[html5] r7141 - [giow] (2) Recast how origins are defined to explicitly use the concept of an or [...]

whatwg at whatwg.org whatwg at whatwg.org
Fri Jun 22 15:37:03 PDT 2012


Author: ianh
Date: 2012-06-22 15:37:01 -0700 (Fri, 22 Jun 2012)
New Revision: 7141

Modified:
   complete.html
   index
   source
Log:
[giow] (2) Recast how origins are defined to explicitly use the concept of an origin 'alias' and fix the definitions for about:blank docs to use this new definition.
Affected topics: HTML, Security

Modified: complete.html
===================================================================
--- complete.html	2012-06-22 21:53:55 UTC (rev 7140)
+++ complete.html	2012-06-22 22:37:01 UTC (rev 7141)
@@ -64563,16 +64563,23 @@
   specifically to be immediately navigated, then that initial
   navigation will have <a href=#replacement-enabled>replacement enabled</a>.</p>
 
-  <p id=about-blank-origin>The <a href=#origin>origin</a> of the
-  <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is set when the
-  <code><a href=#document>Document</a></code> is created. If the new <a href=#browsing-context>browsing
-  context</a> has a <a href=#creator-browsing-context>creator browsing context</a>, then the
-  <a href=#origin>origin</a> of the <code><a href=#about:blank>about:blank</a></code>
-  <code><a href=#document>Document</a></code> is the <a href=#origin>origin</a> of the
-  <a href=#creator-document>creator <code>Document</code></a>. Otherwise, the
-  <a href=#origin>origin</a> of the <code><a href=#about:blank>about:blank</a></code>
-  <code><a href=#document>Document</a></code> is a globally unique identifier assigned when
-  the new <a href=#browsing-context>browsing context</a> is created.</p>
+  <p id=about-blank-origin>The <a href=#origin>origin</a> and
+  <a href=#effective-script-origin>effective script origin</a> of the <code><a href=#about:blank>about:blank</a></code>
+  <code><a href=#document>Document</a></code> are set when the <code><a href=#document>Document</a></code> is
+  created. If the new <a href=#browsing-context>browsing context</a> has a
+  <a href=#creator-browsing-context>creator browsing context</a>, then the <a href=#origin>origin</a>
+  of the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#origin>origin</a>
+  of the <a href=#creator-document>creator <code>Document</code></a> and the
+  <a href=#effective-script-origin>effective script origin</a> of the <code><a href=#about:blank>about:blank</a></code>
+  <code><a href=#document>Document</a></code> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#effective-script-origin>effective
+  script origin</a> of the <a href=#creator-document>creator
+  <code>Document</code></a>. Otherwise, the <a href=#origin>origin</a> of
+  the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is a globally
+  unique identifier assigned when the new <a href=#browsing-context>browsing
+  context</a> is created and the <a href=#effective-script-origin>effective script
+  origin</a> of the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code>
+  is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to
+  its <a href=#origin>origin</a>.</p>
 
   </div>
 
@@ -66052,9 +66059,16 @@
   secure certificate changes, the origin is considered to change as
   well.</p>
 
-
   <div class=impl>
 
+  <p>An <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script origin</a>
+  can be defined as an <dfn id=concept-origin-alias title=concept-origin-alias>alias</dfn>
+  to another <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script
+  origin</a>. The value of the <a href=#origin>origin</a> or
+  <a href=#effective-script-origin>effective script origin</a> is then the value of the
+  <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script origin</a> to which
+  it is an alias.</p>
+
   <p>These characteristics are defined as follows:</p>
 
   <dl><dt>For URLs</dt>
@@ -66076,72 +66090,141 @@
      sandboxing flag set</a> has its <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin
      browsing context flag</a> set</dt>
 
-     <dd>The <a href=#origin>origin</a> is a globally unique identifier
-     assigned when the <code><a href=#document>Document</a></code> is created.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> is a globally unique identifier
+      assigned when the <code><a href=#document>Document</a></code> is created.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code>
      URL</a></dt>
 
-     <dd>The <a href=#origin>origin</a> is equal to the <a href=#origin>origin</a>
-     of the script of that <a href=#javascript-protocol title="javascript
-     protocol"><code>javascript:</code> URL</a>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the script of that <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code>
+      URL</a>.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> was served over the network and
      has an address that uses a URL scheme with a server-based naming
      authority</dt>
 
-     <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of
-     <a href="#the-document's-address">the <code>Document</code>'s address</a>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of <a href="#the-document's-address">the <code>Document</code>'s
+      address</a>.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> that
      was returned as the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or equivalent</a> in
      other protocols)</dt>
 
-     <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
-     <a href=#url>URL</a> that redirected to the <a href=#data-protocol title="data
-     protocol"><code title="">data:</code> URL</a>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <a href=#url>URL</a> that redirected to
+      the <a href=#data-protocol title="data protocol"><code title="">data:</code>
+      URL</a>.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a>
      found in another <code><a href=#document>Document</a></code> or in a script</dt>
 
-     <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
-     <code><a href=#document>Document</a></code> or script that initiated the <a href=#navigate title=navigate>navigation</a> to that <a href=#url>URL</a>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> or script that
+      initiated the <a href=#navigate title=navigate>navigation</a> to that
+      <a href=#url>URL</a>.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#effective-script-origin>effective script origin</a> of the
+      <code><a href=#document>Document</a></code> or script that initiated the <a href=#navigate title=navigate>navigation</a> to that <a href=#url>URL</a>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> has the <a href="#the-document's-address" title="the
      document's address">address</a>
      "<code><a href=#about:blank>about:blank</a></code>"</dt>
 
