[html5] r7180 - [giow] (0) Make data: URLs officially work in Workers. Affected topics: Security [...]
whatwg at whatwg.org
whatwg at whatwg.org
Tue Jul 17 14:53:23 PDT 2012
Author: ianh
Date: 2012-07-17 14:53:22 -0700 (Tue, 17 Jul 2012)
New Revision: 7180
Modified:
complete.html
index
source
Log:
[giow] (0) Make data: URLs officially work in Workers.
Affected topics: Security, Web Workers
Modified: complete.html
===================================================================
--- complete.html 2012-07-17 20:48:37 UTC (rev 7179)
+++ complete.html 2012-07-17 21:53:22 UTC (rev 7180)
@@ -66674,13 +66674,31 @@
<dd>
- <p>The <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
- origin</a> of the <a href=#url>URL</a> are the origin defined in
- <cite>The Web Origin Concept</cite>. <a href=#refsORIGIN>[ORIGIN]</a></p>
+ <dl class=switch><dt>If the URL is a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> used in a <code title=dom-Worker><a href=#dom-worker>Worker()</a></code> or <code title=dom-SharedWorker><a href=#dom-sharedworker>SharedWorker()</a></code> constructor</dt>
- </dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
+ origin</a> of the <a href=#url>URL</a> are the
+ <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script origin</a> of
+ the <a href=#entry-script>entry script</a> at the time that the constructor
+ is invoked. (They are not <a href=#concept-origin-alias title=concept-origin-alias>aliases</a>.)</p>
+ </dd>
+
+ <dt>Otherwise</dt>
+
+ <dd>
+
+ <p>The <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
+ origin</a> of the <a href=#url>URL</a> are the origin defined in
+ <cite>The Web Origin Concept</cite>. <a href=#refsORIGIN>[ORIGIN]</a></p>
+
+ </dd>
+
+ </dl></dd>
+
+
<dt>For <code><a href=#document>Document</a></code> objects</dt>
<dd>
@@ -80605,13 +80623,21 @@
<h4 id=origins-of-workers><span class=secno>9.2.2 </span>Origins of workers</h4>
<p>Both the <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
- origin</a> of scripts running in workers are the
- <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> given in that
- the worker's <code title=dom-WorkerGlobalScope-location><a href=#dom-workerglobalscope-location>location</a></code> attribute
- represents.</p>
+ origin</a> of scripts running in a worker are the
+ <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> that was
+ obtained after <a href=#resolve-a-url title="resolve a URL">resolving</a> the
+ argument to the <code title=dom-Worker><a href=#dom-worker>Worker()</a></code> or <code title=dom-SharedWorker><a href=#dom-sharedworker>SharedWorker()</a></code> constructor that
+ initially created the worker, in the algorithm for that
+ constructor.</p>
+ <p class=note>For <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a>, this is the <a href=#origin>origin</a>
+ of the <a href=#entry-script>entry script</a> that called the constructor. For
+ other <a href=#url title=URL>URLs</a>, this is the
+ <a href=#origin>origin</a> of the value of the <a href=#absolute-url>absolute URL</a>
+ given in the worker's <code title=dom-WorkerGlobalScope-location><a href=#dom-workerglobalscope-location></a></code> attribute.</p>
+
<h4 id=the-event-loop><span class=secno>9.2.3 </span>The event loop</h4>
<p>Each <code><a href=#workerglobalscope>WorkerGlobalScope</a></code> object has an <a href=#event-loop>event
@@ -81147,8 +81173,10 @@
origin of the <a href=#entry-script>entry script</a>, then throw a
<code><a href=#securityerror>SecurityError</a></code> exception.</p>
- <p class=note>Thus, scripts must be external files with the same
- scheme as the original page: you can't load a script from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> or
+ <p class=note>Thus, scripts must either be external files with
+ the same scheme, host, and port as the original page, or <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a> (the
+ latter are special-cases in the definition of
+ <a href=#origin>origin</a>). For example, you can't load a script from a
<a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a>, and an <code>https:</code>
page couldn't start workers using scripts with <code>http:</code>
URLs.</p>
@@ -81272,8 +81300,10 @@
<a href=#entry-script>entry script</a>, then throw a <code><a href=#securityerror>SecurityError</a></code>
exception.</p>
- <p class=note>Thus, scripts must be external files with the same
- scheme as the original page: you can't load a script from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> or
+ <p class=note>Thus, scripts must either be external files with
