spec/Overview.html 1.2068 2899 Block concurrent access to .cookie and . from poot on 2009-03-24 (public-html-diffs@w3.org from March 2009)

From: poot <cvsmail@w3.org>
Date: Tue, 24 Mar 2009 17:17:24 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20090324081724.56ABD2BC78@toro.w3.mag.keio.ac.jp>
Block concurrent access to .cookie and .localStorage using the storage
mutex. (whatwg r2899)

On getting, if the document is not associated with a browsing context then the user agent must raise an INVALID_STATE_ERR exception. Otherwise, if the sandboxed origin browsing context flag was set on the browsing context of the Document when the Document was created, the user agent must raise a SECURITY_ERR exception. Otherwise, if the document's address does not use a server-based naming authority, it must return the empty string. Otherwise, it must first obtain the storage mutex and then return the same string as the value of the Cookie HTTP header it would include if fetching the resource indicated by the document's address over HTTP, as per RFC 2109 section 4.3.4 or later specifications, excluding HTTP-only cookies. [RFC2109] [RFC2965]
http://people.w3.org/mike/diffs/html5/spec/Overview.1.2068.html#sandboxCookies

http://people.w3.org/mike/diffs/html5/spec/Overview.diff.html
http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.2067&r2=1.2068&f=h
http://html5.org/tools/web-apps-tracker?from=2898&to=2899

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.2067
retrieving revision 1.2068
diff -u -d -r1.2067 -r1.2068
--- Overview.html 24 Mar 2009 07:42:06 -0000 1.2067
+++ Overview.html 24 Mar 2009 08:15:19 -0000 1.2068
@@ -6226,10 +6226,13 @@
   <code>Document</code> was created, the user agent must raise a
   <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href=#the-document-s-address>the
   document's address</a> does not use a server-based naming
-  authority, it must return the empty string. Otherwise, it must
-  return the same string as the value of the <code title="">Cookie</code> HTTP header it would include if <a href=#fetch title=fetch>fetching</a> the resource indicated by <a href=#the-document-s-address>the
-  document's address</a> over HTTP, as per RFC 2109 section 4.3.4
-  or later specifications, excluding HTTP-only cookies. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></p>
+  authority, it must return the empty string. Otherwise, it must first
+  <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then return the same
+  string as the value of the <code title="">Cookie</code> HTTP header
+  it would include if <a href=#fetch title=fetch>fetching</a> the resource
+  indicated by <a href=#the-document-s-address>the document's address</a> over HTTP, as per
+  RFC 2109 section 4.3.4 or later specifications, excluding HTTP-only
+  cookies. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></p>
 
   <p>On setting, if the document is not associated with a
   <a href=#browsing-context>browsing context</a> then the user agent must raise an
@@ -6239,13 +6242,14 @@
   <code>Document</code> was created, the user agent must raise a
   <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href=#the-document-s-address>the
   document's address</a> does not use a server-based naming
-  authority, it must do nothing. Otherwise, the user agent must act as
-  it would when processing cookies if it had just attempted to
-  <a href=#fetch>fetch</a> <a href=#the-document-s-address>the document's address</a> over HTTP,
-  and had received a response with a <code>Set-Cookie</code> header
-  whose value was the specified value, as per RFC 2109 sections 4.3.1,
-  4.3.2, and 4.3.3 or later specifications, but without overwriting
-  the values of HTTP-only cookies. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></p>
+  authority, it must do nothing. Otherwise, the user agent must
+  <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then act as it would when
+  processing cookies if it had just attempted to <a href=#fetch>fetch</a>
+  <a href=#the-document-s-address>the document's address</a> over HTTP, and had received a
+  response with a <code>Set-Cookie</code> header whose value was the
+  specified value, as per RFC 2109 sections 4.3.1, 4.3.2, and 4.3.3 or
+  later specifications, but without overwriting the values of
+  HTTP-only cookies. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></p>
 
   <p class=note>This specification does not define what makes an
   HTTP-only cookie, and at the time of publication the editor is not
Received on Tuesday, 24 March 2009 08:18:06 UTC