21:53:55 UTC (rev 7140)
+++ index 2012-06-22 22:37:01 UTC (rev 7141)
@@ -64563,16 +64563,23 @@
specifically to be immediately navigated, then that initial
navigation will have <a href=#replacement-enabled>replacement enabled</a>.</p>
- <p id=about-blank-origin>The <a href=#origin>origin</a> of the
- <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is set when the
- <code><a href=#document>Document</a></code> is created. If the new <a href=#browsing-context>browsing
- context</a> has a <a href=#creator-browsing-context>creator browsing context</a>, then the
- <a href=#origin>origin</a> of the <code><a href=#about:blank>about:blank</a></code>
- <code><a href=#document>Document</a></code> is the <a href=#origin>origin</a> of the
- <a href=#creator-document>creator <code>Document</code></a>. Otherwise, the
- <a href=#origin>origin</a> of the <code><a href=#about:blank>about:blank</a></code>
- <code><a href=#document>Document</a></code> is a globally unique identifier assigned when
- the new <a href=#browsing-context>browsing context</a> is created.</p>
+ <p id=about-blank-origin>The <a href=#origin>origin</a> and
+ <a href=#effective-script-origin>effective script origin</a> of the <code><a href=#about:blank>about:blank</a></code>
+ <code><a href=#document>Document</a></code> are set when the <code><a href=#document>Document</a></code> is
+ created. If the new <a href=#browsing-context>browsing context</a> has a
+ <a href=#creator-browsing-context>creator browsing context</a>, then the <a href=#origin>origin</a>
+ of the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#origin>origin</a>
+ of the <a href=#creator-document>creator <code>Document</code></a> and the
+ <a href=#effective-script-origin>effective script origin</a> of the <code><a href=#about:blank>about:blank</a></code>
+ <code><a href=#document>Document</a></code> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#effective-script-origin>effective
+ script origin</a> of the <a href=#creator-document>creator
+ <code>Document</code></a>. Otherwise, the <a href=#origin>origin</a> of
+ the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is a globally
+ unique identifier assigned when the new <a href=#browsing-context>browsing
+ context</a> is created and the <a href=#effective-script-origin>effective script
+ origin</a> of the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code>
+ is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to
+ its <a href=#origin>origin</a>.</p>
</div>
@@ -66052,9 +66059,16 @@
secure certificate changes, the origin is considered to change as
well.</p>
-
<div class=impl>
+ <p>An <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script origin</a>
+ can be defined as an <dfn id=concept-origin-alias title=concept-origin-alias>alias</dfn>
+ to another <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script
+ origin</a>. The value of the <a href=#origin>origin</a> or
+ <a href=#effective-script-origin>effective script origin</a> is then the value of the
+ <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script origin</a> to which
+ it is an alias.</p>
+
<p>These characteristics are defined as follows:</p>
<dl><dt>For URLs</dt>
@@ -66076,72 +66090,141 @@
sandboxing flag set</a> has its <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin
browsing context flag</a> set</dt>
- <dd>The <a href=#origin>origin</a> is a globally unique identifier
- assigned when the <code><a href=#document>Document</a></code> is created.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> is a globally unique identifier
+ assigned when the <code><a href=#document>Document</a></code> is created.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code>
URL</a></dt>
- <dd>The <a href=#origin>origin</a> is equal to the <a href=#origin>origin</a>
- of the script of that <a href=#javascript-protocol title="javascript
- protocol"><code>javascript:</code> URL</a>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the script of that <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code>
+ URL</a>.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> was served over the network and
has an address that uses a URL scheme with a server-based naming
authority</dt>
- <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of
- <a href="#the-document's-address">the <code>Document</code>'s address</a>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of <a href="#the-document's-address">the <code>Document</code>'s
+ address</a>.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> that
was returned as the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or equivalent</a> in
other protocols)</dt>
- <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
- <a href=#url>URL</a> that redirected to the <a href=#data-protocol title="data
- protocol"><code title="">data:</code> URL</a>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <a href=#url>URL</a> that redirected to
