- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 13 Feb 2009 23:18:48 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv21249
Modified Files:
Overview.html
Log Message:
Clarify that sandbox's origin features only take effect at navigation. (whatwg r2824)
Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.1994
retrieving revision 1.1995
diff -u -d -r1.1994 -r1.1995
--- Overview.html 13 Feb 2009 23:13:29 -0000 1.1994
+++ Overview.html 13 Feb 2009 23:18:45 -0000 1.1995
@@ -5370,9 +5370,10 @@
attribute represents the cookies of the resource.<p id=sandboxCookies>On getting, if the document is not associated
with a <a href=#browsing-context>browsing context</a> then the user agent must raise
an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
- <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> is set on the
- <a href=#browsing-context>browsing context</a> of the document, the user agent must
- raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href=#the-document-s-address>the
+ <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
+ <a href=#browsing-context>browsing context</a> of the <code>Document</code> when the
+ <code>Document</code> was created, the user agent must raise a
+ <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href=#the-document-s-address>the
document's address</a> does not use a server-based naming
authority, it must return the empty string. Otherwise, it must
return the same string as the value of the <code title="">Cookie</code> HTTP header it would include if <a href=#fetch title=fetch>fetching</a> the resource indicated by <a href=#the-document-s-address>the
@@ -5380,9 +5381,10 @@
or later specifications, excluding HTTP-only cookies. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a><p>On setting, if the document is not associated with a
<a href=#browsing-context>browsing context</a> then the user agent must raise an
<code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
- <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> is set on the
- <a href=#browsing-context>browsing context</a> of the document, the user agent must
- raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href=#the-document-s-address>the
+ <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
+ <a href=#browsing-context>browsing context</a> of the <code>Document</code> when the
+ <code>Document</code> was created, the user agent must raise a
+ <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href=#the-document-s-address>the
document's address</a> does not use a server-based naming
authority, it must do nothing. Otherwise, the user agent must act as
it would when processing cookies if it had just attempted to
@@ -13715,6 +13717,10 @@
</div>
+ <p class=warning>This flag only takes effect when the
+ <a href=#nested-browsing-context>nested browsing context</a> of the <code><a href=#the-iframe-element>iframe</a></code> is
+ <a href=#navigate title=navigate>navigated</a>.</p>
+
</dd>
@@ -28669,7 +28675,8 @@
<dl class=switch><dt id=sandboxOrigin>If a <code>Document</code> is in a
<a href=#browsing-context>browsing context</a> whose <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin
- browsing context flag</a> is set</dt>
+ browsing context flag</a> was set when the
+ <code>Document</code> was created</dt>
<dd>The <a href=#origin-0>origin</a> is a globally unique identifier
assigned when the <code>Document</code> is created.</dd>
Received on Friday, 13 February 2009 23:18:56 UTC