-     <dd>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is <a href=#about-blank-origin>the <span>origin</span> it was
-     assigned when its browsing context was created</a>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
+      origin</a> of the <code><a href=#document>Document</a></code> are <a href=#about-blank-origin>those it was assigned when its
+      browsing context was created</a>.</p>
 
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> is <a href=#an-iframe-srcdoc-document>an <code>iframe</code> <code title=attr-iframe-srcdoc>srcdoc</code> document</a></dt>
 
-     <dd>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is the
-     <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing
-     context</a>'s <a href=#browsing-context-container>browsing context container</a>'s
-     <code><a href=#document>Document</a></code>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>'s
+      <a href=#browsing-context>browsing context</a>'s <a href=#browsing-context-container>browsing context
+      container</a>'s <code><a href=#document>Document</a></code>.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#effective-script-origin>effective script origin</a> of the
+      <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s
+      <a href=#browsing-context-container>browsing context container</a>'s
+      <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> was obtained in some other manner
      (e.g. a <a href=#data-protocol title="data protocol"><code title="">data:</code>
      URL</a> typed in by the user, a <code><a href=#document>Document</a></code> created
      using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code>
      API, etc)</dt>
 
-     <dd>The <a href=#origin>origin</a> is a globally unique identifier
-     assigned when the <code><a href=#document>Document</a></code> is created.</dd>
+     <dd>
 
-    </dl><p>When a <code><a href=#document>Document</a></code> is created, its <a href=#effective-script-origin>effective
-    script origin</a> is initialized to the <a href=#origin>origin</a> of
-    the <code><a href=#document>Document</a></code>. However, the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code> attribute can
-    be used to change it.</p>
+      <p>The <a href=#origin>origin</a> is a globally unique identifier
+      assigned when the <code><a href=#document>Document</a></code> is created.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+    </dl><p class=note>The <a href=#effective-script-origin>effective script origin</a> of a
+    <code><a href=#document>Document</a></code> can be manipulated using the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code> IDL
+    attribute.</p>
+
    </dd>
 
 
@@ -66159,16 +66242,19 @@
      <dt>If an image is the image of an <code><a href=#the-img-element>img</a></code> element and
      its image data is <a href=#cors-same-origin>CORS-same-origin</a></dt>
 
-     <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
-     <code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>.</dd>
+     <dd>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+     <a href=#origin>origin</a> of the <code><a href=#the-img-element>img</a></code> element's
+     <code><a href=#document>Document</a></code>.</dd>
 
      <!-- all image loads go through the "potentially CORS-enabled
      fetch" algorithm so they're all either CORS-cross-origin or
      CORS-same-origin if they succeed at all -->
 
-    </dl></dd>
+    </dl><p>Images do not have an <a href=#effective-script-origin>effective script origin</a>.</p>
 
+   </dd>
 
+
    <dt>For <code><a href=#the-audio-element>audio</a></code> and <code><a href=#the-video-element>video</a></code> elements</dt>
 
    <dd>
@@ -66183,27 +66269,34 @@
      <dt>If the <a href=#media-data>media data</a> is
      <a href=#cors-same-origin>CORS-same-origin</a></dt>
 
-     <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
-     <a href=#media-element>media element</a>'s <code><a href=#document>Document</a></code>.</dd>
+     <dd>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+     <a href=#origin>origin</a> of the <a href=#media-element>media element</a>'s
+     <code><a href=#document>Document</a></code>.</dd>
 
-    </dl></dd>
+    </dl><p><a href=#media-element title="media element">Media elements</a> do not have
+    an <a href=#effective-script-origin>effective script origin</a>.</p>
 
+   </dd>
 
+
    <dt>For fonts</dt>
 
    <dd>
 
-    <p>The <a href=#origin>origin</a> of a downloadable Web font is equal to
-    the <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> used to
+    <p>The <a href=#origin>origin</a> of a downloadable Web font is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+    <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> used to
     obtain the font (after any redirects). <a href=#refsCSSFONTS>[CSSFONTS]</a></p> <!-- this means you can
     get data from a remote site if you can make it redirect to your
     own site in some fashion controlled by the data you want to read
     -->
 
     <p>The <a href=#origin>origin</a> of a locally installed system font is
-    equal to the <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> in
-    which that font is being used.</p>
+    an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+    <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> in which that
+    font is being used.</p>
 
+    <p>Fonts do not have an <a href=#effective-script-origin>effective script origin</a>.</p>
+
    </dd>
 
 
@@ -66277,21 +66370,23 @@
 
      <dd>The owner is the script that provided the URL.</dd>
 
-    </dl><p>The <a href=#origin>origin</a> of the script is then equal to the
+    </dl><p>The <a href=#origin>origin</a> of the script is then an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
     <a href=#origin>origin</a> of the owner, and the <a href=#effective-script-origin>effective script
-    origin</a> of the script is equal to the <a href=#effective-script-origin>effective script
-    origin</a> of the owner.</p>
+    origin</a> of the script is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#effective-script-origin>effective
+    script origin</a> of the owner.</p>
 
    </dd>
 
   </dl><p>Other specifications can override the above definitions by
-  themselves specifying the origin of a particular URL, script,
-  <code><a href=#document>Document</a></code>, or image.</p>
+  themselves specifying the origin of a particular <a href=#url>URL</a>,
+  <code><a href=#document>Document</a></code>, image, <a href=#media-element>media element</a>, font, or
+  <a href=#concept-script title=concept-script>script</a>.</p>
 
