[html5] r8370 - [giow] (2) Make the case of an API call trying to navigate a browsing context th [...]
whatwg at whatwg.org
whatwg at whatwg.org
Fri Jan 3 13:33:46 PST 2014
Author: ianh
Date: 2014-01-03 13:33:45 -0800 (Fri, 03 Jan 2014)
New Revision: 8370
Modified:
complete.html
index
source
Log:
[giow] (2) Make the case of an API call trying to navigate a browsing context that it can't navigate due to sandboxing throw a security exception rather than silently fail.
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=24110
Affected topics: DOM APIs, HTML
Modified: complete.html
===================================================================
--- complete.html 2014-01-03 20:03:15 UTC (rev 8369)
+++ complete.html 2014-01-03 21:33:45 UTC (rev 8370)
@@ -8424,7 +8424,8 @@
<!--CLEANUP-->
<li><p><a href=#navigate>Navigate</a><!--DONAV reload after d.open()--> the <a href=#browsing-context>browsing context</a>
- to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>.
+ to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>
+ and <a href=#exceptions-enabled>exceptions enabled</a>.
The <a href=#source-browsing-context>source browsing context</a> is that given to the <a href=#an-overridden-reload title="an overridden
reload">overridden reload</a> algorithm.
When the <a href=#navigate>navigate</a> algorithm creates a <code><a href=#document>Document</a></code> object for this purpose,
@@ -64863,13 +64864,13 @@
<!--CLEANUP-->
<p>Otherwise, if <var title="">url</var> is not "<code><a href=#about:blank>about:blank</a></code>", the user agent must
<a href=#navigate>navigate</a><!--DONAV window.open()--> the selected <a href=#browsing-context>browsing context</a> to the
- <a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
+ <a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
context</a> was just created as part of <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a browsing context given a
browsing context name</a>, then <a href=#replacement-enabled title="replacement enabled">replacement must be
- enabled</a>. The navigation must be done with the <a href=#responsible-browsing-context>responsible
+ enabled</a> also. The navigation must be done with the <a href=#responsible-browsing-context>responsible
browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a> as the <a href=#source-browsing-context>source browsing
context</a>. If the <a href=#resolve-a-url>resolve a URL</a> algorithm failed, then the user agent may either
- instead <a href=#navigate>navigate</a> to an inline error page, using the same replacement behavior and
+ instead <a href=#navigate>navigate</a> to an inline error page, with <a href=#exceptions-enabled>exceptions enabled</a> and using the same replacement behavior and
source browsing context behavior as described earlier in this paragraph; or treat the <var title="">url</var> as "<code><a href=#about:blank>about:blank</a></code>", acting as described in the next paragraph.</p>
<p>If <var title="">url</var> <em>is</em> "<code><a href=#about:blank>about:blank</a></code>", and the <a href=#browsing-context>browsing
@@ -66635,7 +66636,7 @@
method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
successful, must <a href=#navigate>navigate</a><!--DONAV location.href/assign--> the <a href=#browsing-context>browsing
- context</a> to the specified <var title="">url</var>. If the <a href=#browsing-context>browsing context</a>'s
+ context</a> to the specified <var title="">url</var>, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <a href=#browsing-context>browsing context</a>'s
<a href=#session-history>session history</a> contains only one <code><a href=#document>Document</a></code>, and that was the
<code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> created when the <a href=#browsing-context>browsing context</a> was
created, then the navigation must be done with <a href=#replacement-enabled>replacement enabled</a>.</p> <!-- READ ME
@@ -66648,7 +66649,7 @@
method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
successful, <a href=#navigate>navigate</a><!--DONAV location.href/replace--> the <a href=#browsing-context>browsing
