HTML Standard Tracker

Diff (omit for latest revision)
Filter

Short URL: http://html5.org/r/2683

File a bug

SVNBugCommentTime (UTC)
2683[Gecko] [Internet Explorer] [Opera] [Webkit] Prevent cross-origin javascript: navigation of browsing contexts. Define the base URL and document's address of pages generated by javascript: URLs. Minor editorial tweaks.2009-01-21 00:58
Index: source
===================================================================
--- source	(revision 2682)
+++ source	(revision 2683)
@@ -39723,28 +39723,11 @@
       title="concept-script">script</span>. If an exception was
       raised, let <var title="">result</var> be void instead.</p>
 
-     </dd>
+      <p>When it comes time to <span>set the document's address</span>
+      in the <span title="navigate">navigation algorithm</span>, use
+      the <span>script's base URL</span> as the <span>override
+      URL</span>.</p>
 
-     <dt>If a <span>browsing context</span> is being <span
-     title="navigate">navigated</span> to a <code>javascript:</code>
-     URL, and the <span>active document</span> of that browsing
-     context has an <span>origin</span> that is <em>not</em> the <span
-     title="same origin">same</span> as that of the script given by
-     the URL</dt>
-
-     <dd>
-
-      <p><span>Create an impotent script</span> using the
-      aforementioned script source, with the scripting language set to
-      JavaScript, and with the <span>browsing context</span> being
-      <span title="navigate">navigated</span> as the browsing
-      context.</p>
-
-      <p>Let <var title="">result</var> be the return value of the
-      <i>initial code entry-point</i> of this <span
-      title="concept-script">script</span>. If an exception was
-      raised, let <var title="">result</var> be void instead.</p>
-
      </dd>
 
      <dt>If the <code>Document</code> object of the element,
@@ -43838,18 +43821,12 @@
     title="concept-appcache-foreign">foreign</span>, then the user
     agent must discard the failed load and instead continue along
     these steps using <var title="">candidate</var> as the
-    resource.</p>
+    resource. <span>The document's address</span>, if appropriate,
+    will still be the originally requested URL, not the fallback URL,
+    but the user agent may indicate to the user that the original page
+    load failed, that the page used was a fallback resource, and what
+    the URL of the fallback resource actually is.</p>
 
-    <p>For the purposes of session history (and features that depend
-    on session history, e.g. bookmarking) the user agent must use the
-    URL of the resource that was requested (the one that matched the
-    <span title="concept-appcache-fallback-ns">fallback
-    namespace</span>), not the fallback resource, as the resource's
-    <span title="the document's address">address</span>. However, the
-    user agent may indicate to the user that the original page load
-    failed, that the page used was a fallback resource, and what the
-    URL of the fallback resource actually is.</p>
-
    </li>
 
    <li><p>If the document's out-of-band metadata (e.g. HTTP headers),
@@ -43931,8 +43908,10 @@
 
     </dl>
 
-    <p>Any <code>Document</code> created by these steps must have its
-    <span title="the document's address">address</span> set to the
+    <p><dfn title="set the document's address">Setting the document's
+    address</dfn>: If there is no <dfn>override URL</dfn>, then any
+    <code>Document</code> created by these steps must have its <span
+    title="the document's address">address</span> set to the
     <span>URL</span> that was originally to be <span
     title="fetch">fetched</span>, ignoring any other data that was
     used to obtain the resource (e.g. the entity body in the case of a
@@ -43941,8 +43920,15 @@
     case of the original load having failed and that URL having been
     found to match a <span
     title="concept-appcache-fallback-ns">fallback
-    namespace</span>).</p>
+    namespace</span>). However, if there <em>is</em> an <span>override
+    URL</span>, then any <code>Document</code> created by these steps
+    must have its <span title="the document's address">address</span>
+    set to that <span>URL</span> instead.</p>
 
+    <p class="note">An <span title="override URL">override URL</span>
+    is set when <span title="concept-js-deref">dereferencing a
+    <code>javascript:</code> URL</span>.</p>
+
    </li>
 
    <li id="navigate-non-Document"><p><i>Non-document content</i>: If,
@@ -61469,6 +61455,11 @@
        http://code.google.com/p/support/issues/detail?id=1#makechanges
  XXX * become more consistent about what markup we use to mark up
        productions (nothing? <i>? <code>?)
+ XXX * expose the value of a radio button group
+        - either on the NodeList returned by HTMLFormControlCollection
+        - or on the radio button itself
+        - or both, so it works even when the form controls have names
+          that vary more than HTMLFormControlCollection allows?
 -->
 
  </body>

|