   <!-- e.g.:
 
     <p>The <span>origin</span> of a <code>Document</code> object
-    returned by the <code>XMLHttpRequest</code> API is equal to the
+    returned by the <code>XMLHttpRequest</code> API is an <span
+    title="concept-origin-alias">alias</span> to the
     <span>XMLHttpRequest origin</span> of the
     <code>XMLHttpRequest</code> object.</p>
 
@@ -66459,6 +66554,10 @@
       throw a <code><a href=#securityerror>SecurityError</a></code> exception and abort these
       steps.</p>
 
+      <!-- this is the step that prevents us from ever setting
+      document.domain if the >effective script origin< isn't a
+      scheme/host/port tuple -->
+
      </li>
 
      <li>
@@ -66488,26 +66587,43 @@
 
    <li>
 
-    <p>Set the host part of the <a href=#effective-script-origin>effective script origin</a>
-    tuple of the <code><a href=#document>Document</a></code> to <var title="">new
-    value</var>.</p>
+    <p>If the <a href=#effective-script-origin>effective script origin</a> of the
+    <code><a href=#document>Document</a></code> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a>, set it to the value of
+    the <a href=#effective-script-origin>effective script origin</a> (essentially de-aliasing
+    the <a href=#effective-script-origin>effective script origin</a>).</p>
 
    </li>
 
    <li>
 
-    <p>Set the port part of the <a href=#effective-script-origin>effective script origin</a>
-    tuple of the <code><a href=#document>Document</a></code> to "manual override" (a value
-    that, for the purposes of <a href=#same-origin title="same origin">comparing
-    origins</a>, is identical to "manual override" but not
-    identical to any other value).</p>
+    <p>If <var title="">new value</var> is not the empty string, then
+    run these substeps:</p>
 
-   </li>
+    <ol><li>
 
+      <p>Set the host part of the <a href=#effective-script-origin>effective script origin</a>
+      tuple of the <code><a href=#document>Document</a></code> to <var title="">new
+      value</var>.</p>
+
+     </li>
+
+     <li>
+
+      <p>Set the port part of the <a href=#effective-script-origin>effective script origin</a>
+      tuple of the <code><a href=#document>Document</a></code> to "manual override" (a value
+      that, for the purposes of <a href=#same-origin title="same origin">comparing
+      origins</a>, is identical to "manual override" but not
+      identical to any other value).</p>
+
+     </li>
+
+    </ol></li>
+
   </ol><p>The <dfn id="the-document's-domain" title="the document's domain">domain</dfn> of a
   <code><a href=#document>Document</a></code> is the host part of the document's
-  <a href=#origin>origin</a>, if that is a scheme/host/port tuple. If it
-  isn't, then the document does not have a domain.</p>
+  <a href=#origin>origin</a>, if the value of that <a href=#origin>origin</a> is a
+  scheme/host/port tuple. If it isn't, then the document does not have
+  a domain.</p>
 
   </div>
 

Modified: index
===================================================================
--- index	2012-06-22 21:53:55 UTC (rev 7140)
+++ index	2012-06-22 22:37:01 UTC (rev 7141)
@@ -64563,16 +64563,23 @@
   specifically to be immediately navigated, then that initial
   navigation will have <a href=#replacement-enabled>replacement enabled</a>.</p>
 
-  <p id=about-blank-origin>The <a href=#origin>origin</a> of the
-  <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is set when the
-  <code><a href=#document>Document</a></code> is created. If the new <a href=#browsing-context>browsing
-  context</a> has a <a href=#creator-browsing-context>creator browsing context</a>, then the
-  <a href=#origin>origin</a> of the <code><a href=#about:blank>about:blank</a></code>
-  <code><a href=#document>Document</a></code> is the <a href=#origin>origin</a> of the
-  <a href=#creator-document>creator <code>Document</code></a>. Otherwise, the
-  <a href=#origin>origin</a> of the <code><a href=#about:blank>about:blank</a></code>
-  <code><a href=#document>Document</a></code> is a globally unique identifier assigned when
-  the new <a href=#browsing-context>browsing context</a> is created.</p>
+  <p id=about-blank-origin>The <a href=#origin>origin</a> and
+  <a href=#effective-script-origin>effective script origin</a> of the <code><a href=#about:blank>about:blank</a></code>
+  <code><a href=#document>Document</a></code> are set when the <code><a href=#document>Document</a></code> is
+  created. If the new <a href=#browsing-context>browsing context</a> has a
+  <a href=#creator-browsing-context>creator browsing context</a>, then the <a href=#origin>origin</a>
+  of the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#origin>origin</a>
+  of the <a href=#creator-document>creator <code>Document</code></a> and the
+  <a href=#effective-script-origin>effective script origin</a> of the <code><a href=#about:blank>about:blank</a></code>
+  <code><a href=#document>Document</a></code> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#effective-script-origin>effective
+  script origin</a> of the <a href=#creator-document>creator
+  <code>Document</code></a>. Otherwise, the <a href=#origin>origin</a> of
+  the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> is a globally
+  unique identifier assigned when the new <a href=#browsing-context>browsing
+  context</a> is created and the <a href=#effective-script-origin>effective script
+  origin</a> of the <code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code>
+  is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to
+  its <a href=#origin>origin</a>.</p>
 
