Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[] (0) Scripting being disabled didn't always block all scripts from …
…being compiled.

git-svn-id: http://svn.whatwg.org/webapps@2823 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Feb 13, 2009
1 parent 363cac6 commit 05bbbb6
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 25 deletions.
36 changes: 23 additions & 13 deletions index
Expand Up @@ -16780,6 +16780,14 @@ href="?audio"&gt;audio&lt;/a&gt; test instead.)&lt;/p&gt;</pre>
<p>This flag <a href=#sandboxScriptBlocked>blocks script
execution</a>.</p>

<p class=warning>If the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute is
dynamically added after the <code><a href=#the-iframe-element>iframe</a></code> has loaded a page,
scripts already compiled by that page (whether in
<code><a href=#script>script</a></code> elements, or in <a href=#event-handler-attributes-0>event handler
attributes</a>, or elsewhere) will continue to run. Only
<em>new</em> scripts will be prevented from executing by this
flag.</p>

</dd>

</dl><p>These flags must not be set unless the conditions listed above
Expand Down Expand Up @@ -16821,7 +16829,6 @@ href="?audio"&gt;audio&lt;/a&gt; test instead.)&lt;/p&gt;</pre>
</div>



<hr><p>The <dfn id=attr-iframe-seamless title=attr-iframe-seamless><code>seamless</code></dfn>
attribute is a boolean attribute. When specified, it indicates that
the <code><a href=#the-iframe-element>iframe</a></code> element's <a href=#browsing-context>browsing context</a> is
Expand Down Expand Up @@ -35471,7 +35478,12 @@ interface <dfn id=window>Window</dfn> {
language, a global object, a browsing context, a character encoding,
and a base URL, the user agent must run the following steps:</p>

<ol><li><p>Set up a <a href=#script-execution-environment>script execution environment</a> as
<ol><li><p>If <a href=#concept-bc-noscript title=concept-bc-noscript>scripting is
disabled</a> for <a href=#browsing-context>browsing context</a> passed to this
algorithm, then abort these steps, as if the script did nothing but
return void.</p>

<li><p>Set up a <a href=#script-execution-environment>script execution environment</a> as
appropriate for the scripting language.</li>

<li><p>Parse/compile/initialize the source of the script using the
Expand Down Expand Up @@ -35755,7 +35767,8 @@ JSURL: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t

<p>Let <var title="">result</var> be the return value of the
<i><a href=#initial-code-entry-point>initial code entry-point</a></i> of this <a href=#concept-script title=concept-script>script</a>. If an exception was
raised, let <var title="">result</var> be void instead.</p>
raised, let <var title="">result</var> be void instead. (The
result will be void also if <a href=#concept-bc-noscript title=concept-bc-noscript>scripting is disabled</a>.)</p>

<p>When it comes time to <a href="#set-the-document's-address">set the document's address</a>
in the <a href=#navigate title=navigate>navigation algorithm</a>, use
Expand All @@ -35778,7 +35791,8 @@ JSURL: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t

<p>Let <var title="">result</var> be the return value of the
<i><a href=#initial-code-entry-point>initial code entry-point</a></i> of this <a href=#concept-script title=concept-script>script</a>. If an exception was
raised, let <var title="">result</var> be void instead.</p>
raised, let <var title="">result</var> be void instead. (The
result will be void also if <a href=#concept-bc-noscript title=concept-bc-noscript>scripting is disabled</a>.)</p>

</dd>

Expand Down Expand Up @@ -35828,11 +35842,6 @@ JSURL: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t

</div>

<p class=note>The rules for <a href=#create-a-script title="create a script">creating
a script</a> include making the script not execute (and just
return void) in certain cases, e.g. in a sandbox or when the user
has disabled scripting altogether.</p>


<h4 id=events><span class=secno>5.5.6 </span>Events</h4>

Expand Down Expand Up @@ -35877,9 +35886,10 @@ JSURL: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t
<!-- SCRIPT EXEC -->
<p>When an event handler content attribute is set, if the element is
owned by a <code>Document</code> that is in a <a href=#browsing-context>browsing
context</a>, the user agent must run the following steps to
create a <a href=#concept-script title=concept-script>script</a> after setting
the content attribute to its new value:</p>
context</a>, and <a href=#concept-bc-script title=concept-bc-script>scripting is
enabled</a> for that <a href=#browsing-context>browsing context</a>, the user
agent must run the following steps to create a <a href=#concept-script title=concept-script>script</a> after setting the content
attribute to its new value:</p>