+ the <a href=#data-protocol title="data protocol"><code title="">data:</code>
+ URL</a>.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a>
found in another <code><a href=#document>Document</a></code> or in a script</dt>
- <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
- <code><a href=#document>Document</a></code> or script that initiated the <a href=#navigate title=navigate>navigation</a> to that <a href=#url>URL</a>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> or script that
+ initiated the <a href=#navigate title=navigate>navigation</a> to that
+ <a href=#url>URL</a>.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#effective-script-origin>effective script origin</a> of the
+ <code><a href=#document>Document</a></code> or script that initiated the <a href=#navigate title=navigate>navigation</a> to that <a href=#url>URL</a>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> has the <a href="#the-document's-address" title="the
document's address">address</a>
"<code><a href=#about:blank>about:blank</a></code>"</dt>
- <dd>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is <a href=#about-blank-origin>the <span>origin</span> it was
- assigned when its browsing context was created</a>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
+ origin</a> of the <code><a href=#document>Document</a></code> are <a href=#about-blank-origin>those it was assigned when its
+ browsing context was created</a>.</p>
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> is <a href=#an-iframe-srcdoc-document>an <code>iframe</code> <code title=attr-iframe-srcdoc>srcdoc</code> document</a></dt>
- <dd>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is the
- <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing
- context</a>'s <a href=#browsing-context-container>browsing context container</a>'s
- <code><a href=#document>Document</a></code>.</dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>'s
+ <a href=#browsing-context>browsing context</a>'s <a href=#browsing-context-container>browsing context
+ container</a>'s <code><a href=#document>Document</a></code>.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#effective-script-origin>effective script origin</a> of the
+ <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s
+ <a href=#browsing-context-container>browsing context container</a>'s
+ <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+
<dt>If a <code><a href=#document>Document</a></code> was obtained in some other manner
(e.g. a <a href=#data-protocol title="data protocol"><code title="">data:</code>
URL</a> typed in by the user, a <code><a href=#document>Document</a></code> created
using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code>
API, etc)</dt>
- <dd>The <a href=#origin>origin</a> is a globally unique identifier
- assigned when the <code><a href=#document>Document</a></code> is created.</dd>
+ <dd>
- </dl><p>When a <code><a href=#document>Document</a></code> is created, its <a href=#effective-script-origin>effective
- script origin</a> is initialized to the <a href=#origin>origin</a> of
- the <code><a href=#document>Document</a></code>. However, the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code> attribute can
- be used to change it.</p>
+ <p>The <a href=#origin>origin</a> is a globally unique identifier
+ assigned when the <code><a href=#document>Document</a></code> is created.</p>
+ <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+ <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+ </dd>
+
+ </dl><p class=note>The <a href=#effective-script-origin>effective script origin</a> of a
+ <code><a href=#document>Document</a></code> can be manipulated using the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code> IDL
+ attribute.</p>
+
</dd>
@@ -66159,16 +66242,19 @@
<dt>If an image is the image of an <code><a href=#the-img-element>img</a></code> element and
its image data is <a href=#cors-same-origin>CORS-same-origin</a></dt>
- <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
- <code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>.</dd>
+ <dd>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#the-img-element>img</a></code> element's
+ <code><a href=#document>Document</a></code>.</dd>
<!-- all image loads go through the "potentially CORS-enabled
fetch" algorithm so they're all either CORS-cross-origin or
CORS-same-origin if they succeed at all -->
- </dl></dd>
+ </dl><p>Images do not have an <a href=#effective-script-origin>effective script origin</a>.</p>
+ </dd>
+
<dt>For <code><a href=#the-audio-element>audio</a></code> and <code><a href=#the-video-element>video</a></code> elements</dt>
<dd>
@@ -66183,27 +66269,34 @@
<dt>If the <a href=#media-data>media data</a> is
<a href=#cors-same-origin>CORS-same-origin</a></dt>
- <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