- context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a>.</p>
+ context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>.</p>
<!--CLEANUP-->
<p>Navigation for the <code title=dom-location-assign><a href=#dom-location-assign>assign()</a></code> and <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> methods must be done with the <a href=#responsible-browsing-context>responsible browsing context</a> specified by
@@ -66687,7 +66688,7 @@
<!--CLEANUP-->
<dd><p><a href=#navigate>Navigate</a><!--DONAV location.reload()--> the
<a href=#browsing-context>browsing context</a> to <a href="#the-document's-address">the document's
- address</a> with <a href=#replacement-enabled>replacement enabled</a>. The
+ address</a> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>. The
<a href=#source-browsing-context>source browsing context</a> must be the <a href=#browsing-context>browsing
context</a> being navigated.</dd> <!-- it appears that
document.reload() always uses GET and does not, e.g., re-POST. -->
@@ -66892,6 +66893,10 @@
<p class=note>Doing so, however, can be dangerous, as it means that the user is overriding the
author's explicit request to sandbox the content.</p>
+ <p>If the <a href=#navigate>navigate</a> algorithm was invoked with <dfn id=exceptions-enabled>exceptions enabled</dfn>, and it
+ is aborted on this step, then in addition to aborting this algorithm, the user agent must also
+ throw a <code><a href=#securityerror>SecurityError</a></code> exception.</p>
+
</li>
<li id=seamlessLinks><p>If the <a href=#source-browsing-context>source browsing context</a> is the same as the
@@ -73302,6 +73307,10 @@
browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a>
as the <a href=#source-browsing-context>source browsing context</a>.</p>
+ <!-- we don't call this with <span>exceptions enabled</span>, since that would risk leaving the
+ browser in an unusuable state (or would require that we catch and rethrow the exception, and
+ this API is deprecated so we're not worried about keeping it sane) -->
+
</li>
<li>
Modified: index
===================================================================
--- index 2014-01-03 20:03:15 UTC (rev 8369)
+++ index 2014-01-03 21:33:45 UTC (rev 8370)
@@ -8424,7 +8424,8 @@
<!--CLEANUP-->
<li><p><a href=#navigate>Navigate</a><!--DONAV reload after d.open()--> the <a href=#browsing-context>browsing context</a>
- to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>.
+ to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>
+ and <a href=#exceptions-enabled>exceptions enabled</a>.
The <a href=#source-browsing-context>source browsing context</a> is that given to the <a href=#an-overridden-reload title="an overridden
reload">overridden reload</a> algorithm.
When the <a href=#navigate>navigate</a> algorithm creates a <code><a href=#document>Document</a></code> object for this purpose,
@@ -64863,13 +64864,13 @@
<!--CLEANUP-->
<p>Otherwise, if <var title="">url</var> is not "<code><a href=#about:blank>about:blank</a></code>", the user agent must
<a href=#navigate>navigate</a><!--DONAV window.open()--> the selected <a href=#browsing-context>browsing context</a> to the
- <a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
+ <a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
context</a> was just created as part of <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a browsing context given a
browsing context name</a>, then <a href=#replacement-enabled title="replacement enabled">replacement must be
- enabled</a>. The navigation must be done with the <a href=#responsible-browsing-context>responsible
+ enabled</a> also. The navigation must be done with the <a href=#responsible-browsing-context>responsible
browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a> as the <a href=#source-browsing-context>source browsing
context</a>. If the <a href=#resolve-a-url>resolve a URL</a> algorithm failed, then the user agent may either
- instead <a href=#navigate>navigate</a> to an inline error page, using the same replacement behavior and
+ instead <a href=#navigate>navigate</a> to an inline error page, with <a href=#exceptions-enabled>exceptions enabled</a> and using the same replacement behavior and
