- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 24 Mar 2009 08:15:22 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec In directory hutz:/tmp/cvs-serv10121 Modified Files: Overview.html Log Message: Block concurrent access to .cookie and .localStorage using the storage mutex. (whatwg r2899) Index: Overview.html =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.2067 retrieving revision 1.2068 diff -u -d -r1.2067 -r1.2068 --- Overview.html 24 Mar 2009 07:42:06 -0000 1.2067 +++ Overview.html 24 Mar 2009 08:15:19 -0000 1.2068 @@ -6226,10 +6226,13 @@ <code>Document</code> was created, the user agent must raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href=#the-document-s-address>the document's address</a> does not use a server-based naming - authority, it must return the empty string. Otherwise, it must - return the same string as the value of the <code title="">Cookie</code> HTTP header it would include if <a href=#fetch title=fetch>fetching</a> the resource indicated by <a href=#the-document-s-address>the - document's address</a> over HTTP, as per RFC 2109 section 4.3.4 - or later specifications, excluding HTTP-only cookies. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></p> + authority, it must return the empty string. Otherwise, it must first + <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then return the same + string as the value of the <code title="">Cookie</code> HTTP header + it would include if <a href=#fetch title=fetch>fetching</a> the resource + indicated by <a href=#the-document-s-address>the document's address</a> over HTTP, as per + RFC 2109 section 4.3.4 or later specifications, excluding HTTP-only + cookies. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></p> <p>On setting, if the document is not associated with a <a href=#browsing-context>browsing context</a> then the user agent must raise an @@ -6239,13 +6242,14 @@ <code>Document</code> was created, the user agent must raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href=#the-document-s-address>the document's address</a> does not use a server-based naming - authority, it must do nothing. Otherwise, the user agent must act as - it would when processing cookies if it had just attempted to - <a href=#fetch>fetch</a> <a href=#the-document-s-address>the document's address</a> over HTTP, - and had received a response with a <code>Set-Cookie</code> header - whose value was the specified value, as per RFC 2109 sections 4.3.1, - 4.3.2, and 4.3.3 or later specifications, but without overwriting - the values of HTTP-only cookies. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></p> + authority, it must do nothing. Otherwise, the user agent must + <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then act as it would when + processing cookies if it had just attempted to <a href=#fetch>fetch</a> + <a href=#the-document-s-address>the document's address</a> over HTTP, and had received a + response with a <code>Set-Cookie</code> header whose value was the + specified value, as per RFC 2109 sections 4.3.1, 4.3.2, and 4.3.3 or + later specifications, but without overwriting the values of + HTTP-only cookies. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></p> <p class=note>This specification does not define what makes an HTTP-only cookie, and at the time of publication the editor is not
Received on Tuesday, 24 March 2009 08:15:30 UTC