- <a href=#media-element>media element</a>'s <code><a href=#document>Document</a></code>.</dd>
+ <dd>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <a href=#media-element>media element</a>'s
+ <code><a href=#document>Document</a></code>.</dd>
- </dl></dd>
+ </dl><p><a href=#media-element title="media element">Media elements</a> do not have
+ an <a href=#effective-script-origin>effective script origin</a>.</p>
+ </dd>
+
<dt>For fonts</dt>
<dd>
- <p>The <a href=#origin>origin</a> of a downloadable Web font is equal to
- the <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> used to
+ <p>The <a href=#origin>origin</a> of a downloadable Web font is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> used to
obtain the font (after any redirects). <a href=#refsCSSFONTS>[CSSFONTS]</a></p> <!-- this means you can
get data from a remote site if you can make it redirect to your
own site in some fashion controlled by the data you want to read
-->
<p>The <a href=#origin>origin</a> of a locally installed system font is
- equal to the <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> in
- which that font is being used.</p>
+ an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+ <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> in which that
+ font is being used.</p>
+ <p>Fonts do not have an <a href=#effective-script-origin>effective script origin</a>.</p>
+
</dd>
@@ -66277,21 +66370,23 @@
<dd>The owner is the script that provided the URL.</dd>
- </dl><p>The <a href=#origin>origin</a> of the script is then equal to the
+ </dl><p>The <a href=#origin>origin</a> of the script is then an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
<a href=#origin>origin</a> of the owner, and the <a href=#effective-script-origin>effective script
- origin</a> of the script is equal to the <a href=#effective-script-origin>effective script
- origin</a> of the owner.</p>
+ origin</a> of the script is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#effective-script-origin>effective
+ script origin</a> of the owner.</p>
</dd>
</dl><p>Other specifications can override the above definitions by
- themselves specifying the origin of a particular URL, script,
- <code><a href=#document>Document</a></code>, or image.</p>
+ themselves specifying the origin of a particular <a href=#url>URL</a>,
+ <code><a href=#document>Document</a></code>, image, <a href=#media-element>media element</a>, font, or
+ <a href=#concept-script title=concept-script>script</a>.</p>
<!-- e.g.:
<p>The <span>origin</span> of a <code>Document</code> object
- returned by the <code>XMLHttpRequest</code> API is equal to the
+ returned by the <code>XMLHttpRequest</code> API is an <span
+ title="concept-origin-alias">alias</span> to the
<span>XMLHttpRequest origin</span> of the
<code>XMLHttpRequest</code> object.</p>
@@ -66459,6 +66554,10 @@
throw a <code><a href=#securityerror>SecurityError</a></code> exception and abort these
steps.</p>
+ <!-- this is the step that prevents us from ever setting
+ document.domain if the >effective script origin< isn't a
+ scheme/host/port tuple -->
+
</li>
<li>
@@ -66488,26 +66587,43 @@
<li>
- <p>Set the host part of the <a href=#effective-script-origin>effective script origin</a>
- tuple of the <code><a href=#document>Document</a></code> to <var title="">new
- value</var>.</p>
+ <p>If the <a href=#effective-script-origin>effective script origin</a> of the
+ <code><a href=#document>Document</a></code> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a>, set it to the value of
+ the <a href=#effective-script-origin>effective script origin</a> (essentially de-aliasing
+ the <a href=#effective-script-origin>effective script origin</a>).</p>
</li>
<li>
- <p>Set the port part of the <a href=#effective-script-origin>effective script origin</a>
- tuple of the <code><a href=#document>Document</a></code> to "manual override" (a value
- that, for the purposes of <a href=#same-origin title="same origin">comparing
- origins</a>, is identical to "manual override" but not
- identical to any other value).</p>
+ <p>If <var title="">new value</var> is not the empty string, then
+ run these substeps:</p>
- </li>
+ <ol><li>
+ <p>Set the host part of the <a href=#effective-script-origin>effective script origin</a>
+ tuple of the <code><a href=#document>Document</a></code> to <var title="">new
+ value</var>.</p>
+
+ </li>
+
+ <li>
+
+ <p>Set the port part of the <a href=#effective-script-origin>effective script origin</a>
+ tuple of the <code><a href=#document>Document</a></code> to "manual override" (a value
+ that, for the purposes of <a href=#same-origin title="same origin">comparing
+ origins</a>, is identical to "manual override" but not
+ identical to any other value).</p>
+
+ </li>
+
+ </ol></li>
+
</ol><p>The <dfn id="the-document's-domain" title="the document's domain">domain</dfn> of a
