- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Wed, 21 Jan 2009 00:58:18 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv25372
Modified Files:
Overview.html
Log Message:
Prevent cross-origin javascript: navigation of browsing contexts. Define the base URL and document's address of pages generated by javascript: URLs. Minor editorial tweaks. (whatwg r2683)
Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.1852
retrieving revision 1.1853
diff -u -d -r1.1852 -r1.1853
--- Overview.html 21 Jan 2009 00:15:07 -0000 1.1852
+++ Overview.html 21 Jan 2009 00:58:15 -0000 1.1853
@@ -28346,24 +28346,10 @@
<i><a href=#initial-code-entry-point>initial code entry-point</a></i> of this <a href=#concept-script title=concept-script>script</a>. If an exception was
raised, let <var title="">result</var> be void instead.</p>
- </dd>
-
- <dt>If a <a href=#browsing-context>browsing context</a> is being <a href=#navigate title=navigate>navigated</a> to a <code>javascript:</code>
- URL, and the <a href=#active-document>active document</a> of that browsing
- context has an <a href=#origin-0>origin</a> that is <em>not</em> the <a href=#same-origin title="same origin">same</a> as that of the script given by
- the URL</dt>
-
- <dd>
-
- <p><a href=#create-an-impotent-script>Create an impotent script</a> using the
- aforementioned script source, with the scripting language set to
- JavaScript, and with the <a href=#browsing-context>browsing context</a> being
- <a href=#navigate title=navigate>navigated</a> as the browsing
- context.</p>
-
- <p>Let <var title="">result</var> be the return value of the
- <i><a href=#initial-code-entry-point>initial code entry-point</a></i> of this <a href=#concept-script title=concept-script>script</a>. If an exception was
- raised, let <var title="">result</var> be void instead.</p>
+ <p>When it comes time to <a href=#set-the-document-s-address>set the document's address</a>
+ in the <a href=#navigate title=navigate>navigation algorithm</a>, use
+ the <a href=#script-s-base-url>script's base URL</a> as the <a href=#override-url>override
+ URL</a>.</p>
</dd>
@@ -31396,17 +31382,11 @@
<p>If <var title="">candidate</var> is not marked as <a href=#concept-appcache-foreign title=concept-appcache-foreign>foreign</a>, then the user
agent must discard the failed load and instead continue along
these steps using <var title="">candidate</var> as the
- resource.</p>
-
- <p>For the purposes of session history (and features that depend
- on session history, e.g. bookmarking) the user agent must use the
- URL of the resource that was requested (the one that matched the
- <a href=#concept-appcache-fallback-ns title=concept-appcache-fallback-ns>fallback
- namespace</a>), not the fallback resource, as the resource's
- <a href=#the-document-s-address title="the document's address">address</a>. However, the
- user agent may indicate to the user that the original page load
- failed, that the page used was a fallback resource, and what the
- URL of the fallback resource actually is.</p>
+ resource. <a href=#the-document-s-address>The document's address</a>, if appropriate,
+ will still be the originally requested URL, not the fallback URL,
+ but the user agent may indicate to the user that the original page
+ load failed, that the page used was a fallback resource, and what
+ the URL of the fallback resource actually is.</p>
</li>
@@ -31479,15 +31459,23 @@
<dd>Follow the steps given in the <a href=#read-plugin title=navigate-plugin>plugin</a> section, and abort these
steps.</dd>
- </dl><p>Any <code>Document</code> created by these steps must have its
- <a href=#the-document-s-address title="the document's address">address</a> set to the
+ </dl><p><dfn id=set-the-document-s-address title="set the document's address">Setting the document's
+ address</dfn>: If there is no <dfn id=override-url>override URL</dfn>, then any
+ <code>Document</code> created by these steps must have its <a href=#the-document-s-address title="the document's address">address</a> set to the
<a href=#url>URL</a> that was originally to be <a href=#fetch title=fetch>fetched</a>, ignoring any other data that was
used to obtain the resource (e.g. the entity body in the case of a
POST submission is not part of <a href=#the-document-s-address>the document's
address</a>, nor is the URL of the fallback resource in the
case of the original load having failed and that URL having been
found to match a <a href=#concept-appcache-fallback-ns title=concept-appcache-fallback-ns>fallback
- namespace</a>).</p>
+ namespace</a>). However, if there <em>is</em> an <a href=#override-url>override
+ URL</a>, then any <code>Document</code> created by these steps
+ must have its <a href=#the-document-s-address title="the document's address">address</a>
+ set to that <a href=#url>URL</a> instead.</p>
+
+ <p class=note>An <a href=#override-url title="override URL">override URL</a>
+ is set when <a href=#concept-js-deref title=concept-js-deref>dereferencing a
+ <code>javascript:</code> URL</a>.</p>
</li>
@@ -46177,4 +46165,9 @@
http://code.google.com/p/support/issues/detail?id=1#makechanges
XXX * become more consistent about what markup we use to mark up
productions (nothing? <i>? <code>?)
+ XXX * expose the value of a radio button group
+ - either on the NodeList returned by HTMLFormControlCollection
+ - or on the radio button itself
+ - or both, so it works even when the form controls have names
+ that vary more than HTMLFormControlCollection allows?
-->
Received on Wednesday, 21 January 2009 00:58:28 UTC