+ the same scheme, host, and port as the original page, or <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a> (the
+ latter are special-cases in the definition of
+ <a href=#origin>origin</a>). For example, you can't load a script from a
<a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a>, and an <code>https:</code>
page couldn't start workers using scripts with <code>http:</code>
URLs.</p>
Modified: index
===================================================================
--- index 2012-07-17 20:48:37 UTC (rev 7179)
+++ index 2012-07-17 21:53:22 UTC (rev 7180)
@@ -66674,13 +66674,31 @@
<dd>
- <p>The <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
- origin</a> of the <a href=#url>URL</a> are the origin defined in
- <cite>The Web Origin Concept</cite>. <a href=#refsORIGIN>[ORIGIN]</a></p>
+ <dl class=switch><dt>If the URL is a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> used in a <code title=dom-Worker><a href=#dom-worker>Worker()</a></code> or <code title=dom-SharedWorker><a href=#dom-sharedworker>SharedWorker()</a></code> constructor</dt>
- </dd>
+ <dd>
+ <p>The <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
+ origin</a> of the <a href=#url>URL</a> are the
+ <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script origin</a> of
+ the <a href=#entry-script>entry script</a> at the time that the constructor
+ is invoked. (They are not <a href=#concept-origin-alias title=concept-origin-alias>aliases</a>.)</p>
+ </dd>
+
+ <dt>Otherwise</dt>
+
+ <dd>
+
+ <p>The <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
+ origin</a> of the <a href=#url>URL</a> are the origin defined in
+ <cite>The Web Origin Concept</cite>. <a href=#refsORIGIN>[ORIGIN]</a></p>
+
+ </dd>
+
+ </dl></dd>
+
+
<dt>For <code><a href=#document>Document</a></code> objects</dt>
<dd>
@@ -80605,13 +80623,21 @@
<h4 id=origins-of-workers><span class=secno>9.2.2 </span>Origins of workers</h4>
<p>Both the <a href=#origin>origin</a> and <a href=#effective-script-origin>effective script
- origin</a> of scripts running in workers are the
- <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> given in that
- the worker's <code title=dom-WorkerGlobalScope-location><a href=#dom-workerglobalscope-location>location</a></code> attribute
- represents.</p>
+ origin</a> of scripts running in a worker are the
+ <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> that was
+ obtained after <a href=#resolve-a-url title="resolve a URL">resolving</a> the
+ argument to the <code title=dom-Worker><a href=#dom-worker>Worker()</a></code> or <code title=dom-SharedWorker><a href=#dom-sharedworker>SharedWorker()</a></code> constructor that
+ initially created the worker, in the algorithm for that
+ constructor.</p>
+ <p class=note>For <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a>, this is the <a href=#origin>origin</a>
+ of the <a href=#entry-script>entry script</a> that called the constructor. For
+ other <a href=#url title=URL>URLs</a>, this is the
+ <a href=#origin>origin</a> of the value of the <a href=#absolute-url>absolute URL</a>
+ given in the worker's <code title=dom-WorkerGlobalScope-location><a href=#dom-workerglobalscope-location></a></code> attribute.</p>
+
<h4 id=the-event-loop><span class=secno>9.2.3 </span>The event loop</h4>
<p>Each <code><a href=#workerglobalscope>WorkerGlobalScope</a></code> object has an <a href=#event-loop>event
@@ -81147,8 +81173,10 @@
origin of the <a href=#entry-script>entry script</a>, then throw a
<code><a href=#securityerror>SecurityError</a></code> exception.</p>
- <p class=note>Thus, scripts must be external files with the same
- scheme as the original page: you can't load a script from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> or
+ <p class=note>Thus, scripts must either be external files with
+ the same scheme, host, and port as the original page, or <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a> (the
+ latter are special-cases in the definition of
+ <a href=#origin>origin</a>). For example, you can't load a script from a
<a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a>, and an <code>https:</code>
page couldn't start workers using scripts with <code>http:</code>
URLs.</p>
@@ -81272,8 +81300,10 @@
<a href=#entry-script>entry script</a>, then throw a <code><a href=#securityerror>SecurityError</a></code>
exception.</p>
- <p class=note>Thus, scripts must be external files with the same
- scheme as the original page: you can't load a script from a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a> or
+ <p class=note>Thus, scripts must either be external files with