<code><a href=#document>Document</a></code> is the host part of the document's
- <a href=#origin>origin</a>, if that is a scheme/host/port tuple. If it
- isn't, then the document does not have a domain.</p>
+ <a href=#origin>origin</a>, if the value of that <a href=#origin>origin</a> is a
+ scheme/host/port tuple. If it isn't, then the document does not have
+ a domain.</p>
</div>
Modified: source
===================================================================
--- source 2012-06-22 21:53:55 UTC (rev 7140)
+++ source 2012-06-22 22:37:01 UTC (rev 7141)
@@ -75737,16 +75737,25 @@
specifically to be immediately navigated, then that initial
navigation will have <span>replacement enabled</span>.</p>
- <p id="about-blank-origin">The <span>origin</span> of the
- <code>about:blank</code> <code>Document</code> is set when the
- <code>Document</code> is created. If the new <span>browsing
- context</span> has a <span>creator browsing context</span>, then the
- <span>origin</span> of the <code>about:blank</code>
- <code>Document</code> is the <span>origin</span> of the
- <span>creator <code>Document</code></span>. Otherwise, the
- <span>origin</span> of the <code>about:blank</code>
- <code>Document</code> is a globally unique identifier assigned when
- the new <span>browsing context</span> is created.</p>
+ <p id="about-blank-origin">The <span>origin</span> and
+ <span>effective script origin</span> of the <code>about:blank</code>
+ <code>Document</code> are set when the <code>Document</code> is
+ created. If the new <span>browsing context</span> has a
+ <span>creator browsing context</span>, then the <span>origin</span>
+ of the <code>about:blank</code> <code>Document</code> is an <span
+ title="concept-origin-alias">alias</span> to the <span>origin</span>
+ of the <span>creator <code>Document</code></span> and the
+ <span>effective script origin</span> of the <code>about:blank</code>
+ <code>Document</code> is initially an <span
+ title="concept-origin-alias">alias</span> to the <span>effective
+ script origin</span> of the <span>creator
+ <code>Document</code></span>. Otherwise, the <span>origin</span> of
+ the <code>about:blank</code> <code>Document</code> is a globally
+ unique identifier assigned when the new <span>browsing
+ context</span> is created and the <span>effective script
+ origin</span> of the <code>about:blank</code> <code>Document</code>
+ is initially an <span title="concept-origin-alias">alias</span> to
+ its <span>origin</span>.</p>
</div>
@@ -77430,9 +77439,16 @@
secure certificate changes, the origin is considered to change as
well.</p>
-
<div class="impl">
+ <p>An <span>origin</span> or <span>effective script origin</span>
+ can be defined as an <dfn title="concept-origin-alias">alias</dfn>
+ to another <span>origin</span> or <span>effective script
+ origin</span>. The value of the <span>origin</span> or
+ <span>effective script origin</span> is then the value of the
+ <span>origin</span> or <span>effective script origin</span> to which
+ it is an alias.</p>
+
<p>These characteristics are defined as follows:</p>
<dl>
@@ -77459,65 +77475,132 @@
sandboxing flag set</span> has its <span>sandboxed origin
browsing context flag</span> set</dt>
- <dd>The <span>origin</span> is a globally unique identifier
- assigned when the <code>Document</code> is created.</dd>
+ <dd>
+ <p>The <span>origin</span> is a globally unique identifier
+ assigned when the <code>Document</code> is created.</p>
+ <p>The <span>effective script origin</span> is initially an
+ <span title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <code>Document</code>.</p>
+
+ </dd>
+
+
<dt>If a <code>Document</code> was generated from a <span
title="javascript protocol"><code>javascript:</code>
URL</span></dt>
- <dd>The <span>origin</span> is equal to the <span>origin</span>
- of the script of that <span title="javascript
- protocol"><code>javascript:</code> URL</span>.</dd>
+ <dd>
+ <p>The <span>origin</span> is an <span
+ title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the script of that <span
+ title="javascript protocol"><code>javascript:</code>
+ URL</span>.</p>
+ <p>The <span>effective script origin</span> is initially an
+ <span title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <code>Document</code>.</p>
+
+ </dd>
+
+
<dt>If a <code>Document</code> was served over the network and
has an address that uses a URL scheme with a server-based naming
authority</dt>
- <dd>The <span>origin</span> is the <span>origin</span> of
- <span>the <code>Document</code>'s address</span>.</dd>
+ <dd>
+ <p>The <span>origin</span> is an <span
+ title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of <span>the <code>Document</code>'s
+ address</span>.</p>
+ <p>The <span>effective script origin</span> is initially an
+ <span title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <code>Document</code>.</p>
+
+ </dd>
+
+
