Update of /sources/public/html5/spec In directory hutz:/tmp/cvs-serv18095 Modified Files: Overview.html Log Message: Refine the rules to allow for more privacy. (whatwg r2071) Index: Overview.html =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.1245 retrieving revision 1.1246 diff -u -d -r1.1245 -r1.1246 --- Overview.html 13 Aug 2008 00:20:45 -0000 1.1245 +++ Overview.html 13 Aug 2008 02:35:00 -0000 1.1246 @@ -1307,15 +1307,19 @@ </span>Notifications</a> </ul> - <li><a href="#browser0"><span class=secno>5.6 </span>Browser state</a> + <li><a href="#system"><span class=secno>5.6 </span>System state and + capabilities</a> <ul class=toc> - <li><a href="#custom-handlers"><span class=secno>5.6.1 </span>Custom + <li><a href="#client"><span class=secno>5.6.1 </span>Client + identification</a> + + <li><a href="#custom-handlers"><span class=secno>5.6.2 </span>Custom protocol and content handlers</a> <ul class=toc> - <li><a href="#security5"><span class=secno>5.6.1.1. </span>Security + <li><a href="#security5"><span class=secno>5.6.2.1. </span>Security and privacy</a> - <li><a href="#sample-handler-impl"><span class=secno>5.6.1.2. + <li><a href="#sample-handler-impl"><span class=secno>5.6.2.2. </span>Sample user interface</a> </ul> </ul> @@ -1355,7 +1359,7 @@ <li><a href="#application"><span class=secno>5.7.6 </span>Application cache API</a> - <li><a href="#browser1"><span class=secno>5.7.7 </span>Browser + <li><a href="#browser0"><span class=secno>5.7.7 </span>Browser state</a> </ul> @@ -16958,15 +16962,15 @@ <p>The <dfn id=name1 title=attr-iframe-name><code>name</code></dfn> attribute, if present, must be a <a href="#valid9">valid browsing context name</a>. When the browsing context is created, if the attribute is - present, the <a href="#browsing2">browsing context name</a> must be set to - the value of this attribute; otherwise, the <a href="#browsing2">browsing + present, the <a href="#browsing3">browsing context name</a> must be set to + the value of this attribute; otherwise, the <a href="#browsing3">browsing context name</a> must be set to the empty string. <p>Whenever the <code title=attr-iframe-name><a href="#name1">name</a></code> attribute is set, the nested <a - href="#browsing1">browsing context</a>'s <a href="#browsing2" + href="#browsing1">browsing context</a>'s <a href="#browsing3" title="browsing context name">name</a> must be changed to the new value. - If the attribute is removed, the <a href="#browsing2">browsing context + If the attribute is removed, the <a href="#browsing3">browsing context name</a> must be set to the empty string. <p>When content loads in an <code><a href="#iframe">iframe</a></code>, @@ -17745,8 +17749,8 @@ <p>If the <code title=attr-object-name><a href="#name3">name</a></code> attribute is present, the <a - href="#browsing2">browsing context name</a> must be set to the value - of this attribute; otherwise, the <a href="#browsing2">browsing + href="#browsing3">browsing context name</a> must be set to the value + of this attribute; otherwise, the <a href="#browsing3">browsing context name</a> must be set to the empty string.</p> <p class=big-issue>navigation might end up treating it as something @@ -17836,11 +17840,11 @@ <p>Whenever the <code title=attr-object-name><a href="#name3">name</a></code> attribute is set, if the <code><a href="#object">object</a></code> element has a nested <a - href="#browsing1">browsing context</a>, its <a href="#browsing2" + href="#browsing1">browsing context</a>, its <a href="#browsing3" title="browsing context name">name</a> must be changed to the new value. If the attribute is removed, if the <code><a href="#object">object</a></code> element has a <a - href="#browsing1">browsing context</a>, the <a href="#browsing2">browsing + href="#browsing1">browsing context</a>, the <a href="#browsing3">browsing context name</a> must be set to the empty string. <p>The <code title=attr-hyperlink-usemap><a @@ -31580,14 +31584,17 @@ elements) can instantiate further <a href="#browsing1" title="browsing context">browsing contexts</a>. These are called <dfn id=nested0 title="nested browsing context">nested browsing contexts</dfn>. If a - browsing context <var title="">P</var> has an element in one of its - <code>Document</code>s <var title="">D</var> that nests another browsing - context <var title="">C</var> inside it, then <var title="">P</var> is - said to be the <dfn id=parent>parent browsing context</dfn> of <var - title="">C</var>, <var title="">C</var> is said to be a <dfn - id=child>child browsing context</dfn> of <var title="">P</var>, and <var - title="">C</var> is said to be <dfn id=nested1 title="browsing context - nested through">nested through</dfn> <var title="">D</var>. + browsing context <var title="">P</var> has an element <var + title="">E</var> in one of its <code>Document</code>s <var + title="">D</var> that nests another browsing context <var title="">C</var> + inside it, then <var title="">P</var> is said to be the <dfn + id=parent>parent browsing context</dfn> of <var title="">C</var>, <var + title="">C</var> is said to be a <dfn id=child>child browsing + context</dfn> of <var title="">P</var>, <var title="">C</var> is said to + be <dfn id=nested1 title="browsing context nested through">nested + through</dfn> <var title="">D</var>, and <var title="">E</var> is said to + be the <dfn id=browsing2>browsing context container</dfn> of <var + title="">C</var>. <p>A browsing context <var title="">A</var> is said to be an ancestor of a browsing context <var title="">B</var> if there exists a browsing context @@ -31640,6 +31647,8 @@ <code><a href="#window">Window</a></code> object if it was a <a href="#top-level">top-level browsing context</a> itself). + <hr> + <p>The <dfn id=parent0 title=dom-parent><code>parent</code></dfn> DOM attribute on the <code><a href="#window">Window</a></code> object of a <a href="#browsing1">browsing context</a> <var title="">b</var> must return @@ -31651,6 +31660,29 @@ otherwise (i.e. if it is a <a href="#top-level">top-level browsing context</a>). + <p>The <dfn id=frameelement + title=dom-frameElement><code>frameElement</code></dfn> DOM attribute on + the <code><a href="#window">Window</a></code> object of a <a + href="#browsing1">browsing context</a> <var title="">b</var>, on getting, + must run the following algorithm: + + <ol> + <li> + <p>If <var title="">b</var> is not a <a href="#child">child browsing + context</a>, return null and abort these steps. + + <li> + <p>If the <a href="#parent">parent browsing context</a>'s <a + href="#active">active document</a> does not have the <span>same</span> + <span>effective origin</span> as the script that is accessing the <code + title=dom-frameElement><a href="#frameelement">frameElement</a></code> + attribute, then throw a <a href="#security10">security exception</a>. + + <li> + <p>Otherwise, return the <a href="#browsing2">browsing context + container</a> for <var title="">b</var>. + </ol> + <h4 id=auxiliary><span class=secno>5.1.2 </span>Auxiliary browsing contexts</h4> <p>It is possible to create new browsing contexts that are related to a @@ -31757,7 +31789,7 @@ <h4 id=browsing><span class=secno>5.1.6 </span>Browsing context names</h4> - <p>Browsing contexts can have a <dfn id=browsing2>browsing context + <p>Browsing contexts can have a <dfn id=browsing3>browsing context name</dfn>. By default, a browsing context has no name (its name is not set). @@ -31796,7 +31828,7 @@ <li> <p>If the given browsing context name is not <code title="">_blank</code> - and