<ol><li><p>Set up a <a href=#script-execution-environment>script execution environment</a> for
JavaScript.</li>
Expand Down Expand Up @@ -48958,7 +48968,7 @@ interface <dfn id=messagechannel>MessageChannel</dfn> {

<h5 id=other-parsing-state-flags><span class=secno>8.2.3.5 </span>Other parsing state flags</h5>

<p>The <dfn id=scripting-flag>scripting flag</dfn> is set to "enabled" if the <a href=#concept-n-script title=concept-n-script>scripting was enabled</a> for the
<p>The <dfn id=scripting-flag>scripting flag</dfn> is set to "enabled" if <a href=#concept-n-script title=concept-n-script>scripting was enabled</a> for the
<code>Document</code> with which the parser is associated when the
parser was created, and "disabled" otherwise.</p>

Expand Down
38 changes: 26 additions & 12 deletions source
Expand Up @@ -17906,6 +17906,15 @@ href="?audio">audio&lt;/a> test instead.)&lt;/p></pre>
<p>This flag <a href="#sandboxScriptBlocked">blocks script
execution</a>.</p>

<p class="warning">If the <code
title="attr-iframe-sandbox">sandbox</code> attribute is
dynamically added after the <code>iframe</code> has loaded a page,
scripts already compiled by that page (whether in
<code>script</code> elements, or in <span>event handler
attributes</span>, or elsewhere) will continue to run. Only
<em>new</em> scripts will be prevented from executing by this
flag.</p>

</dd>

</dl>
Expand Down Expand Up @@ -17951,7 +17960,6 @@ href="?audio">audio&lt;/a> test instead.)&lt;/p></pre>
</div>



<hr>


Expand Down Expand Up @@ -40316,6 +40324,11 @@ interface <dfn>Window</dfn> {

<ol>

<li><p>If <span title="concept-bc-noscript">scripting is
disabled</span> for <span>browsing context</span> passed to this
algorithm, then abort these steps, as if the script did nothing but
return void.</p>

<li><p>Set up a <span>script execution environment</span> as
appropriate for the scripting language.</p></li>

Expand Down Expand Up @@ -40650,7 +40663,9 @@ JSURL: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t
<p>Let <var title="">result</var> be the return value of the
<i>initial code entry-point</i> of this <span
title="concept-script">script</span>. If an exception was
raised, let <var title="">result</var> be void instead.</p>
raised, let <var title="">result</var> be void instead. (The
result will be void also if <span
title="concept-bc-noscript">scripting is disabled</span>.)</p>

<p>When it comes time to <span>set the document's address</span>
in the <span title="navigate">navigation algorithm</span>, use
Expand All @@ -40674,7 +40689,9 @@ JSURL: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t
<p>Let <var title="">result</var> be the return value of the
<i>initial code entry-point</i> of this <span
title="concept-script">script</span>. If an exception was
raised, let <var title="">result</var> be void instead.</p>
raised, let <var title="">result</var> be void instead. (The
result will be void also if <span
title="concept-bc-noscript">scripting is disabled</span>.)</p>

</dd>

Expand Down Expand Up @@ -40732,11 +40749,6 @@ JSURL: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t

</div>

<p class="note">The rules for <span title="create a script">creating
a script</span> include making the script not execute (and just
return void) in certain cases, e.g. in a sandbox or when the user
has disabled scripting altogether.</p>


<h4>Events</h4>

Expand Down Expand Up @@ -40788,9 +40800,11 @@ JSURL: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t
<!-- SCRIPT EXEC -->
<p>When an event handler content attribute is set, if the element is
owned by a <code>Document</code> that is in a <span>browsing
context</span>, the user agent must run the following steps to
create a <span title="concept-script">script</span> after setting
the content attribute to its new value:</p>
context</span>, and <span title="concept-bc-script">scripting is
enabled</span> for that <span>browsing context</span>, the user
agent must run the following steps to create a <span
title="concept-script">script</span> after setting the content
attribute to its new value:</p>

<ol>

Expand Down Expand Up @@ -55961,7 +55975,7 @@ interface <dfn>MessageChannel</dfn> {

<h5>Other parsing state flags</h5>

<p>The <dfn>scripting flag</dfn> is set to "enabled" if the <span
<p>The <dfn>scripting flag</dfn> is set to "enabled" if <span
title="concept-n-script">scripting was enabled</span> for the
<code>Document</code> with which the parser is associated when the
parser was created, and "disabled" otherwise.</p>
Expand Down

0 comments on commit 05bbbb6

Please sign in to comment.