<dt>If a <code>Document</code> was generated from a <span
title="data protocol"><code title="">data:</code> URL</span> that
was returned as the location of an HTTP redirect (<span
title="concept-http-equivalent-codes">or equivalent</span> in
other protocols)</dt>
- <dd>The <span>origin</span> is the <span>origin</span> of the
- <span>URL</span> that redirected to the <span title="data
- protocol"><code title="">data:</code> URL</span>.</dd>
+ <dd>
+ <p>The <span>origin</span> is an <span
+ title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <span>URL</span> that redirected to
+ the <span title="data protocol"><code title="">data:</code>
+ URL</span>.</p>
+ <p>The <span>effective script origin</span> is initially an
+ <span title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <code>Document</code>.</p>
+
+ </dd>
+
+
<dt>If a <code>Document</code> was generated from a <span
title="data protocol"><code title="">data:</code> URL</span>
found in another <code>Document</code> or in a script</dt>
- <dd>The <span>origin</span> is the <span>origin</span> of the
- <code>Document</code> or script that initiated the <span
- title="navigate">navigation</span> to that <span>URL</span>.</dd>
+ <dd>
+ <p>The <span>origin</span> is an <span
+ title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <code>Document</code> or script that
+ initiated the <span title="navigate">navigation</span> to that
+ <span>URL</span>.</p>
+ <p>The <span>effective script origin</span> is initially an
+ <span title="concept-origin-alias">alias</span> to the
+ <span>effective script origin</span> of the
+ <code>Document</code> or script that initiated the <span
+ title="navigate">navigation</span> to that <span>URL</span>.</p>
+
+ </dd>
+
+
<dt>If a <code>Document</code> has the <span title="the
document's address">address</span>
"<code>about:blank</code>"</dt>
- <dd>The <span>origin</span> of the <code>Document</code> is <a
- href="#about-blank-origin">the <span>origin</span> it was
- assigned when its browsing context was created</a>.</dd>
+ <dd>
+ <p>The <span>origin</span> and <span>effective script
+ origin</span> of the <code>Document</code> are <a
+ href="#about-blank-origin">those it was assigned when its
+ browsing context was created</a>.</p>
+ </dd>
+
+
<dt>If a <code>Document</code> is <span>an <code>iframe</code> <code
title="attr-iframe-srcdoc">srcdoc</code> document</span></dt>
- <dd>The <span>origin</span> of the <code>Document</code> is the
- <span>origin</span> of the <code>Document</code>'s <span>browsing
- context</span>'s <span>browsing context container</span>'s
- <code>Document</code>.</dd>
+ <dd>
+ <p>The <span>origin</span> of the <code>Document</code> is an
+ <span title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <code>Document</code>'s
+ <span>browsing context</span>'s <span>browsing context
+ container</span>'s <code>Document</code>.</p>
+ <p>The <span>effective script origin</span> is initially an
+ <span title="concept-origin-alias">alias</span> to the
+ <span>effective script origin</span> of the
+ <code>Document</code>'s <span>browsing context</span>'s
+ <span>browsing context container</span>'s
+ <code>Document</code>.</p>
+
+ </dd>
+
+
<dt>If a <code>Document</code> was obtained in some other manner
(e.g. a <span title="data protocol"><code title="">data:</code>
URL</span> typed in by the user, a <code>Document</code> created
@@ -77525,16 +77608,23 @@
title="dom-DOMImplementation-createDocument">createDocument()</code>
API, etc)</dt>
- <dd>The <span>origin</span> is a globally unique identifier
- assigned when the <code>Document</code> is created.</dd>
+ <dd>
+ <p>The <span>origin</span> is a globally unique identifier
+ assigned when the <code>Document</code> is created.</p>
+
+ <p>The <span>effective script origin</span> is initially an
+ <span title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <code>Document</code>.</p>
+
+ </dd>
+
</dl>
- <p>When a <code>Document</code> is created, its <span>effective
- script origin</span> is initialized to the <span>origin</span> of
- the <code>Document</code>. However, the <code
- title="dom-document-domain">document.domain</code> attribute can
- be used to change it.</p>
+ <p class="note">The <span>effective script origin</span> of a
+ <code>Document</code> can be manipulated using the <code
+ title="dom-document-domain">document.domain</code> IDL
+ attribute.</p>
</dd>
@@ -77555,8 +77645,10 @@
<dt>If an image is the image of an <code>img</code> element and
its image data is <span>CORS-same-origin</span></dt>
- <dd>The <span>origin</span> is the <span>origin</span> of the
- <code>img</code> element's <code>Document</code>.</dd>
+ <dd>The <span>origin</span> is an <span
+ title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <code>img</code> element's
+ <code>Document</code>.</dd>
<!-- all image loads go through the "potentially CORS-enabled