there exists a browsing context whose <a href="#browsing2" + and there exists a browsing context whose <a href="#browsing3" title="browsing context name">name</a> is the same as the given browsing context name, and the current browsing context is <a href="#allowed">allowed to navigate</a> that browsing context, and the @@ -31894,6 +31926,7 @@ readonly attribute <a href="#window">Window</a> <a href="#top0" title=dom-top>top</a>; readonly attribute <a href="#window">Window</a> <a href="#opener0" title=dom-opener>opener</a>; readonly attribute <a href="#window">Window</a> <a href="#parent0" title=dom-parent>parent</a>; + readonly attribute <span>Element</span> <a href="#frameelement" title=dom-frameElement>frameElement</a>; <a href="#window">Window</a> <a href="#open2" title=dom-open>open</a>(); <a href="#window">Window</a> <a href="#open2" title=dom-open>open</a>(in DOMString url); <a href="#window">Window</a> <a href="#open2" title=dom-open>open</a>(in DOMString url, in DOMString target); @@ -31901,7 +31934,7 @@ <a href="#window">Window</a> <a href="#open2" title=dom-open>open</a>(in DOMString url, in DOMString target, in DOMString features, in DOMString replace); // the user agent - readonly attribute <a href="#clientinformation">ClientInformation</a> <a href="#navigator" title=dom-navigator>navigator</a>; <!-- XXX IE6 also has window.clientInformation pointing to this same object --> + readonly attribute <a href="#navigator0">Navigator</a> <a href="#navigator" title=dom-navigator>navigator</a>; <!-- XXX IE6 also has window.clientInformation pointing to this same object --> readonly attribute <a href="#storage0">Storage</a> <a href="#localstorage" title=dom-localStorage>localStorage</a>; readonly attribute <a href="#storage0">Storage</a> <a href="#sessionstorage" title=dom-sessionStorage>sessionStorage</a>; <a href="#database0">Database</a> <a href="#opendatabase" title=dom-opendatabase>openDatabase</a>(in DOMString name, in DOMString version, in DOMString displayName, in unsigned long estimatedSize); @@ -32030,7 +32063,7 @@ invoked. <p>The second argument, <var title="">target</var>, specifies the <a - href="#browsing2" title="browsing context name">name</a> of the browsing + href="#browsing3" title="browsing context name">name</a> of the browsing context that is to be navigated. It must be a <a href="#valid10">valid browsing context name or keyword</a>. If fewer than two arguments are provided, then the <var title="">name</var> argument defaults to the value @@ -33716,25 +33749,103 @@ brought to the user's attention, and the <var title="">onclick</var> callback should then be invoked. - <h3 id=browser0><span class=secno>5.6 </span>Browser state</h3> + <h3 id=system><span class=secno>5.6 </span>System state and capabilities</h3> <p>The <dfn id=navigator title=dom-navigator><code>navigator</code></dfn> attribute of the <code><a href="#window">Window</a></code> interface must - return an instance of the <code><a - href="#clientinformation">ClientInformation</a></code> interface, which - represents the identity and state of the user agent (the client), and - allows Web pages to register themselves as potential protocol and content - handlers: + return an instance of the <code><a href="#navigator0">Navigator</a></code> + interface, which represents the identity and state of the user agent (the + client), and allows Web pages to register themselves as potential protocol + and content handlers: - <pre - class=idl>interface <dfn id=clientinformation>ClientInformation</dfn> { + <pre class=idl>interface <dfn id=navigator0>Navigator</dfn> { + // client identification<!