W3C home > Mailing lists > Public > public-html-diffs@w3.org > February 2010

hixie: Redefine how .cookie is handled. (whatwg r4778)

From: poot <cvsmail@w3.org>
Date: Thu, 18 Feb 2010 14:49:21 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20100218054922.1FFC22BBF1@toro.w3.mag.keio.ac.jp>
hixie: Redefine how .cookie is handled. (whatwg r4778)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.3825&r2=1.3826&f=h
http://html5.org/tools/web-apps-tracker?from=4777&to=4778

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3825
retrieving revision 1.3826
diff -u -d -r1.3825 -r1.3826
--- Overview.html	18 Feb 2010 05:02:09 -0000	1.3825
+++ Overview.html	18 Feb 2010 05:49:09 -0000	1.3826
@@ -6049,34 +6049,43 @@
   </dl><div class="impl">
 
   <p>The <dfn id="dom-document-cookie" title="dom-document-cookie"><code>cookie</code></dfn>
-  attribute represents the cookies of the resource.</p>
+  attribute represents the cookies of the resource from which the
+  <code><a href="#document">Document</a></code> was created.</p>
 
-  <p id="sandboxCookies">On getting, if the document is not associated
-  with a <a href="#browsing-context">browsing context</a> then the user agent must raise
-  an <code><a href="#invalid_state_err">INVALID_STATE_ERR</a></code> exception. Otherwise, if the
+  <p>Some <code><a href="#document">Document</a></code> objects are <dfn id="cookie-free-document-object" title="cookie-free
+  Document object">cookie-free <code>Document</code>
+  objects</dfn>. Any <code><a href="#document">Document</a></code> object created by the <code title="">createDocument()</code> or <code title="dom-DOMHTMLImplementation-createHTMLDocument"><a href="#dom-domhtmlimplementation-createhtmldocument">createHTMLDocument()</a></code>
+  factory methods is a <a href="#cookie-free-document-object">cookie-free <code>Document</code>
+  object</a>. Any <code><a href="#document">Document</a></code> whose <a href="#the-document-s-address" title="the
+  document's address">address</a> does not use a server-based
+  naming authority is a <a href="#cookie-free-document-object">cookie-free <code>Document</code>
+  object</a>. Other specifications can also define
+  <code><a href="#document">Document</a></code> objects as being <a href="#cookie-free-document-object" title="cookie-free
+  Document object">cookie-free <code>Document</code>
+  objects</a>.</p>
+
+  <p id="sandboxCookies">On getting, if the document is a
+  <a href="#cookie-free-document-object">cookie-free <code>Document</code> object</a>, then the user
+  agent must return the empty string. Otherwise, if the
   <a href="#sandboxed-origin-browsing-context-flag">sandboxed origin browsing context flag</a> was set on the
   <a href="#browsing-context">browsing context</a> of the <code><a href="#document">Document</a></code> when the
   <code><a href="#document">Document</a></code> was created, the user agent must raise a
-  <code><a href="#security_err">SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document-s-address">the
-  document's address</a> does not use a server-based naming
-  authority, it must return the empty string. Otherwise, it must first
-  <a href="#obtain-the-storage-mutex">obtain the storage mutex</a> and then return the
+  <code><a href="#security_err">SECURITY_ERR</a></code> exception. Otherwise, the user agent must
+  first <a href="#obtain-the-storage-mutex">obtain the storage mutex</a> and then return the
   cookie-string for <a href="#the-document-s-address">the document's address</a> for a
   "non-HTTP" API. <a href="#refsCOOKIES">[COOKIES]</a></p>
 
-  <p>On setting, if the document is not associated with a
-  <a href="#browsing-context">browsing context</a> then the user agent must raise an
-  <code><a href="#invalid_state_err">INVALID_STATE_ERR</a></code> exception. Otherwise, if the
-  <a href="#sandboxed-origin-browsing-context-flag">sandboxed origin browsing context flag</a> was set on the
-  <a href="#browsing-context">browsing context</a> of the <code><a href="#document">Document</a></code> when the
-  <code><a href="#document">Document</a></code> was created, the user agent must raise a
-  <code><a href="#security_err">SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document-s-address">the
-  document's address</a> does not use a server-based naming
-  authority, it must do nothing. Otherwise, the user agent must
-  <a href="#obtain-the-storage-mutex">obtain the storage mutex</a> and then act as it would when
-  <span title="receives a set-cookie-string">receiving a
-  set-cookie-string</span> for <a href="#the-document-s-address">the document's address</a> via
-  a "non-HTTP" API, consisting of the new value. <a href="#refsCOOKIES">[COOKIES]</a></p>
+  <p>On setting, if the document is a <a href="#cookie-free-document-object">cookie-free
+  <code>Document</code> object</a>, then the user agent must do
+  nothing. Otherwise, if the <a href="#sandboxed-origin-browsing-context-flag">sandboxed origin browsing context
+  flag</a> was set on the <a href="#browsing-context">browsing context</a> of the
+  <code><a href="#document">Document</a></code> when the <code><a href="#document">Document</a></code> was created,
+  the user agent must raise a <code><a href="#security_err">SECURITY_ERR</a></code>
+  exception. Otherwise, the user agent must <a href="#obtain-the-storage-mutex">obtain the storage
+  mutex</a> and then act as it would when <span title="receives a
+  set-cookie-string">receiving a set-cookie-string</span> for
+  <a href="#the-document-s-address">the document's address</a> via a "non-HTTP" API, consisting
+  of the new value. <a href="#refsCOOKIES">[COOKIES]</a></p>
 
   <p class="note">Since the <code title="dom-document-cookie"><a href="#dom-document-cookie">cookie</a></code> attribute is accessible
   across frames, the path restrictions on cookies are only a tool to
Received on Thursday, 18 February 2010 05:49:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 18 December 2010 06:14:17 GMT