- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 13 Feb 2009 23:13:32 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv20481
Modified Files:
Overview.html
Log Message:
Scripting being disabled didn't always block all scripts from being compiled. (whatwg r2823)
Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.1993
retrieving revision 1.1994
diff -u -d -r1.1993 -r1.1994
--- Overview.html 13 Feb 2009 21:12:34 -0000 1.1993
+++ Overview.html 13 Feb 2009 23:13:29 -0000 1.1994
@@ -13743,6 +13743,14 @@
<p>This flag <a href=#sandboxScriptBlocked>blocks script
execution</a>.</p>
+ <p class=warning>If the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute is
+ dynamically added after the <code><a href=#the-iframe-element>iframe</a></code> has loaded a page,
+ scripts already compiled by that page (whether in
+ <code><a href=#script>script</a></code> elements, or in <a href=#event-handler-attributes-0>event handler
+ attributes</a>, or elsewhere) will continue to run. Only
+ <em>new</em> scripts will be prevented from executing by this
+ flag.</p>
+
</dd>
</dl><p>These flags must not be set unless the conditions listed above
@@ -29074,7 +29082,12 @@
</ol><p>This algorithm is not invoked by one script calling another.<h5 id=creating-scripts><span class=secno>5.5.3.3 </span>Creating scripts</h5><p>When the specification says that a <a href=#concept-script title=concept-script>script</a> is to be <dfn id=create-a-script title="create a
script">created</dfn>, given some script source, its scripting
language, a global object, a browsing context, a character encoding,
- and a base URL, the user agent must run the following steps:<ol><li><p>Set up a <a href=#script-execution-environment>script execution environment</a> as
+ and a base URL, the user agent must run the following steps:<ol><li><p>If <a href=#concept-bc-noscript title=concept-bc-noscript>scripting is
+ disabled</a> for <a href=#browsing-context>browsing context</a> passed to this
+ algorithm, then abort these steps, as if the script did nothing but
+ return void.</p>
+
+ <li><p>Set up a <a href=#script-execution-environment>script execution environment</a> as
appropriate for the scripting language.</li>
<li><p>Parse/compile/initialize the source of the script using the
@@ -29313,7 +29326,8 @@
<p>Let <var title="">result</var> be the return value of the
<i><a href=#initial-code-entry-point>initial code entry-point</a></i> of this <a href=#concept-script title=concept-script>script</a>. If an exception was
- raised, let <var title="">result</var> be void instead.</p>
+ raised, let <var title="">result</var> be void instead. (The
+ result will be void also if <a href=#concept-bc-noscript title=concept-bc-noscript>scripting is disabled</a>.)</p>
<p>When it comes time to <a href=#set-the-document-s-address>set the document's address</a>
in the <a href=#navigate title=navigate>navigation algorithm</a>, use
@@ -29336,7 +29350,8 @@
<p>Let <var title="">result</var> be the return value of the
<i><a href=#initial-code-entry-point>initial code entry-point</a></i> of this <a href=#concept-script title=concept-script>script</a>. If an exception was
- raised, let <var title="">result</var> be void instead.</p>
+ raised, let <var title="">result</var> be void instead. (The
+ result will be void also if <a href=#concept-bc-noscript title=concept-bc-noscript>scripting is disabled</a>.)</p>
</dd>
@@ -29384,10 +29399,7 @@
<a href=#browsing-context>browsing context</a>'s document, thus changing the
variables visible in that <a href=#browsing-context>browsing context</a>.</p>
- </div><p class=note>The rules for <a href=#create-a-script title="create a script">creating
- a script</a> include making the script not execute (and just
- return void) in certain cases, e.g. in a sandbox or when the user