-- + readonly attribute DOMString <span title="dom-navigator-appCodeName">appCodeName</span>;--> + readonly attribute DOMString <a href="#appname" title=dom-navigator-appName>appName</a>; + readonly attribute DOMString <a href="#appversion" title=dom-navigator-appVersion>appVersion</a>; + readonly attribute DOMString <a href="#platform" title=dom-navigator-platform>platform</a>; + readonly attribute DOMString <a href="#useragent" title=dom-navigator-userAgent>userAgent</a>; + + // system state readonly attribute boolean <a href="#navigator.online" title=dom-navigator-onLine>onLine</a>; void <a href="#registerprotocolhandler" title=dom-navigator-registerProtocolHandler>registerProtocolHandler</a>(in DOMString protocol, in DOMString url, in DOMString title); void <a href="#registercontenthandler" title=dom-navigator-registerContentHandler>registerContentHandler</a>(in DOMString mimeType, in DOMString url, in DOMString title); -<!-- XXX there are other attributes! -->};</pre> - <!-- also, see window.external.AddSearchProvider() and similar DOM APIs from IE --> +};</pre> + <!-- XXX also, see window.external.AddSearchProvider() and similar DOM APIs from IE --> + <!-- XXX also, see: cookieEnabled geolocator javaEnabled mimeTypes mozIsLocallyAvailable plugins preference --> + <!-- XXX also, could expose languages: + <dt><dfn title="dom-navigator-browserLanguage"><code>browserLanguage</code></dfn></dt> <!- - Opera and IE only - -> + <dd><p>Must return either null or a language code representing the language the browser uses in its interface.</p></dd> + <dt><dfn title="dom-navigator-userLanguage"><code>userLanguage</code></dfn></dt> <!- - Opera and IE only - -> + <dt><dfn title="dom-navigator-language"><code>language</code></dfn></dt> <!- - Opera, Safari, and Mozilla only - -> + <dd><p>Must return either null or a language code representing the user's preferred language.</p></dd> + --> - <h4 id=custom-handlers><span class=secno>5.6.1 </span>Custom protocol and + <h4 id=client><span class=secno>5.6.1 </span>Client identification</h4> + + <p>In certain cases, despite the best efforts of the entire industry, Web + browsers have bugs and limitations that Web authors are forced to work + around. + + <p>This section defines a collection of attributes that can be used to + determine, from script, the kind of user agent in use, in order to work + around these issues. + + <p>Client detection should always be limited to detecting known current + versions; future versions and unknown versions should always be assumed to + be fully compliant. + + <dl><!-- redundant + <dt><dfn title="dom-navigator-appCodeName"><code>appCodeName</code></dfn></dt> + <dd><p>Must return the string "<code title="">Mozilla</code>".</p></dd> + --> + <!-- appMinorVersion: IE only. In IE8b1, returns " Beta" (with the space) --> + + <dt><dfn id=appname title=dom-navigator-appName><code>appName</code></dfn> + + <dd> + <p>Must return either the string "<code title="">Netscape</code>" or the + full name of the browser, e.g. "<code title="">Mellblom + Browsernator</code>". + + <dt><dfn id=appversion + title=dom-navigator-appVersion><code>appVersion</code></dfn> + + <dd> + <p>Must return either the string "<code title="">4.0</code>" or a string + representing the version of the browser in detail, e.g. "<code + title="">1.0 (VMS; en-US) Mellblomenator/9000</code>". + </dd> + <!-- buildID: Mozilla only --> + <!-- oscpu: Mozilla only --> + + <dt><dfn id=platform + title=dom-navigator-platform><code>platform</code></dfn> + + <dd> + <p>Must return either the empty string or a string representing the + platform on which the browser is executing, e.g. "<code + title="">MacIntel</code>", "<code title="">Win32</code>", "<code + title="">FreeBSD i386</code>", "<code title="">WebTV OS</code>". + </dd> + <!-- product: Mozilla and Safari only; always returns "Gecko" --> + <!