   </div>
 
@@ -66052,9 +66059,16 @@
   secure certificate changes, the origin is considered to change as
   well.</p>
 
-
   <div class=impl>
 
+  <p>An <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script origin</a>
+  can be defined as an <dfn id=concept-origin-alias title=concept-origin-alias>alias</dfn>
+  to another <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script
+  origin</a>. The value of the <a href=#origin>origin</a> or
+  <a href=#effective-script-origin>effective script origin</a> is then the value of the
+  <a href=#origin>origin</a> or <a href=#effective-script-origin>effective script origin</a> to which
+  it is an alias.</p>
+
   <p>These characteristics are defined as follows:</p>
 
   <dl><dt>For URLs</dt>
@@ -66076,72 +66090,141 @@
      sandboxing flag set</a> has its <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin
      browsing context flag</a> set</dt>
 
-     <dd>The <a href=#origin>origin</a> is a globally unique identifier
-     assigned when the <code><a href=#document>Document</a></code> is created.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> is a globally unique identifier
+      assigned when the <code><a href=#document>Document</a></code> is created.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code>
      URL</a></dt>
 
-     <dd>The <a href=#origin>origin</a> is equal to the <a href=#origin>origin</a>
-     of the script of that <a href=#javascript-protocol title="javascript
-     protocol"><code>javascript:</code> URL</a>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the script of that <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code>
+      URL</a>.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> was served over the network and
      has an address that uses a URL scheme with a server-based naming
      authority</dt>
 
-     <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of
-     <a href="#the-document's-address">the <code>Document</code>'s address</a>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of <a href="#the-document's-address">the <code>Document</code>'s
+      address</a>.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> that
      was returned as the location of an HTTP redirect (<a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>or equivalent</a> in
      other protocols)</dt>
 
-     <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
-     <a href=#url>URL</a> that redirected to the <a href=#data-protocol title="data
-     protocol"><code title="">data:</code> URL</a>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <a href=#url>URL</a> that redirected to
+      the <a href=#data-protocol title="data protocol"><code title="">data:</code>
+      URL</a>.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a>
      found in another <code><a href=#document>Document</a></code> or in a script</dt>
 
-     <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
-     <code><a href=#document>Document</a></code> or script that initiated the <a href=#navigate title=navigate>navigation</a> to that <a href=#url>URL</a>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> or script that
+      initiated the <a href=#navigate title=navigate>navigation</a> to that
+      <a href=#url>URL</a>.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#effective-script-origin>effective script origin</a> of the
+      <code><a href=#document>Document</a></code> or script that initiated the <a href=#navigate title=navigate>navigation</a> to that <a href=#url>URL</a>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> has the <a href="#the-document's-address" title="the
      document's address">address</a>
      "<code><a href=#about:blank>about:blank</a></code>"</dt>
 
-     <dd>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is <a href=#about-blank-origin>the <span>origin</span> it was
-     assigned when its browsing context was created</a>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
+      origin</a> of the <code><a href=#document>Document</a></code> are <a href=#about-blank-origin>those it was assigned when its
+      browsing context was created</a>.</p>
 
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> is <a href=#an-iframe-srcdoc-document>an <code>iframe</code> <code title=attr-iframe-srcdoc>srcdoc</code> document</a></dt>
 
-     <dd>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is the
-     <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing
-     context</a>'s <a href=#browsing-context-container>browsing context container</a>'s
-     <code><a href=#document>Document</a></code>.</dd>
+     <dd>
 
+      <p>The <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> is an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>'s
+      <a href=#browsing-context>browsing context</a>'s <a href=#browsing-context-container>browsing context
+      container</a>'s <code><a href=#document>Document</a></code>.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#effective-script-origin>effective script origin</a> of the
+      <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s
+      <a href=#browsing-context-container>browsing context container</a>'s
+      <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> was obtained in some other manner
      (e.g. a <a href=#data-protocol title="data protocol"><code title="">data:</code>
      URL</a> typed in by the user, a <code><a href=#document>Document</a></code> created
      using the <code title=dom-DOMImplementation-createDocument><a href=#dom-domimplementation-createdocument>createDocument()</a></code>
      API, etc)</dt>
 
-     <dd>The <a href=#origin>origin</a> is a globally unique identifier
-     assigned when the <code><a href=#document>Document</a></code> is created.</dd>
+     <dd>
 
-    </dl><p>When a <code><a href=#document>Document</a></code> is created, its <a href=#effective-script-origin>effective
-    script origin</a> is initialized to the <a href=#origin>origin</a> of
-    the <code><a href=#document>Document</a></code>. However, the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code> attribute can
-    be used to change it.</p>
+      <p>The <a href=#origin>origin</a> is a globally unique identifier
+      assigned when the <code><a href=#document>Document</a></code> is created.</p>
 
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an
+      <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+    </dl><p class=note>The <a href=#effective-script-origin>effective script origin</a> of a
+    <code><a href=#document>Document</a></code> can be manipulated using the <code title=dom-document-domain><a href=#dom-document-domain>document.domain</a></code> IDL
+    attribute.</p>
+
    </dd>
 
 
@@ -66159,16 +66242,19 @@
      <dt>If an image is the image of an <code><a href=#the-img-element>img</a></code> element and
      its image data is <a href=#cors-same-origin>CORS-same-origin</a></dt>
 
