html5/spec Overview.html,1.4104,1.4105 from Ian Hickson via cvs-syncmail on 2010-06-25 (public-html-commits@w3.org from June 2010)

From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
Date: Fri, 25 Jun 2010 19:22:27 +0000
To: public-html-commits@w3.org
Message-Id: <E1OSETr-0005aZ-Qe@lionel-hutz.w3.org>
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv21469

Modified Files:
	Overview.html 
Log Message:
Captions - Stage 11.3: completed the external timed track download processing model, and did some more work on parsing WebSRT. Also: Update the 'fetch' algorithm to support doing same-origin enforcing, and made various parts of the spec use it; also made parts of the spec that acted like the algorith was sync actually invoke it that way. (whatwg r5111)

Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4104
retrieving revision 1.4105
diff -u -d -r1.4104 -r1.4105
--- Overview.html	24 Jun 2010 22:18:15 -0000	1.4104
+++ Overview.html	25 Jun 2010 19:22:23 -0000	1.4105
@@ -5316,16 +5316,23 @@
 
   <p>When a user agent is to <dfn id="fetch">fetch</dfn> a resource or
   <a href="#url">URL</a>, optionally from an origin <i title="">origin</i>,
-  and optionally with a <i>synchronous flag</i> and/or a <i>manual
-  redirect flag</i>, the following steps must be run. (When a
-  <em>URL</em> is to be fetched, the URL identifies a resource to be
-  obtained.)</p>
+  and optionally with a <i>synchronous flag</i>, a <i>manual redirect
+  flag</i>, and/or a <i>force same-origin flag</i>, the following
+  steps must be run. (When a <em>URL</em> is to be fetched, the URL
+  identifies a resource to be obtained.)</p>
 
   <!-- if invoked with the synchronous flag, make sure to release the
   storage mutex first -->
 
-  <!-- synchronous flag is only used by sync-XHR, for legacy reasons;
-  don't use it in new features! -->
+  <!-- synchronous flag is only to be used in algorithms that are
+  themselves asynchronous! Only sync-XHR is allowed to make the
+  mistake of screwing that up. :-P -->
+
+  <!-- the force same-origin flag is for use in places where we'll be
+  moving to CORS one day; when used, the algorithm must be invoked
+  with a URL (not something else, like a POST request) whose origin is
+  the same as the /origin/, which must also be present, and the
+  algorithm must not be invoked with the manual redirect flag. -->
 
   <ol><li>
 
@@ -5422,7 +5429,19 @@
     <p>If the fetched resource is an HTTP redirect <a href="#concept-http-equivalent-codes" title="concept-http-equivalent-codes">or equivalent</a>,
     then:</p>
 
-    <dl class="switch"><dt>If the <i>manual redirect flag</i> is set</dt>
+    <dl class="switch"><dt>If the <i>force same-origin flag</i> is set and the
+     <a href="#url">URL</a> of the target of the redirect does not have the
+     <a href="#same-origin">same origin</a> as the <a href="#url">URL</a> for which the
+     <a href="#fetch">fetch</a> algorithm was invoked</dt>
+
+     <dd>
+
+      <p>Abort these steps and return failure from this algorithm, as
+      if the remote host could not be contacted.</p>
+
+     </dd>
+
+     <dt>If the <i>manual redirect flag</i> is set</dt>
 
      <dd>
 
@@ -16957,7 +16976,7 @@
   <p>If the image was not fetched (e.g. because the UA's image support
   is disabled, or because the <code title="attr-img-src"><a href="#attr-img-src">src</a></code>
   attribute's value is the empty string, or if the conditions in the
-  previous paragraph are not met, then the image is <em>not</em> <i title="img-available"><a href="#img-available">available</a></i>.</p>
+  previous paragraph are not met), then the image is <em>not</em> <i title="img-available"><a href="#img-available">available</a></i>.</p>
 