-- productSub: Mozilla and Safari only; returns same as buildID in Mozilla, and returns the fixed string "20030107" in Safari --> + <!-- securityPolicy: Mozilla only; always returns "" --> + <!-- taintEnabled(): Opera, IE and Mozilla have this function as one that always returns false --> + + <dt><dfn id=useragent + title=dom-navigator-userAgent><code>userAgent</code></dfn> + + <dd> + <p>Must return the string used for the value of the "<code + title="">User-Agent</code>" header in HTTP requests, or the empty string + if no such header is ever sent. + </dd> + <!-- vendor: Mozilla and Safari only; always returns "" in Mozilla, and returns the fixed string "Apple Computer, Inc." in Safari --> + <!-- vendorSub: Mozilla and Safari only; always returns "" --> + </dl> + + <h4 id=custom-handlers><span class=secno>5.6.2 </span>Custom protocol and content handlers</h4> <p>The <dfn id=registerprotocolhandler @@ -33881,7 +33992,7 @@ non-idempotent transaction), as the remote site would not be able to fetch the same data. - <h5 id=security5><span class=secno>5.6.1.1. </span>Security and privacy</h5> + <h5 id=security5><span class=secno>5.6.2.1. </span>Security and privacy</h5> <p>These mechanisms can introduce a number of concerns, in particular privacy concerns. @@ -33959,7 +34070,7 @@ trust the third-party handler, a decision many users are unable to make or even understand). - <h5 id=sample-handler-impl><span class=secno>5.6.1.2. </span>Sample user + <h5 id=sample-handler-impl><span class=secno>5.6.2.2. </span>Sample user interface</h5> <p><em>This section is non-normative.</em> @@ -35554,7 +35665,7 @@ href="#applicationcache">ApplicationCache</a></code> object. </dl> - <h4 id=browser1><span class=secno>5.7.7 </span>Browser state</h4> + <h4 id=browser0><span class=secno>5.7.7 </span>Browser state</h4> <p>The <dfn id=navigator.online title=dom-navigator-onLine><code>navigator.onLine</code></dfn> attribute @@ -35908,15 +36019,16 @@ <h4 id=the-location><span class=secno>5.8.4 </span>The <code><a href="#location2">Location</a></code> interface</h4> - <p>Each <code>Document</code> object in a browsing context's session - history is associated with a unique instance of a <code><a - href="#location2">Location</a></code> object. + <p>Each <code>Document</code> object in a <a href="#browsing1">browsing + context</a>'s session history is associated with a unique instance of a + <code><a href="#location2">Location</a></code> object. <p>The <dfn id=location0 title=dom-document-location><code>location</code></dfn> attribute of the <code><a href="#htmldocument">HTMLDocument</a></code> interface must return the <code><a href="#location2">Location</a></code> object for that - <code>Document</code> object. + <code>Document</code> object, if it is in a <span>browser context</span>, + and null otherwise. <p>The <dfn id=location1 title=dom-location><code>location</code></dfn> attribute of the <code><a href="#window">Window</a></code> interface must @@ -36789,14 +36901,14 @@ href="#current1">current entry</a>, then the following sub-sub-steps must be run: <ol> - <li>The current <a href="#browsing2">browsing context name</a> must be + <li>The current <a href="#browsing3">browsing context name</a> must be stored with all the entries in the history that are associated with <code>Document</code> objects with the <a href="#same-origin">same origin</a> as the <a href="#active">active document</a> <em>and</em> that are contiguous with the <a href="#current1">current entry</a>. <li id=resetBCName>The browsing context's <a - href="#browsing2">browsing context name</a> must be unset. + href="#browsing3">browsing context name</a> must be unset. </ol> <li id=appcache-history-2>The user agent must make the <i>specified @@ -36806,14 +36918,14 @@ href="#appcache-history-1">change</a> which <a href="#application0">application cache</a> it is associated with.) - <li>If the <i>specified entry</i> has a <a href="#browsing2">browsing + <li>If the <i>specified entry</i> has a <a href="#browsing3">browsing context name</a> stored with it, then the following sub-sub-steps must be run: <ol> - <li>The browsing context's <a href="#browsing2">browsing context + <li>The browsing context's <a href="#browsing3">browsing context name</a> must be set to the name stored with the specified entry. - <li>Any <a href="#browsing2">browsing context name</a> stored with the + <li>Any <a href="#browsing3">browsing context name</a> stored with the entries in the history that are associated with <code>Document</code> objects with the <a href="#same-origin">same origin</a> as the new <a href="#active">active document</a>, and that are contiguous with the @@ -55262,24 +55374,24 @@ Distler, James Graham, James Justin Harrell, James M Snell, James Perrett, Jan-Klaas Kollhof, Jason White, Jasper Bryant-Greene, Jeff Cutsinger, Jeff Schiller, Jeff Walden, Jens Bannmann, Jens Fendler, Jeroen van der Meer, - Jim Jewett, Jim Meehan, Joe Clark, Jjgod Jiang, Joel Spolsky, Johan - Herland, John Boyer, John Bussjaeger, John Harding, Johnny Stenback, Jon - Perlow, Jonathan Worent, Jorgen Horstink, Josh Levenberg, Joshua Randall, - Jukka K. Korpela, Julian Reschke, Kai Hendry, <!-- Keryx Web, = Lars - Gunther --> - Kornel Lesinski, 黒澤剛志 (KUROSAWA Takeshi), - Kristof Zelechovski, Lachlan Hunt, Larry Page, Lars Gunther, Laura L. - Carlson, Laura Wisewell, Laurens Holst, Lee Kowalkowski, Leif Halvard - Silli, Lenny Domnitser, Léonard Bouchet, Leons Petrazickis, - Logan<!-- on moz irc -->, Loune, Maciej Stachowiak, Magnus - Kristiansen<!-- Dashiva -->, Malcolm Rowe, Mark Nottingham, Mark - Rowe<!--bdash-->, Mark Schenk, Martijn Wargers, Martin Atkins, Martin - Dürst, Martin Honnen, Masataka Yakura, Mathieu Henri, Matthew - Mastracci, Matthew Raymond, Matthew Thomas, Mattias Waldau, Max - Romantschuk, Michael 'Ratt' Iannarelli, Michael A. Nachbaur, Michael A. - Puls II<!--Shadow2531-->, Michael Carter, Michael Gratton, Michael Powers, - Michael(tm) Smith, Michel Fortin, Michiel van der Blonk, Mihai - Şucan<!-- from ROBO Design -->, Mike Brown, Mike + Jim Jewett, Jim Meehan, Joe Clark, Joseph Kesselman, Jjgod Jiang, Joel + Spolsky, Johan Herland, John Boyer, John Bussjaeger, John Harding, Johnny + Stenback, Jon Perlow, Jonathan Worent, Jorgen Horstink, Josh Levenberg, + Joshua Randall, Jukka K. Korpela, Julian Reschke, Kai Hendry, + <!-- Keryx Web, = Lars + Gunther --> Kornel Lesinski, + 黒澤剛志 (KUROSAWA Takeshi), Kristof Zelechovski, + Lachlan Hunt, Larry Page, Lars Gunther, Laura L. Carlson, Laura Wisewell, + Laurens Holst, Lee Kowalkowski, Leif Halvard Silli, Lenny Domnitser, + Léonard Bouchet, Leons Petrazickis, Logan<!-- on moz irc -->, + Loune, Maciej Stachowiak, Magnus Kristiansen<!-- Dashiva -->, Malcolm + Rowe, Mark Nottingham, Mark Rowe<!--bdash-->, Mark Schenk, Martijn + Wargers, Martin Atkins, Martin Dürst, Martin Honnen, Masataka Yakura, + Mathieu Henri, Matthew Mastracci, Matthew Raymond, Matthew Thomas, Mattias + Waldau, Max Romantschuk, Michael 'Ratt' Iannarelli, Michael A. Nachbaur, + Michael A. Puls II<!--Shadow2531-->, Michael Carter, Michael Gratton, + Michael Powers, Michael(tm) Smith, Michel Fortin, Michiel van der Blonk, + Mihai Şucan<!-- from ROBO Design -->, Mike Brown, Mike Dierken<!-- S. Mike Dierken -->, Mike Dixon, Mike Schinkel, Mike Shaver, Mikko Rantalainen, Neil Deakin, Neil Soiffer, Olaf Hoffmann, Olav Junker Kjær, Oliver Hunt, Peter Karlsson, Peter Kasting, PhilipReceived on Wednesday, 13 August 2008 02:35:40 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 9 October 2008 20:32:58 GMT