source browsing context behavior as described earlier in this paragraph; or treat the <var title="">url</var> as "<code><a href=#about:blank>about:blank</a></code>", acting as described in the next paragraph.</p>
<p>If <var title="">url</var> <em>is</em> "<code><a href=#about:blank>about:blank</a></code>", and the <a href=#browsing-context>browsing
@@ -66635,7 +66636,7 @@
method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
successful, must <a href=#navigate>navigate</a><!--DONAV location.href/assign--> the <a href=#browsing-context>browsing
- context</a> to the specified <var title="">url</var>. If the <a href=#browsing-context>browsing context</a>'s
+ context</a> to the specified <var title="">url</var>, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <a href=#browsing-context>browsing context</a>'s
<a href=#session-history>session history</a> contains only one <code><a href=#document>Document</a></code>, and that was the
<code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> created when the <a href=#browsing-context>browsing context</a> was
created, then the navigation must be done with <a href=#replacement-enabled>replacement enabled</a>.</p> <!-- READ ME
@@ -66648,7 +66649,7 @@
method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
successful, <a href=#navigate>navigate</a><!--DONAV location.href/replace--> the <a href=#browsing-context>browsing
- context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a>.</p>
+ context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>.</p>
<!--CLEANUP-->
<p>Navigation for the <code title=dom-location-assign><a href=#dom-location-assign>assign()</a></code> and <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> methods must be done with the <a href=#responsible-browsing-context>responsible browsing context</a> specified by
@@ -66687,7 +66688,7 @@
<!--CLEANUP-->
<dd><p><a href=#navigate>Navigate</a><!--DONAV location.reload()--> the
<a href=#browsing-context>browsing context</a> to <a href="#the-document's-address">the document's
- address</a> with <a href=#replacement-enabled>replacement enabled</a>. The
+ address</a> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>. The
<a href=#source-browsing-context>source browsing context</a> must be the <a href=#browsing-context>browsing
context</a> being navigated.</dd> <!-- it appears that
document.reload() always uses GET and does not, e.g., re-POST. -->
@@ -66892,6 +66893,10 @@
<p class=note>Doing so, however, can be dangerous, as it means that the user is overriding the
author's explicit request to sandbox the content.</p>
+ <p>If the <a href=#navigate>navigate</a> algorithm was invoked with <dfn id=exceptions-enabled>exceptions enabled</dfn>, and it
+ is aborted on this step, then in addition to aborting this algorithm, the user agent must also
+ throw a <code><a href=#securityerror>SecurityError</a></code> exception.</p>
+
</li>
<li id=seamlessLinks><p>If the <a href=#source-browsing-context>source browsing context</a> is the same as the
@@ -73302,6 +73307,10 @@
browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a>
as the <a href=#source-browsing-context>source browsing context</a>.</p>
+ <!-- we don't call this with <span>exceptions enabled</span>, since that would risk leaving the
+ browser in an unusuable state (or would require that we catch and rethrow the exception, and
+ this API is deprecated so we're not worried about keeping it sane) -->
+
</li>
<li>
Modified: source
===================================================================
--- source 2014-01-03 20:03:15 UTC (rev 8369)
+++ source 2014-01-03 21:33:45 UTC (rev 8370)
@@ -8061,7 +8061,8 @@
<!--CLEANUP-->
<li><p><span>Navigate</span><!--DONAV reload after d.open()--> the <span>browsing context</span>
- to a resource whose source is <var data-x="">source</var>, with <span>replacement enabled</span>.
+ to a resource whose source is <var data-x="">source</var>, with <span>replacement enabled</span>
+ and <span>exceptions enabled</span>.
The <span>source browsing context</span> is that given to the <span data-x="an overridden
reload">overridden reload</span> algorithm.