   <p>Whether the image is fetched successfully or not (e.g. whether
   the response code was a 2xx code <a href="#concept-http-equivalent-codes" title="concept-http-equivalent-codes">or equivalent</a>) must be
@@ -20988,8 +21007,9 @@
 
     <p>Begin to <a href="#fetch">fetch</a> the <var title="">current media
     resource</var>, from the <a href="#media-element">media element</a>'s
-    <code><a href="#document">Document</a></code>'s <a href="#origin">origin</a>.</p> <!-- not
-    http-origin privacy sensitive (looking forward to CORS here) -->
+    <code><a href="#document">Document</a></code>'s <a href="#origin">origin</a>, with the <i>force
+    same-origin flag</i> set.</p> <!-- not http-origin privacy
+    sensitive (looking forward to CORS here) -->
 
     <p>Every 350ms (&plusmn;200ms) or for every byte received, whichever
     is <em>least</em> frequent, <a href="#queue-a-task">queue a task</a> to
@@ -44468,9 +44488,10 @@
    <li>
 
     <p><i>Fetching the manifest</i>: <a href="#fetch">Fetch</a> the resource
-    from <var title="">manifest URL</var>, and let <var title="">manifest</var> be that resource.</p> <!-- http-origin
-    privacy sensitive, though it doesn't matter, since this can never
-    be cross-origin -->
+    from <var title="">manifest URL</var> with the <i>synchronous
+    flag</i> set, and let <var title="">manifest</var> be that
+    resource.</p> <!-- http-origin privacy sensitive, though it
+    doesn't matter, since this can never be cross-origin -->
 
     <p>If the resource is labeled with the <a href="#mime-type">MIME type</a>
     <code><a href="#text-cache-manifest">text/cache-manifest</a></code>, parse <var title="">manifest</var> according to the <a href="#parse-a-manifest" title="parse a
@@ -44707,14 +44728,15 @@
      <li>
 
       <p><a href="#fetch">Fetch</a> the resource, from the <a href="#origin">origin</a>
-      of the <a href="#url">URL</a> <var title="">manifest URL</var>. If
-      this is an <a href="#concept-appcache-upgrade" title="concept-appcache-upgrade">upgrade
-      attempt</a>, then use the <a href="#concept-appcache-newer" title="concept-appcache-newer">newest</a> <a href="#application-cache">application
-      cache</a> in <var title="">cache group</var> as an HTTP
-      cache, and honor HTTP caching semantics (such as expiration,
-      ETags, and so forth) with respect to that cache. User agents may
-      also have other caches in place that are also honored.</p> <!--
-      not http-origin privacy sensitive -->
+      of the <a href="#url">URL</a> <var title="">manifest URL</var>, with
+      the <i>synchronous flag</i> set and the <i>manual redirect
+      flag</i> set. If this is an <a href="#concept-appcache-upgrade" title="concept-appcache-upgrade">upgrade attempt</a>, then
+      use the <a href="#concept-appcache-newer" title="concept-appcache-newer">newest</a>
+      <a href="#application-cache">application cache</a> in <var title="">cache
+      group</var> as an HTTP cache, and honor HTTP caching semantics
+      (such as expiration, ETags, and so forth) with respect to that
+      cache. User agents may also have other caches in place that are
+      also honored.</p> <!-- not http-origin privacy sensitive -->
 
       <p class="note">If the resource in question is already being
       downloaded for other reasons then the existing download process
@@ -44890,9 +44912,10 @@
    <li>
 
     <p><a href="#fetch">Fetch</a> the resource from <var title="">manifest
-    URL</var> again, and let <var title="">second manifest</var> be
-    that resource.</p> <!-- http-origin privacy sensitive, though it
-    doesn't matter, since this can never be cross-origin -->
+    URL</var> again, with the <i>synchronous flag</i> set, and let
+    <var title="">second manifest</var> be that resource.</p> <!--
+    http-origin privacy sensitive, though it doesn't matter, since
+    this can never be cross-origin -->
 
    </li>
Received on Friday, 25 June 2010 19:22:29 UTC