spec/Overview.html 1.1640 2469 Clear up document.cookie; make document. from poot on 2008-11-27 (public-html-diffs@w3.org from November 2008)

From: poot <cvsmail@w3.org>
Date: Thu, 27 Nov 2008 11:22:54 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20081127022254.CC7282BBF7@toro.w3.mag.keio.ac.jp>
Clear up document.cookie; make document.open() update the doc address.
(whatwg r2469)

script-created parser
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1640.html#script-created-parser
lastModified
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1640.html#dom-document-lastmodified
cookie
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1640.html#dom-document-cookie
referrer
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1640.html#dom-document-referrer
On getting, if the document is not associated with a browsing context then the user agent must raise an INVALID_STATE_ERR exception. Otherwise, if the sandboxed origin browsing context flag is set on the browsing context of the document, the user agent must raise a SECURITY_ERR exception. Otherwise, if the document's address does not use a server-based naming authority, it must return the empty string. Otherwise, it must return the same string as the value of the Cookie HTTP header it would include if fetching the resource indicated by the document's address over HTTP, as per RFC 2109 section 4.3.4 or later specifications. [RFC2109] [RFC2965]
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1640.html#sandboxCookies
3.7.1 Controlling the input stream
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1640.html#controlling-the-input-stream

http://people.w3.org/mike/diffs/html5/spec/Overview.diff.html
http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.1639&r2=1.1640&f=h
http://html5.org/tools/web-apps-tracker?from=2468&to=2469

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.1639
retrieving revision 1.1640
diff -u -d -r1.1639 -r1.1640
--- Overview.html 27 Nov 2008 02:00:35 -0000 1.1639
+++ Overview.html 27 Nov 2008 02:20:11 -0000 1.1640
@@ -4763,25 +4763,29 @@
   referrers in the case where the referrer uses an encrypted protocol
   and the current page does not (e.g. when navigating from an <code title="">https:</code> page to an <code title="">http:</code>
   page).</p><hr><p>The <dfn id=dom-document-cookie title=dom-document-cookie><code>cookie</code></dfn>
-  attribute represents the cookies of the resource.</p><!-- XXX this needs work; e.g. document.open() should return the
-  cookies of the document that called document.open(), not of
-  about:blank or the document that had .open() called on, as I
-  understand it. --><p id=sandboxCookies>On getting, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin
-  browsing context flag</a> is set on the <a href=#browsing-context>browsing
-  context</a> of the document, the user agent must raise a
-  <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, it must return the
-  same string as the value of the <code title="">Cookie</code> HTTP
-  header it would include if <a href=#fetch title=fetch>fetching</a> the
-  resource indicated by <a href=#the-document-s-address>the document's address</a> over HTTP,
-  as per RFC 2109 section 4.3.4 or later specifications. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a><p>On setting, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context
-  flag</a> is set on the <a href=#browsing-context>browsing context</a> of the
-  document, the user agent must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
-  exception. Otherwise, the user agent must act as it would when
-  processing cookies if it had just attempted to <a href=#fetch>fetch</a>
-  <a href=#the-document-s-address>the document's address</a> over HTTP, and had received a
-  response with a <code>Set-Cookie</code> header whose value was the
-  specified value, as per RFC 2109 sections 4.3.1, 4.3.2, and 4.3.3 or
-  later specifications. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a><p class=note>Since the <code title=dom-document-cookie><a href=#dom-document-cookie>cookie</a></code> attribute is accessible
+  attribute represents the cookies of the resource.<p id=sandboxCookies>On getting, if the document is not associated
+  with a <a href=#browsing-context>browsing context</a> then the user agent must raise
+  an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
+  <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> is set on the
+  <a href=#browsing-context>browsing context</a> of the document, the user agent must
+  raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href=#the-document-s-address>the
+  document's address</a> does not use a server-based naming
+  authority, it must return the empty string. Otherwise, it must
+  return the same string as the value of the <code title="">Cookie</code> HTTP header it would include if <a href=#fetch title=fetch>fetching</a> the resource indicated by <a href=#the-document-s-address>the
+  document's address</a> over HTTP, as per RFC 2109 section 4.3.4
+  or later specifications. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a><p>On setting, if the document is not associated with a
+  <a href=#browsing-context>browsing context</a> then the user agent must raise an
+  <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
+  <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> is set on the
+  <a href=#browsing-context>browsing context</a> of the document, the user agent must
+  raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href=#the-document-s-address>the
+  document's address</a> does not use a server-based naming
+  authority, it must do nothing. Otherwise, the user agent must act as
+  it would when processing cookies if it had just attempted to
+  <a href=#fetch>fetch</a> <a href=#the-document-s-address>the document's address</a> over HTTP,
+  and had received a response with a <code>Set-Cookie</code> header
+  whose value was the specified value, as per RFC 2109 sections 4.3.1,
+  4.3.2, and 4.3.3 or later specifications. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a><p class=note>Since the <code title=dom-document-cookie><a href=#dom-document-cookie>cookie</a></code> attribute is accessible
   across frames, the path restrictions on cookies are only a tool to
   help manage which cookies are sent to which parts of the site, and
   are not in any way a security feature.</p><hr><p>The <dfn id=dom-document-lastmodified title=dom-document-lastModified><code>lastModified</code></dfn>
@@ -5934,6 +5938,9 @@
    <li><p>Change the <a href=#document-s-character-encoding>document's character encoding</a> to
    UTF-16.</li>
 
+   <li><p>Change <a href=#the-document-s-address>the document's address</a> to the <a href=#the-document-s-address title="the document's address">address</a> of the <a href=#script-document-context>script
+   document context</a> of the script that invoked the <code title=dom-document-open><a href=#dom-document-open>document.open()</a></code> method.</li>
+
    <li><p>Create a new <a href=#html-parser>HTML parser</a> and associate it with
    the document. This is a <dfn id=script-created-parser>script-created parser</dfn> (meaning
    that it can be closed by the <code title=dom-document-open><a href=#dom-document-open>document.open()</a></code> and <code title=dom-document-close><a href=#dom-document-close>document.close()</a></code> methods, and
Received on Thursday, 27 November 2008 02:23:32 UTC