-     <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
-     <code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>.</dd>
+     <dd>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+     <a href=#origin>origin</a> of the <code><a href=#the-img-element>img</a></code> element's
+     <code><a href=#document>Document</a></code>.</dd>
 
      <!-- all image loads go through the "potentially CORS-enabled
      fetch" algorithm so they're all either CORS-cross-origin or
      CORS-same-origin if they succeed at all -->
 
-    </dl></dd>
+    </dl><p>Images do not have an <a href=#effective-script-origin>effective script origin</a>.</p>
 
+   </dd>
 
+
    <dt>For <code><a href=#the-audio-element>audio</a></code> and <code><a href=#the-video-element>video</a></code> elements</dt>
 
    <dd>
@@ -66183,27 +66269,34 @@
      <dt>If the <a href=#media-data>media data</a> is
      <a href=#cors-same-origin>CORS-same-origin</a></dt>
 
-     <dd>The <a href=#origin>origin</a> is the <a href=#origin>origin</a> of the
-     <a href=#media-element>media element</a>'s <code><a href=#document>Document</a></code>.</dd>
+     <dd>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+     <a href=#origin>origin</a> of the <a href=#media-element>media element</a>'s
+     <code><a href=#document>Document</a></code>.</dd>
 
-    </dl></dd>
+    </dl><p><a href=#media-element title="media element">Media elements</a> do not have
+    an <a href=#effective-script-origin>effective script origin</a>.</p>
 
+   </dd>
 
+
    <dt>For fonts</dt>
 
    <dd>
 
-    <p>The <a href=#origin>origin</a> of a downloadable Web font is equal to
-    the <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> used to
+    <p>The <a href=#origin>origin</a> of a downloadable Web font is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+    <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> used to
     obtain the font (after any redirects). <a href=#refsCSSFONTS>[CSSFONTS]</a></p> <!-- this means you can
     get data from a remote site if you can make it redirect to your
     own site in some fashion controlled by the data you want to read
     -->
 
     <p>The <a href=#origin>origin</a> of a locally installed system font is
-    equal to the <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> in
-    which that font is being used.</p>
+    an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+    <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> in which that
+    font is being used.</p>
 
+    <p>Fonts do not have an <a href=#effective-script-origin>effective script origin</a>.</p>
+
    </dd>
 
 
@@ -66277,21 +66370,23 @@
 
      <dd>The owner is the script that provided the URL.</dd>
 
-    </dl><p>The <a href=#origin>origin</a> of the script is then equal to the
+    </dl><p>The <a href=#origin>origin</a> of the script is then an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
     <a href=#origin>origin</a> of the owner, and the <a href=#effective-script-origin>effective script
-    origin</a> of the script is equal to the <a href=#effective-script-origin>effective script
-    origin</a> of the owner.</p>
+    origin</a> of the script is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#effective-script-origin>effective
+    script origin</a> of the owner.</p>
 
    </dd>
 
   </dl><p>Other specifications can override the above definitions by
-  themselves specifying the origin of a particular URL, script,
-  <code><a href=#document>Document</a></code>, or image.</p>
+  themselves specifying the origin of a particular <a href=#url>URL</a>,
+  <code><a href=#document>Document</a></code>, image, <a href=#media-element>media element</a>, font, or
+  <a href=#concept-script title=concept-script>script</a>.</p>
 
   <!-- e.g.:
 
     <p>The <span>origin</span> of a <code>Document</code> object
-    returned by the <code>XMLHttpRequest</code> API is equal to the
+    returned by the <code>XMLHttpRequest</code> API is an <span
+    title="concept-origin-alias">alias</span> to the
     <span>XMLHttpRequest origin</span> of the
     <code>XMLHttpRequest</code> object.</p>
 
@@ -66459,6 +66554,10 @@
       throw a <code><a href=#securityerror>SecurityError</a></code> exception and abort these
       steps.</p>
 
+      <!-- this is the step that prevents us from ever setting
+      document.domain if the >effective script origin< isn't a
+      scheme/host/port tuple -->
+
      </li>
 
      <li>
@@ -66488,26 +66587,43 @@
 
    <li>
 
-    <p>Set the host part of the <a href=#effective-script-origin>effective script origin</a>
-    tuple of the <code><a href=#document>Document</a></code> to <var title="">new
-    value</var>.</p>
+    <p>If the <a href=#effective-script-origin>effective script origin</a> of the
+    <code><a href=#document>Document</a></code> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a>, set it to the value of
+    the <a href=#effective-script-origin>effective script origin</a> (essentially de-aliasing
+    the <a href=#effective-script-origin>effective script origin</a>).</p>
 
    </li>
 
    <li>
 
-    <p>Set the port part of the <a href=#effective-script-origin>effective script origin</a>
-    tuple of the <code><a href=#document>Document</a></code> to "manual override" (a value
-    that, for the purposes of <a href=#same-origin title="same origin">comparing
-    origins</a>, is identical to "manual override" but not
-    identical to any other value).</p>
+    <p>If <var title="">new value</var> is not the empty string, then
+    run these substeps:</p>
 
