- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 25 Jun 2010 19:22:27 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec In directory hutz:/tmp/cvs-serv21469 Modified Files: Overview.html Log Message: Captions - Stage 11.3: completed the external timed track download processing model, and did some more work on parsing WebSRT. Also: Update the 'fetch' algorithm to support doing same-origin enforcing, and made various parts of the spec use it; also made parts of the spec that acted like the algorith was sync actually invoke it that way. (whatwg r5111) Index: Overview.html =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.4104 retrieving revision 1.4105 diff -u -d -r1.4104 -r1.4105 --- Overview.html 24 Jun 2010 22:18:15 -0000 1.4104 +++ Overview.html 25 Jun 2010 19:22:23 -0000 1.4105 @@ -5316,16 +5316,23 @@ <p>When a user agent is to <dfn id="fetch">fetch</dfn> a resource or <a href="#url">URL</a>, optionally from an origin <i title="">origin</i>, - and optionally with a <i>synchronous flag</i> and/or a <i>manual - redirect flag</i>, the following steps must be run. (When a - <em>URL</em> is to be fetched, the URL identifies a resource to be - obtained.)</p> + and optionally with a <i>synchronous flag</i>, a <i>manual redirect + flag</i>, and/or a <i>force same-origin flag</i>, the following + steps must be run. (When a <em>URL</em> is to be fetched, the URL + identifies a resource to be obtained.)</p> <!-- if invoked with the synchronous flag, make sure to release the storage mutex first --> - <!-- synchronous flag is only used by sync-XHR, for legacy reasons; - don't use it in new features! --> + <!-- synchronous flag is only to be used in algorithms that are + themselves asynchronous! Only sync-XHR is allowed to make the + mistake of screwing that up. :-P --> + + <!-- the force same-origin flag is for use in places where we'll be + moving to CORS one day; when used, the algorithm must be invoked + with a URL (not something else, like a POST request) whose origin is + the same as the /origin/, which must also be present, and the + algorithm must not be invoked with the manual redirect flag. --> <ol><li> @@ -5422,7 +5429,19 @@ <p>If the fetched resource is an HTTP redirect <a href="#concept-http-equivalent-codes" title="concept-http-equivalent-codes">or equivalent</a>, then:</p> - <dl class="switch"><dt>If the <i>manual redirect flag</i> is set</dt> + <dl class="switch"><dt>If the <i>force same-origin flag</i> is set and the + <a href="#url">URL</a> of the target of the redirect does not have the + <a href="#same-origin">same origin</a> as the <a href="#url">URL</a> for which the + <a href="#fetch">fetch</a> algorithm was invoked</dt> + + <dd> + + <p>Abort these steps and return failure from this algorithm, as + if the remote host could not be contacted.</p> + + </dd> + + <dt>If the <i>manual redirect flag</i> is set</dt> <dd> @@ -16957,7 +16976,7 @@ <p>If the image was not fetched (e.g. because the UA's image support is disabled, or because the <code title="attr-img-src"><a href="#attr-img-src">src</a></code> attribute's value is the empty string, or if the conditions in the - previous paragraph are not met, then the image is <em>not</em> <i title="img-available"><a href="#img-available">available</a></i>.</p> + previous paragraph are not met), then the image is <em>not</em> <i title="img-available"><a href="#img-available">available</a></i>.</p> <p>Whether the image is fetched successfully or not (e.g. whether the response code was a 2xx code <a href="#concept-http-equivalent-codes" title="concept-http-equivalent-codes">or equivalent</a>) must be @@ -20988,8 +21007,9 @@ <p>Begin to <a href="#fetch">fetch</a> the <var title="">current media resource</var>, from the <a href="#media-element">media element</a>'s - <code><a href="#document">Document</a></code>'s <a href="#origin">origin</a>.</p> <!-- not - http-origin privacy sensitive (looking forward to CORS here) --> + <code><a href="#document">Document</a></code>'s <a href="#origin">origin</a>, with the <i>force + same-origin flag</i> set.</p> <!-- not http-origin privacy + sensitive (looking forward to CORS here) --> <p>Every 350ms (±200ms) or for every byte received, whichever is <em>least</em> frequent, <a href="#queue-a-task">queue a task</a> to @@ -44468,9 +44488,10 @@ <li> <p><i>Fetching the manifest</i>: <a href="#fetch">Fetch</a> the resource - from <var title="">manifest URL</var>, and let <var title="">manifest</var> be that resource.</p> <!-- http-origin - privacy sensitive, though it doesn't matter, since this can never - be cross-origin --> + from <var title="">manifest URL</var> with the <i>synchronous + flag</i> set, and let <var title="">manifest</var> be that + resource.</p> <!-- http-origin privacy sensitive, though it + doesn't matter, since this can never be cross-origin --> <p>If the resource is labeled with the <a href="#mime-type">MIME type</a> <code><a href="#text-cache-manifest">text/cache-manifest</a></code>, parse <var title="">manifest</var> according to the <a href="#parse-a-manifest" title="parse a @@ -44707,14 +44728,15 @@ <li> <p><a href="#fetch">Fetch</a> the resource, from the <a href="#origin">origin</a> - of the <a href="#url">URL</a> <var title="">manifest URL</var>. If - this is an <a href="#concept-appcache-upgrade" title="concept-appcache-upgrade">upgrade - attempt</a>, then use the <a href="#concept-appcache-newer" title="concept-appcache-newer">newest</a> <a href="#application-cache">application - cache</a> in <var title="">cache group</var> as an HTTP - cache, and honor HTTP caching semantics (such as expiration, - ETags, and so forth) with respect to that cache. User agents may - also have other caches in place that are also honored.</p> <!-- - not http-origin privacy sensitive --> + of the <a href="#url">URL</a> <var title="">manifest URL</var>, with + the <i>synchronous flag</i> set and the <i>manual redirect + flag</i> set. If this is an <a href="#concept-appcache-upgrade" title="concept-appcache-upgrade">upgrade attempt</a>, then + use the <a href="#concept-appcache-newer" title="concept-appcache-newer">newest</a> + <a href="#application-cache">application cache</a> in <var title="">cache + group</var> as an HTTP cache, and honor HTTP caching semantics + (such as expiration, ETags, and so forth) with respect to that + cache. User agents may also have other caches in place that are + also honored.</p> <!-- not http-origin privacy sensitive --> <p class="note">If the resource in question is already being downloaded for other reasons then the existing download process @@ -44890,9 +44912,10 @@ <li> <p><a href="#fetch">Fetch</a> the resource from <var title="">manifest - URL</var> again, and let <var title="">second manifest</var> be - that resource.</p> <!-- http-origin privacy sensitive, though it - doesn't matter, since this can never be cross-origin --> + URL</var> again, with the <i>synchronous flag</i> set, and let + <var title="">second manifest</var> be that resource.</p> <!-- + http-origin privacy sensitive, though it doesn't matter, since + this can never be cross-origin --> </li>
Received on Friday, 25 June 2010 19:22:29 UTC