Short URL: http://html5.org/r/2469
| SVN | Bug | Comment | Time (UTC) |
|---|---|---|---|
| 2469 | Clear up document.cookie; make document.open() update the doc address. | 2008-11-27 02:20 |
Index: source
===================================================================
--- source (revision 2468)
+++ source (revision 2469)
@@ -5716,33 +5716,37 @@
<p>The <dfn title="dom-document-cookie"><code>cookie</code></dfn>
attribute represents the cookies of the resource.</p>
- <!-- XXX this needs work; e.g. document.open() should return the
- cookies of the document that called document.open(), not of
- about:blank or the document that had .open() called on, as I
- understand it. -->
+ <p id="sandboxCookies">On getting, if the document is not associated
+ with a <span>browsing context</span> then the user agent must raise
+ an <code>INVALID_STATE_ERR</code> exception. Otherwise, if the
+ <span>sandboxed origin browsing context flag</span> is set on the
+ <span>browsing context</span> of the document, the user agent must
+ raise a <code>SECURITY_ERR</code> exception. Otherwise, if <span>the
+ document's address</span> does not use a server-based naming
+ authority, it must return the empty string. Otherwise, it must
+ return the same string as the value of the <code
+ title="">Cookie</code> HTTP header it would include if <span
+ title="fetch">fetching</span> the resource indicated by <span>the
+ document's address</span> over HTTP, as per RFC 2109 section 4.3.4
+ or later specifications. <a href="#refsRFC2109">[RFC2109]</a> <a
+ href="#refsRFC2965">[RFC2965]</a></p>
- <p id="sandboxCookies">On getting, if the <span>sandboxed origin
- browsing context flag</span> is set on the <span>browsing
- context</span> of the document, the user agent must raise a
- <code>SECURITY_ERR</code> exception. Otherwise, it must return the
- same string as the value of the <code title="">Cookie</code> HTTP
- header it would include if <span title="fetch">fetching</span> the
- resource indicated by <span>the document's address</span> over HTTP,
- as per RFC 2109 section 4.3.4 or later specifications. <a
+ <p>On setting, if the document is not associated with a
+ <span>browsing context</span> then the user agent must raise an
+ <code>INVALID_STATE_ERR</code> exception. Otherwise, if the
+ <span>sandboxed origin browsing context flag</span> is set on the
+ <span>browsing context</span> of the document, the user agent must
+ raise a <code>SECURITY_ERR</code> exception. Otherwise, if <span>the
+ document's address</span> does not use a server-based naming
+ authority, it must do nothing. Otherwise, the user agent must act as
+ it would when processing cookies if it had just attempted to
+ <span>fetch</span> <span>the document's address</span> over HTTP,
+ and had received a response with a <code>Set-Cookie</code> header
+ whose value was the specified value, as per RFC 2109 sections 4.3.1,
+ 4.3.2, and 4.3.3 or later specifications. <a
href="#refsRFC2109">[RFC2109]</a> <a
href="#refsRFC2965">[RFC2965]</a></p>
- <p>On setting, if the <span>sandboxed origin browsing context
- flag</span> is set on the <span>browsing context</span> of the
- document, the user agent must raise a <code>SECURITY_ERR</code>
- exception. Otherwise, the user agent must act as it would when
- processing cookies if it had just attempted to <span>fetch</span>
- <span>the document's address</span> over HTTP, and had received a
- response with a <code>Set-Cookie</code> header whose value was the
- specified value, as per RFC 2109 sections 4.3.1, 4.3.2, and 4.3.3 or
- later specifications. <a href="#refsRFC2109">[RFC2109]</a> <a
- href="#refsRFC2965">[RFC2965]</a></p>
-
<p class="note">Since the <code
title="dom-document-cookie">cookie</code> attribute is accessible
across frames, the path restrictions on cookies are only a tool to
@@ -7487,6 +7491,11 @@
<li><p>Change the <span>document's character encoding</span> to
UTF-16.</p></li>
+ <li><p>Change <span>the document's address</span> to the <span
+ title="the document's address">address</span> of the <span>script
+ document context</span> of the script that invoked the <code
+ title="dom-document-open">document.open()</code> method.</p></li>
+
<li><p>Create a new <span>HTML parser</span> and associate it with
the document. This is a <dfn>script-created parser</dfn> (meaning
that it can be closed by the <code