When the <span>navigate</span> algorithm creates a <code>Document</code> object for this purpose,
@@ -72191,13 +72192,13 @@
<p>Otherwise, if <var data-x="">url</var> is not "<code>about:blank</code>", the user agent must
<span>navigate</span><!--DONAV window.open()--> the selected <span>browsing context</span> to the
<span>absolute URL</span> obtained from <span data-x="resolve a url">resolving</span> <var
- data-x="">url</var> earlier. If the <var data-x="">replace</var> is true or if the <span>browsing
+ data-x="">url</var> earlier, with <span>exceptions enabled</span>. If the <var data-x="">replace</var> is true or if the <span>browsing
context</span> was just created as part of <span>the rules for choosing a browsing context given a
browsing context name</span>, then <span data-x="replacement enabled">replacement must be
- enabled</span>. The navigation must be done with the <span>responsible
+ enabled</span> also. The navigation must be done with the <span>responsible
browsing context</span> specified by the <span>incumbent settings object</span> as the <span>source browsing
context</span>. If the <span>resolve a URL</span> algorithm failed, then the user agent may either
- instead <span>navigate</span> to an inline error page, using the same replacement behavior and
+ instead <span>navigate</span> to an inline error page, with <span>exceptions enabled</span> and using the same replacement behavior and
source browsing context behavior as described earlier in this paragraph; or treat the <var
data-x="">url</var> as "<code>about:blank</code>", acting as described in the next paragraph.</p>
@@ -74240,7 +74241,7 @@
method is invoked, the UA must <span data-x="resolve a url">resolve</span> the argument, relative
to the <span>API base URL</span> specified by the <span>entry settings object</span>, and if that is
successful, must <span>navigate</span><!--DONAV location.href/assign--> the <span>browsing
- context</span> to the specified <var data-x="">url</var>. If the <span>browsing context</span>'s
+ context</span> to the specified <var data-x="">url</var>, with <span>exceptions enabled</span>. If the <span>browsing context</span>'s
<span>session history</span> contains only one <code>Document</code>, and that was the
<code>about:blank</code> <code>Document</code> created when the <span>browsing context</span> was
created, then the navigation must be done with <span>replacement enabled</span>.</p> <!-- READ ME
@@ -74253,7 +74254,7 @@
method is invoked, the UA must <span data-x="resolve a url">resolve</span> the argument, relative
to the <span>API base URL</span> specified by the <span>entry settings object</span>, and if that is
successful, <span>navigate</span><!--DONAV location.href/replace--> the <span>browsing
- context</span> to the specified <var data-x="">url</var> with <span>replacement enabled</span>.</p>
+ context</span> to the specified <var data-x="">url</var> with <span>replacement enabled</span> and <span>exceptions enabled</span>.</p>
<!--CLEANUP-->
<p>Navigation for the <code data-x="dom-location-assign">assign()</code> and <code
@@ -74298,7 +74299,7 @@
<!--CLEANUP-->
<dd><p><span>Navigate</span><!--DONAV location.reload()--> the
<span>browsing context</span> to <span>the document's
- address</span> with <span>replacement enabled</span>. The
+ address</span> with <span>replacement enabled</span> and <span>exceptions enabled</span>. The
<span>source browsing context</span> must be the <span>browsing
context</span> being navigated.</p></dd> <!-- it appears that
document.reload() always uses GET and does not, e.g., re-POST. -->
@@ -74534,6 +74535,10 @@
<p class="note">Doing so, however, can be dangerous, as it means that the user is overriding the
author's explicit request to sandbox the content.</p>
+ <p>If the <span>navigate</span> algorithm was invoked with <dfn>exceptions enabled</dfn>, and it
+ is aborted on this step, then in addition to aborting this algorithm, the user agent must also
+ throw a <code>SecurityError</code> exception.</p>
+
</li>
<li id="seamlessLinks"><p>If the <span>source browsing context</span> is the same as the
@@ -81924,6 +81929,10 @@
browsing context</span> specified by the <span>incumbent settings object</span>
as the <span>source browsing context</span>.</p>
+ <!-- we don't call this with <span>exceptions enabled</span>, since that would risk leaving the
+ browser in an unusuable state (or would require that we catch and rethrow the exception, and
+ this API is deprecated so we're not worried about keeping it sane) -->
+
</li>
<li>
More information about the Commit-Watchers
mailing list