-   </li>
+    <ol><li>
 
+      <p>Set the host part of the <a href=#effective-script-origin>effective script origin</a>
+      tuple of the <code><a href=#document>Document</a></code> to <var title="">new
+      value</var>.</p>
+
+     </li>
+
+     <li>
+
+      <p>Set the port part of the <a href=#effective-script-origin>effective script origin</a>
+      tuple of the <code><a href=#document>Document</a></code> to "manual override" (a value
+      that, for the purposes of <a href=#same-origin title="same origin">comparing
+      origins</a>, is identical to "manual override" but not
+      identical to any other value).</p>
+
+     </li>
+
+    </ol></li>
+
   </ol><p>The <dfn id="the-document's-domain" title="the document's domain">domain</dfn> of a
   <code><a href=#document>Document</a></code> is the host part of the document's
-  <a href=#origin>origin</a>, if that is a scheme/host/port tuple. If it
-  isn't, then the document does not have a domain.</p>
+  <a href=#origin>origin</a>, if the value of that <a href=#origin>origin</a> is a
+  scheme/host/port tuple. If it isn't, then the document does not have
+  a domain.</p>
 
   </div>
 

Modified: source
===================================================================
--- source	2012-06-22 21:53:55 UTC (rev 7140)
+++ source	2012-06-22 22:37:01 UTC (rev 7141)
@@ -75737,16 +75737,25 @@
   specifically to be immediately navigated, then that initial
   navigation will have <span>replacement enabled</span>.</p>
 
-  <p id="about-blank-origin">The <span>origin</span> of the
-  <code>about:blank</code> <code>Document</code> is set when the
-  <code>Document</code> is created. If the new <span>browsing
-  context</span> has a <span>creator browsing context</span>, then the
-  <span>origin</span> of the <code>about:blank</code>
-  <code>Document</code> is the <span>origin</span> of the
-  <span>creator <code>Document</code></span>. Otherwise, the
-  <span>origin</span> of the <code>about:blank</code>
-  <code>Document</code> is a globally unique identifier assigned when
-  the new <span>browsing context</span> is created.</p>
+  <p id="about-blank-origin">The <span>origin</span> and
+  <span>effective script origin</span> of the <code>about:blank</code>
+  <code>Document</code> are set when the <code>Document</code> is
+  created. If the new <span>browsing context</span> has a
+  <span>creator browsing context</span>, then the <span>origin</span>
+  of the <code>about:blank</code> <code>Document</code> is an <span
+  title="concept-origin-alias">alias</span> to the <span>origin</span>
+  of the <span>creator <code>Document</code></span> and the
+  <span>effective script origin</span> of the <code>about:blank</code>
+  <code>Document</code> is initially an <span
+  title="concept-origin-alias">alias</span> to the <span>effective
+  script origin</span> of the <span>creator
+  <code>Document</code></span>. Otherwise, the <span>origin</span> of
+  the <code>about:blank</code> <code>Document</code> is a globally
+  unique identifier assigned when the new <span>browsing
+  context</span> is created and the <span>effective script
+  origin</span> of the <code>about:blank</code> <code>Document</code>
+  is initially an <span title="concept-origin-alias">alias</span> to
+  its <span>origin</span>.</p>
 
   </div>
 
@@ -77430,9 +77439,16 @@
   secure certificate changes, the origin is considered to change as
   well.</p>
 
-
   <div class="impl">
 
+  <p>An <span>origin</span> or <span>effective script origin</span>
+  can be defined as an <dfn title="concept-origin-alias">alias</dfn>
+  to another <span>origin</span> or <span>effective script
+  origin</span>. The value of the <span>origin</span> or
+  <span>effective script origin</span> is then the value of the
+  <span>origin</span> or <span>effective script origin</span> to which
+  it is an alias.</p>
+
   <p>These characteristics are defined as follows:</p>
 
   <dl>
@@ -77459,65 +77475,132 @@
      sandboxing flag set</span> has its <span>sandboxed origin
      browsing context flag</span> set</dt>
 
-     <dd>The <span>origin</span> is a globally unique identifier
-     assigned when the <code>Document</code> is created.</dd>
+     <dd>
 
+      <p>The <span>origin</span> is a globally unique identifier
+      assigned when the <code>Document</code> is created.</p>
 
+      <p>The <span>effective script origin</span> is initially an
+      <span title="concept-origin-alias">alias</span> to the
+      <span>origin</span> of the <code>Document</code>.</p>
+
+     </dd>
+
+
      <dt>If a <code>Document</code> was generated from a <span
      title="javascript protocol"><code>javascript:</code>
      URL</span></dt>
 
-     <dd>The <span>origin</span> is equal to the <span>origin</span>
-     of the script of that <span title="javascript
-     protocol"><code>javascript:</code> URL</span>.</dd>
+     <dd>
 
+      <p>The <span>origin</span> is an <span
+      title="concept-origin-alias">alias</span> to the
+      <span>origin</span> of the script of that <span
+      title="javascript protocol"><code>javascript:</code>
+      URL</span>.</p>
 
+      <p>The <span>effective script origin</span> is initially an
+      <span title="concept-origin-alias">alias</span> to the
+      <span>origin</span> of the <code>Document</code>.</p>
+
+     </dd>
+
+
      <dt>If a <code>Document</code> was served over the network and
      has an address that uses a URL scheme with a server-based naming
      authority</dt>
 
-     <dd>The <span>origin</span> is the <span>origin</span> of
-     <span>the <code>Document</code>'s address</span>.</dd>
+     <dd>
 
+      <p>The <span>origin</span> is an <span
+      title="concept-origin-alias">alias</span> to the
+      <span>origin</span> of <span>the <code>Document</code>'s
+      address</span>.</p>
 