- has disabled scripting altogether.<h4 id=events><span class=secno>5.5.6 </span>Events</h4><h5 id=event-handler-attributes><span class=secno>5.5.6.1 </span>Event handler attributes</h5><!--test: <a href="http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C!DOCTYPE%20html%3E%0A...%3Cscript%3E%0Aw(a%3Ddocument.implementation.createDocument(null%2C%20null%2C%20null))%3B%0Aw(a.appendChild(a.createElementNS('http%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml'%2C%20'html')))%3B%0Aw(b%3Da.firstChild.appendChild(a.createElementNS('http%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml'%2C%20'body')))%3B%0Aw(b.test%20%3D%20w)%3B%0Aw(b.setAttribute('onclick'%2C%20'test(%22fire%3A%20%22%20%2B%20event)'))%3B%0Aw(b.onclick)%3B%0Aw(e%3Da.createEvent('Event'))%3B%0Aw(e.initEvent('click'%2C%20false%2C%20false))%3B%0Aw(b.dispatchEvent(e))%3B%0A%3C%2Fscript%3E">test</a>--><p>Many objects can have <dfn id=event-handler-attributes-0>event handler attributes</dfn>
+ </div><h4 id=events><span class=secno>5.5.6 </span>Events</h4><h5 id=event-handler-attributes><span class=secno>5.5.6.1 </span>Event handler attributes</h5><!--test: <a href="http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C!DOCTYPE%20html%3E%0A...%3Cscript%3E%0Aw(a%3Ddocument.implementation.createDocument(null%2C%20null%2C%20null))%3B%0Aw(a.appendChild(a.createElementNS('http%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml'%2C%20'html')))%3B%0Aw(b%3Da.firstChild.appendChild(a.createElementNS('http%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml'%2C%20'body')))%3B%0Aw(b.test%20%3D%20w)%3B%0Aw(b.setAttribute('onclick'%2C%20'test(%22fire%3A%20%22%20%2B%20event)'))%3B%0Aw(b.onclick)%3B%0Aw(e%3Da.createEvent('Event'))%3B%0Aw(e.initEvent('click'%2C%20false%2C%20false))%3B%0Aw(b.dispatchEvent(e))%3B%0A%3C%2Fscript%3E">test</a>--><p>Many objects can have <dfn id=event-handler-attributes-0>event handler attributes</dfn>
specified. These act as bubbling event listeners for the element on
which they are specified.<p>An <a href=#event-handler-attributes-0 title="event handler attributes">event handler
attribute</a>, unless otherwise specified, can either have the
@@ -29406,9 +29418,10 @@
<code><a href=#messageport>MessagePort</a></code> objects.</p><hr><p><dfn id=event-handler-content-attributes>Event handler content attributes</dfn>, when specified, must
contain valid ECMAScript code matching the ECMAScript <code title="">FunctionBody</code> production. <a href=#references>[ECMA262]</a></p><!-- SCRIPT EXEC --><p>When an event handler content attribute is set, if the element is
owned by a <code>Document</code> that is in a <a href=#browsing-context>browsing
- context</a>, the user agent must run the following steps to
- create a <a href=#concept-script title=concept-script>script</a> after setting
- the content attribute to its new value:<ol><li><p>Set up a <a href=#script-execution-environment>script execution environment</a> for
+ context</a>, and <a href=#concept-bc-script title=concept-bc-script>scripting is
+ enabled</a> for that <a href=#browsing-context>browsing context</a>, the user
+ agent must run the following steps to create a <a href=#concept-script title=concept-script>script</a> after setting the content
+ attribute to its new value:<ol><li><p>Set up a <a href=#script-execution-environment>script execution environment</a> for
JavaScript.</li>
<li>
@@ -39731,7 +39744,7 @@
points to the last <code><a href=#the-form-element>form</a></code> element that was opened and
whose end tag has not yet been seen. It is used to make form
controls associate with forms in the face of dramatically bad
- markup, for historical reasons.<h5 id=other-parsing-state-flags><span class=secno>8.2.3.5 </span>Other parsing state flags</h5><p>The <dfn id=scripting-flag>scripting flag</dfn> is set to "enabled" if the <a href=#concept-n-script title=concept-n-script>scripting was enabled</a> for the
+ markup, for historical reasons.<h5 id=other-parsing-state-flags><span class=secno>8.2.3.5 </span>Other parsing state flags</h5><p>The <dfn id=scripting-flag>scripting flag</dfn> is set to "enabled" if <a href=#concept-n-script title=concept-n-script>scripting was enabled</a> for the
<code>Document</code> with which the parser is associated when the
parser was created, and "disabled" otherwise.<p>The <dfn id=frameset-ok-flag>frameset-ok flag</dfn> is set to "ok" when the parser is
created. It is set to "not ok" after certain tokens are seen.<h4 id=tokenization><span class=secno>8.2.4 </span><dfn>Tokenization</dfn></h4><p>Implementations must act as if they used the following state
Received on Friday, 13 February 2009 23:13:41 UTC