fetch" algorithm so they're all either CORS-cross-origin or
@@ -77564,6 +77656,8 @@
</dl>
+ <p>Images do not have an <span>effective script origin</span>.</p>
+
</dd>
@@ -77583,11 +77677,16 @@
<dt>If the <span>media data</span> is
<span>CORS-same-origin</span></dt>
- <dd>The <span>origin</span> is the <span>origin</span> of the
- <span>media element</span>'s <code>Document</code>.</dd>
+ <dd>The <span>origin</span> is an <span
+ title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <span>media element</span>'s
+ <code>Document</code>.</dd>
</dl>
+ <p><span title="media element">Media elements</span> do not have
+ an <span>effective script origin</span>.</p>
+
</dd>
@@ -77595,8 +77694,9 @@
<dd>
- <p>The <span>origin</span> of a downloadable Web font is equal to
- the <span>origin</span> of the <span>absolute URL</span> used to
+ <p>The <span>origin</span> of a downloadable Web font is an <span
+ title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <span>absolute URL</span> used to
obtain the font (after any redirects). <a
href="#refsCSSFONTS">[CSSFONTS]</a></p> <!-- this means you can
get data from a remote site if you can make it redirect to your
@@ -77604,9 +77704,12 @@
-->
<p>The <span>origin</span> of a locally installed system font is
- equal to the <span>origin</span> of the <code>Document</code> in
- which that font is being used.</p>
+ an <span title="concept-origin-alias">alias</span> to the
+ <span>origin</span> of the <code>Document</code> in which that
+ font is being used.</p>
+ <p>Fonts do not have an <span>effective script origin</span>.</p>
+
</dd>
@@ -77692,23 +77795,27 @@
</dl>
- <p>The <span>origin</span> of the script is then equal to the
+ <p>The <span>origin</span> of the script is then an <span
+ title="concept-origin-alias">alias</span> to the
<span>origin</span> of the owner, and the <span>effective script
- origin</span> of the script is equal to the <span>effective script
- origin</span> of the owner.</p>
+ origin</span> of the script is an <span
+ title="concept-origin-alias">alias</span> to the <span>effective
+ script origin</span> of the owner.</p>
</dd>
</dl>
<p>Other specifications can override the above definitions by
- themselves specifying the origin of a particular URL, script,
- <code>Document</code>, or image.</p>
+ themselves specifying the origin of a particular <span>URL</span>,
+ <code>Document</code>, image, <span>media element</span>, font, or
+ <span title="concept-script">script</span>.</p>
<!-- e.g.:
<p>The <span>origin</span> of a <code>Document</code> object
- returned by the <code>XMLHttpRequest</code> API is equal to the
+ returned by the <code>XMLHttpRequest</code> API is an <span
+ title="concept-origin-alias">alias</span> to the
<span>XMLHttpRequest origin</span> of the
<code>XMLHttpRequest</code> object.</p>
@@ -77910,6 +78017,10 @@
throw a <code>SecurityError</code> exception and abort these
steps.</p>
+ <!-- this is the step that prevents us from ever setting
+ document.domain if the >effective script origin< isn't a
+ scheme/host/port tuple -->
+
</li>
<li>
@@ -77943,28 +78054,50 @@
<li>
- <p>Set the host part of the <span>effective script origin</span>
- tuple of the <code>Document</code> to <var title="">new
- value</var>.</p>
+ <p>If the <span>effective script origin</span> of the
+ <code>Document</code> is an <span
+ title="concept-origin-alias">alias</span>, set it to the value of
+ the <span>effective script origin</span> (essentially de-aliasing
+ the <span>effective script origin</span>).</p>
</li>
<li>
- <p>Set the port part of the <span>effective script origin</span>
- tuple of the <code>Document</code> to "manual override" (a value
- that, for the purposes of <span title="same origin">comparing
- origins</span>, is identical to "manual override" but not
- identical to any other value).</p>
+ <p>If <var title="">new value</var> is not the empty string, then
+ run these substeps:</p>
+ <ol>
+
+ <li>
+
+ <p>Set the host part of the <span>effective script origin</span>
+ tuple of the <code>Document</code> to <var title="">new
+ value</var>.</p>
+
+ </li>
+
+ <li>
+
+ <p>Set the port part of the <span>effective script origin</span>
+ tuple of the <code>Document</code> to "manual override" (a value
+ that, for the purposes of <span title="same origin">comparing
+ origins</span>, is identical to "manual override" but not
+ identical to any other value).</p>
+
+ </li>
+
+ </ol>
+
</li>
</ol>
<p>The <dfn title="the document's domain">domain</dfn> of a
<code>Document</code> is the host part of the document's
- <span>origin</span>, if that is a scheme/host/port tuple. If it
- isn't, then the document does not have a domain.</p>
+ <span>origin</span>, if the value of that <span>origin</span> is a
+ scheme/host/port tuple. If it isn't, then the document does not have
+ a domain.</p>
</div>
More information about the Commit-Watchers
mailing list