W3C home > Mailing lists > Public > public-html-diffs@w3.org > February 2010

hixie: Make 'Referer' work correctly for scripts in shared workers. (For some definition of 'correctly' -- it uses the URL of the document that actually created the script. Arguably it should use the URL of the script itself. However, this doesn't change that, it just makes it not leak the URL of documents that that document's browsing context is navigated to.) (whatwg r4789)

From: poot <cvsmail@w3.org>
Date: Tue, 23 Feb 2010 10:53:42 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20100223015342.A05E52BCC1@toro.w3.mag.keio.ac.jp>
hixie: Make 'Referer' work correctly for scripts in shared workers. (For
some definition of 'correctly' -- it uses the URL of the document that
actually created the script. Arguably it should use the URL of the
script itself. However, this doesn't change that, it just makes it not
leak the URL of documents that that document's browsing context is
navigated to.) (whatwg r4789)

http://dev.w3.org/cvsweb/html5/workers/Overview.html?r1=1.231&r2=1.232&f=h
http://html5.org/tools/web-apps-tracker?from=4788&to=4789

===================================================================
RCS file: /sources/public/html5/workers/Overview.html,v
retrieving revision 1.231
retrieving revision 1.232
diff -u -d -r1.231 -r1.232
--- Overview.html	22 Feb 2010 23:03:52 -0000	1.231
+++ Overview.html	23 Feb 2010 01:53:22 -0000	1.232
@@ -193,7 +193,7 @@
    <p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
    <h1>Web Workers</h1>
 
-   <h2 class="no-num no-toc" id="editor-s-draft-22-february-2010">Editor's Draft 22 February 2010</h2>
+   <h2 class="no-num no-toc" id="editor-s-draft-23-february-2010">Editor's Draft 23 February 2010</h2>
    <dl><dt>Latest Published Version:</dt>
     <dd><a href="http://www.w3.org/TR/workers/">http://www.w3.org/TR/workers/</a></dd>
     <dt>Latest Editor's Draft:</dt>
@@ -254,7 +254,7 @@
   Working Group</a> is the W3C working group responsible for this
   specification's progress along the W3C Recommendation track.
 
-  This specification is the 22 February 2010 Editor's Draft.
+  This specification is the 23 February 2010 Editor's Draft.
   </p><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- relationship to other work (required) --><p>This specification is also being produced by the <a href="http://www.whatwg.org/">WHATWG</a>. The two specifications are
   identical from the table of contents onwards.</p><!-- UNDER NO CIRCUMSTANCES IS THE FOLLOWING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- context and rationale (required) --><p>This specification is intended to specify a part of the Web
   platform closely related to HTML5. It is defined in a separate
@@ -1195,9 +1195,12 @@
   <code>Document</code>s</a> are <span>fully active</span>.<p>A worker is said to be a <dfn id="suspendable-worker">suspendable worker</dfn> if it is
   not an <a href="#active-needed-worker">active needed worker</a> but it is a
   <a href="#permissible-worker">permissible worker</a>.<h3 id="processing-model"><span class="secno">4.5 </span>Processing model</h3><p>When a user agent is to <dfn id="run-a-worker">run a worker</dfn> for a script with
-  <span>URL</span> <var title="">url</var>, a browsing context <var title="">owner browsing context</var>, an origin <var title="">owner
-  origin</var>, and with global scope <var title="">worker global
-  scope</var>, it must run the following steps:<ol><li>
+  <span>URL</span> <var title="">url</var>, a <span>browsing
+  context</span> <var title="">owner browsing context</var>, a
+  <code>Document</code> <var title="">owner document</var>, an
+  <span>origin</span> <var title="">owner origin</var>, and with
+  global scope <var title="">worker global scope</var>, it must run
+  the following steps:<ol><li>
 
     <p>Create a completely separate and parallel execution environment
     (i.e. a separate thread or process or equivalent construct), and
@@ -1257,6 +1260,9 @@
 
     <p>Set the <span>script's browsing context</span> to <var title="">owner browsing context</var>.</p>
 
+    <p>Set the <span>script's document</span> to <var title="">owner
+    document</var>.</p>
+
     <p>Set the <span>script's URL character encoding</span> to
     UTF-8. (This is just used for encoding non-ASCII characters in the
     query component of URLs.)</p>
@@ -1616,7 +1622,9 @@
     <p><a href="#run-a-worker">Run a worker</a> for the resulting <span>absolute
     URL</span>, with the <span>script's browsing context</span> of the
     script that invoked the method as the <var title="">owner browsing
-    context</var>, with the <span>origin</span> of the <span>entry
+    context</var>, with the <span>script's document</span> of the
+    script that invoked the method as the <var title="">owner
+    document</var>, with the <span>origin</span> of the <span>entry
     script</span> as the <var title="">owner origin</var>, and with
     <var title="">worker global scope</var> as the global scope.</p>
 
@@ -1811,7 +1819,9 @@
     <p><a href="#run-a-worker">Run a worker</a> for <var title="">scriptURL</var>,
     with the <span>script's browsing context</span> of the script that
     invoked the method as the <var title="">owner browsing
-    context</var>, with the <span>origin</span> of the <span>entry
+    context</var>, with the <span>script's document</span> of the
+    script that invoked the method as the <var title="">owner
+    document</var>, with the <span>origin</span> of the <span>entry
     script</span> as the <var title="">owner origin</var>, and with
     <var title="">worker global scope</var> as the global scope.</p>
Received on Tuesday, 23 February 2010 01:54:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 18 December 2010 06:14:17 GMT