+      <p>The <span>effective script origin</span> is initially an
+      <span title="concept-origin-alias">alias</span> to the
+      <span>origin</span> of the <code>Document</code>.</p>
+
+     </dd>
+
+
      <dt>If a <code>Document</code> was generated from a <span
      title="data protocol"><code title="">data:</code> URL</span> that
      was returned as the location of an HTTP redirect (<span
      title="concept-http-equivalent-codes">or equivalent</span> in
      other protocols)</dt>
 
-     <dd>The <span>origin</span> is the <span>origin</span> of the
-     <span>URL</span> that redirected to the <span title="data
-     protocol"><code title="">data:</code> URL</span>.</dd>
+     <dd>
 
+      <p>The <span>origin</span> is an <span
+      title="concept-origin-alias">alias</span> to the
+      <span>origin</span> of the <span>URL</span> that redirected to
+      the <span title="data protocol"><code title="">data:</code>
+      URL</span>.</p>
 
+      <p>The <span>effective script origin</span> is initially an
+      <span title="concept-origin-alias">alias</span> to the
+      <span>origin</span> of the <code>Document</code>.</p>
+
+     </dd>
+
+
      <dt>If a <code>Document</code> was generated from a <span
      title="data protocol"><code title="">data:</code> URL</span>
      found in another <code>Document</code> or in a script</dt>
 
-     <dd>The <span>origin</span> is the <span>origin</span> of the
-     <code>Document</code> or script that initiated the <span
-     title="navigate">navigation</span> to that <span>URL</span>.</dd>
+     <dd>
 
+      <p>The <span>origin</span> is an <span
+      title="concept-origin-alias">alias</span> to the
+      <span>origin</span> of the <code>Document</code> or script that
+      initiated the <span title="navigate">navigation</span> to that
+      <span>URL</span>.</p>
 
+      <p>The <span>effective script origin</span> is initially an
+      <span title="concept-origin-alias">alias</span> to the
+      <span>effective script origin</span> of the
+      <code>Document</code> or script that initiated the <span
+      title="navigate">navigation</span> to that <span>URL</span>.</p>
+
+     </dd>
+
+
      <dt>If a <code>Document</code> has the <span title="the
      document's address">address</span>
      "<code>about:blank</code>"</dt>
 
-     <dd>The <span>origin</span> of the <code>Document</code> is <a
-     href="#about-blank-origin">the <span>origin</span> it was
-     assigned when its browsing context was created</a>.</dd>
+     <dd>
 
+      <p>The <span>origin</span> and <span>effective script
+      origin</span> of the <code>Document</code> are <a
+      href="#about-blank-origin">those it was assigned when its
+      browsing context was created</a>.</p>
 
+     </dd>
+
+
      <dt>If a <code>Document</code> is <span>an <code>iframe</code> <code
      title="attr-iframe-srcdoc">srcdoc</code> document</span></dt>
 
-     <dd>The <span>origin</span> of the <code>Document</code> is the
-     <span>origin</span> of the <code>Document</code>'s <span>browsing
-     context</span>'s <span>browsing context container</span>'s
-     <code>Document</code>.</dd>
+     <dd>
 
+      <p>The <span>origin</span> of the <code>Document</code> is an
+      <span title="concept-origin-alias">alias</span> to the
+      <span>origin</span> of the <code>Document</code>'s
+      <span>browsing context</span>'s <span>browsing context
+      container</span>'s <code>Document</code>.</p>
 
+      <p>The <span>effective script origin</span> is initially an
+      <span title="concept-origin-alias">alias</span> to the
+      <span>effective script origin</span> of the
+      <code>Document</code>'s <span>browsing context</span>'s
+      <span>browsing context container</span>'s
+      <code>Document</code>.</p>
+
+     </dd>
+
+
      <dt>If a <code>Document</code> was obtained in some other manner
      (e.g. a <span title="data protocol"><code title="">data:</code>
      URL</span> typed in by the user, a <code>Document</code> created
@@ -77525,16 +77608,23 @@
      title="dom-DOMImplementation-createDocument">createDocument()</code>
      API, etc)</dt>
 
-     <dd>The <span>origin</span> is a globally unique identifier
-     assigned when the <code>Document</code> is created.</dd>
+     <dd>
 
+      <p>The <span>origin</span> is a globally unique identifier
+      assigned when the <code>Document</code> is created.</p>
+
+      <p>The <span>effective script origin</span> is initially an
+      <span title="concept-origin-alias">alias</span> to the
+      <span>origin</span> of the <code>Document</code>.</p>
+
+     </dd>
+
     </dl>
 
-    <p>When a <code>Document</code> is created, its <span>effective
-    script origin</span> is initialized to the <span>origin</span> of
-    the <code>Document</code>. However, the <code
-    title="dom-document-domain">document.domain</code> attribute can
-    be used to change it.</p>
+    <p class="note">The <span>effective script origin</span> of a
+    <code>Document</code> can be manipulated using the <code
+    title="dom-document-domain">document.domain</code> IDL
+    attribute.</p>
 
    </dd>
 
@@ -77555,8 +77645,10 @@
      <dt>If an image is the image of an <code>img</code> element and
      its image data is <span>CORS-same-origin</span></dt>
 
-     <dd>The <span>origin</span> is the <span>origin</span> of the
-     <code>img</code> element's <code>Document</code>.</dd>
+     <dd>The <span>origin</span> is an <span
+     title="concept-origin-alias">alias</span> to the
+     <span>origin</span> of the <code>img</code> element's
+     <code>Document</code>.</dd>
 
