[whatwg] "first script" and impersonating other pages - pushState(url)

Ian Hickson ian at hixie.ch
Sun Aug 30 14:47:56 PDT 2009 

On Fri, 21 Aug 2009, Mike Wilson wrote:
>
> I'm currently wrapping my head around the notion of "first script" in 
> the spec [1]. It's description is a bit terse and the subject seems 
> non-trivial, so maybe the text could be fleshed out some?
> 
> Section 6.1.5 "Groupings of browsing contexts" says:
> | Each unit of related similar-origin browsing 
> | contexts can have a first script which is used to 
> | obtain, amongst other things, the script's base 
> | URL to resolve relative URLs used in scripts 
> | running in that unit of related similar-origin 
> | browsing contexts. Initially, there is no first 
> | script.
> 
> Ok, so a *unit of related similar-origin browsing contexts* has one 
> shared first script.
> 
> Does this implicitly say that this set of browsing contexts should never 
> execute script in parallel? (= mutually exclusive code execution, so one 
> hang will hang them all)

No, that is implied by the event loop mechanism.

   http://www.whatwg.org/specs/web-apps/current-work/#event-loops


> Section 6.5.3.2 "Calling scripts" says:
> | When a user agent is to jump to a code entry-point 
> | for a script, for example to invoke an event 
> | listener defined in that script, the user agent 
> | must run the following steps:
> | [...]
> | 2. Set the first script to be the script being 
> |    invoked. 
> 
> Example:
> 
>   /pages/page1.html:
>     <script src="/scripts/script1.js">
> *1  <button onclick="func1();">
> 
>   /scripts/script1.js:
>     function func1() { ... }
> *2  func1();
> 
> What is regarded as *first script* in these two 
> calls to func1() ?
> *1: the implicitly generated event handler wrapper 
>     in /pages/page1.html ?
> *2: /scripts/script1.js

Yes.


> Section 6.10.2 "The History interface" says:
> | [...]
> | pushState(data, title, url)
> | [...]
> | 2.1 Resolve the value of the third argument, 
> |     relative to the first script's base URL.
> | [...]
> | 5   If the third argument is present, set the 
> |     document's current address to the absolute URL 
> |     that was found earlier in this algorithm.
> 
> Ok, by calling pushState() with an URL I can make 
> the address bar show another URL than my document is
> loaded from.
> 
> Imagine that I want my loaded page:
>   /pages/section1/thing1
> be able to impersonate:
>   /pages/section2/thing2
> how do you envision this to be structured? 
> 
> Something like this? :
> 
>   /pages/section1/thing1:
>     <script src="/pages/script.js">
>     <button onclick="impersonate();">
> 
>   /pages/script.js:
>     function impersonate() {
>       ...pushState(..., "/pages/section2/thing2");
>     }

That would do it, yes.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list