+ the same scheme, host, and port as the original page, or <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a> (the
+ latter are special-cases in the definition of
+ <a href=#origin>origin</a>). For example, you can't load a script from a
<a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a>, and an <code>https:</code>
page couldn't start workers using scripts with <code>http:</code>
URLs.</p>
Modified: source
===================================================================
--- source 2012-07-17 20:48:37 UTC (rev 7179)
+++ source 2012-07-17 21:53:22 UTC (rev 7180)
@@ -78140,11 +78140,37 @@
<dd>
- <p>The <span>origin</span> and <span>effective script
- origin</span> of the <span>URL</span> are the origin defined in
- <cite>The Web Origin Concept</cite>. <a
- href="#refsORIGIN">[ORIGIN]</a></p>
+ <dl class="switch">
+ <dt>If the URL is a <span title="data protocol"><code
+ title="">data:</code> URL</span> used in a <code
+ title="dom-Worker">Worker()</code> or <code
+ title="dom-SharedWorker">SharedWorker()</code> constructor</dt>
+
+ <dd>
+
+ <p>The <span>origin</span> and <span>effective script
+ origin</span> of the <span>URL</span> are the
+ <span>origin</span> and <span>effective script origin</span> of
+ the <span>entry script</span> at the time that the constructor
+ is invoked. (They are not <span
+ title="concept-origin-alias">aliases</span>.)</p>
+
+ </dd>
+
+ <dt>Otherwise</dt>
+
+ <dd>
+
+ <p>The <span>origin</span> and <span>effective script
+ origin</span> of the <span>URL</span> are the origin defined in
+ <cite>The Web Origin Concept</cite>. <a
+ href="#refsORIGIN">[ORIGIN]</a></p>
+
+ </dd>
+
+ </dl>
+
</dd>
@@ -93658,14 +93684,24 @@
<h4>Origins of workers</h4>
<p>Both the <span>origin</span> and <span>effective script
- origin</span> of scripts running in workers are the
- <span>origin</span> of the <span>absolute URL</span> given in that
- the worker's <code
- title="dom-WorkerGlobalScope-location">location</code> attribute
- represents.</p>
+ origin</span> of scripts running in a worker are the
+ <span>origin</span> of the <span>absolute URL</span> that was
+ obtained after <span title="resolve a URL">resolving</span> the
+ argument to the <code title="dom-Worker">Worker()</code> or <code
+ title="dom-SharedWorker">SharedWorker()</code> constructor that
+ initially created the worker, in the algorithm for that
+ constructor.</p>
+ <p class="note">For <span title="data protocol"><code
+ title="">data:</code> URLs</span>, this is the <span>origin</span>
+ of the <span>entry script</span> that called the constructor. For
+ other <span title="URL">URLs</span>, this is the
+ <span>origin</span> of the value of the <span>absolute URL</span>
+ given in the worker's <code
+ title="dom-WorkerGlobalScope-location"></code> attribute.</p>
+
<h4>The event loop</h4>
<p>Each <code>WorkerGlobalScope</code> object has an <span>event
@@ -94298,9 +94334,11 @@
origin of the <span>entry script</span>, then throw a
<code>SecurityError</code> exception.</p>
- <p class="note">Thus, scripts must be external files with the same
- scheme as the original page: you can't load a script from a <span
- title="data protocol"><code title="">data:</code> URL</span> or
+ <p class="note">Thus, scripts must either be external files with
+ the same scheme, host, and port as the original page, or <span
+ title="data protocol"><code title="">data:</code> URLs</span> (the
+ latter are special-cases in the definition of
+ <span>origin</span>). For example, you can't load a script from a
<span title="javascript protocol"><code
title="">javascript:</code> URL</span>, and an <code>https:</code>
page couldn't start workers using scripts with <code>http:</code>
@@ -94439,9 +94477,11 @@
<span>entry script</span>, then throw a <code>SecurityError</code>
exception.</p>
- <p class="note">Thus, scripts must be external files with the same
- scheme as the original page: you can't load a script from a <span
- title="data protocol"><code title="">data:</code> URL</span> or
+ <p class="note">Thus, scripts must either be external files with
+ the same scheme, host, and port as the original page, or <span
+ title="data protocol"><code title="">data:</code> URLs</span> (the
+ latter are special-cases in the definition of
+ <span>origin</span>). For example, you can't load a script from a
<span title="javascript protocol"><code
title="">javascript:</code> URL</span>, and an <code>https:</code>
page couldn't start workers using scripts with <code>http:</code>
More information about the Commit-Watchers
mailing list