      <!-- all image loads go through the "potentially CORS-enabled
      fetch" algorithm so they're all either CORS-cross-origin or
@@ -77564,6 +77656,8 @@
 
     </dl>
 
+    <p>Images do not have an <span>effective script origin</span>.</p>
+
    </dd>
 
 
@@ -77583,11 +77677,16 @@
      <dt>If the <span>media data</span> is
      <span>CORS-same-origin</span></dt>
 
-     <dd>The <span>origin</span> is the <span>origin</span> of the
-     <span>media element</span>'s <code>Document</code>.</dd>
+     <dd>The <span>origin</span> is an <span
+     title="concept-origin-alias">alias</span> to the
+     <span>origin</span> of the <span>media element</span>'s
+     <code>Document</code>.</dd>
 
     </dl>
 
+    <p><span title="media element">Media elements</span> do not have
+    an <span>effective script origin</span>.</p>
+
    </dd>
 
 
@@ -77595,8 +77694,9 @@
 
    <dd>
 
-    <p>The <span>origin</span> of a downloadable Web font is equal to
-    the <span>origin</span> of the <span>absolute URL</span> used to
+    <p>The <span>origin</span> of a downloadable Web font is an <span
+    title="concept-origin-alias">alias</span> to the
+    <span>origin</span> of the <span>absolute URL</span> used to
     obtain the font (after any redirects). <a
     href="#refsCSSFONTS">[CSSFONTS]</a></p> <!-- this means you can
     get data from a remote site if you can make it redirect to your
@@ -77604,9 +77704,12 @@
     -->
 
     <p>The <span>origin</span> of a locally installed system font is
-    equal to the <span>origin</span> of the <code>Document</code> in
-    which that font is being used.</p>
+    an <span title="concept-origin-alias">alias</span> to the
+    <span>origin</span> of the <code>Document</code> in which that
+    font is being used.</p>
 
+    <p>Fonts do not have an <span>effective script origin</span>.</p>
+
    </dd>
 
 
@@ -77692,23 +77795,27 @@
 
     </dl>
 
-    <p>The <span>origin</span> of the script is then equal to the
+    <p>The <span>origin</span> of the script is then an <span
+    title="concept-origin-alias">alias</span> to the
     <span>origin</span> of the owner, and the <span>effective script
-    origin</span> of the script is equal to the <span>effective script
-    origin</span> of the owner.</p>
+    origin</span> of the script is an <span
+    title="concept-origin-alias">alias</span> to the <span>effective
+    script origin</span> of the owner.</p>
 
    </dd>
 
   </dl>
 
   <p>Other specifications can override the above definitions by
-  themselves specifying the origin of a particular URL, script,
-  <code>Document</code>, or image.</p>
+  themselves specifying the origin of a particular <span>URL</span>,
+  <code>Document</code>, image, <span>media element</span>, font, or
+  <span title="concept-script">script</span>.</p>
 
   <!-- e.g.:
 
     <p>The <span>origin</span> of a <code>Document</code> object
-    returned by the <code>XMLHttpRequest</code> API is equal to the
+    returned by the <code>XMLHttpRequest</code> API is an <span
+    title="concept-origin-alias">alias</span> to the
     <span>XMLHttpRequest origin</span> of the
     <code>XMLHttpRequest</code> object.</p>
 
@@ -77910,6 +78017,10 @@
       throw a <code>SecurityError</code> exception and abort these
       steps.</p>
 
+      <!-- this is the step that prevents us from ever setting
+      document.domain if the >effective script origin< isn't a
+      scheme/host/port tuple -->
+
      </li>
 
      <li>
@@ -77943,28 +78054,50 @@
 
    <li>
 
-    <p>Set the host part of the <span>effective script origin</span>
-    tuple of the <code>Document</code> to <var title="">new
-    value</var>.</p>
+    <p>If the <span>effective script origin</span> of the
+    <code>Document</code> is an <span
+    title="concept-origin-alias">alias</span>, set it to the value of
+    the <span>effective script origin</span> (essentially de-aliasing
+    the <span>effective script origin</span>).</p>
 
    </li>
 
    <li>
 
-    <p>Set the port part of the <span>effective script origin</span>
-    tuple of the <code>Document</code> to "manual override" (a value
-    that, for the purposes of <span title="same origin">comparing
-    origins</span>, is identical to "manual override" but not
-    identical to any other value).</p>
+    <p>If <var title="">new value</var> is not the empty string, then
+    run these substeps:</p>
 
+    <ol>
+
+     <li>
+
+      <p>Set the host part of the <span>effective script origin</span>
+      tuple of the <code>Document</code> to <var title="">new
+      value</var>.</p>
+
+     </li>
+
+     <li>
+
+      <p>Set the port part of the <span>effective script origin</span>
+      tuple of the <code>Document</code> to "manual override" (a value
+      that, for the purposes of <span title="same origin">comparing
+      origins</span>, is identical to "manual override" but not
+      identical to any other value).</p>
+
+     </li>
+
+    </ol>
+
    </li>
 
   </ol>
 
   <p>The <dfn title="the document's domain">domain</dfn> of a
   <code>Document</code> is the host part of the document's
-  <span>origin</span>, if that is a scheme/host/port tuple. If it
-  isn't, then the document does not have a domain.</p>
+  <span>origin</span>, if the value of that <span>origin</span> is a
+  scheme/host/port tuple. If it isn't, then the document does not have
+  a domain.</p>
 
   </div>
 




More information about the Commit-Watchers mailing list