[giow] (0) Define how .cookie works with text/html-sandboxed.

Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=8999 git-svn-id: http://svn.whatwg.org/webapps@4780 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Feb 18, 2010 · f0b78a4 · f0b78a4
1 parent 0983111
commit f0b78a4
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 39 deletions.
diff --git a/complete.html b/complete.html
@@ -7011,10 +7011,10 @@ <h4 id=resource-metadata-management><span class=secno>3.1.3 </span><dfn>Resource
     applied to this resource, the empty string will be returned.</p>
     <p>Can be set, to add a new cookie to the element's set of HTTP
     cookies.</p>
-    <p>If the <code><a href=#document>Document</a></code> has no <a href=#browsing-context>browsing
-    context</a> an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception will be
-    thrown. If the contents are <a href=#sandboxed-origin-browsing-context-flag title="sandboxed origin browsing
-    context flag">sandboxed into a unique origin</a>, a
+    <p>Cookies of <code><a href=#document>Document</a></code>s that weren't obtained by
+    downloading a resource from a Web site will always be blank, even
+    after being set. If the contents are <a href=#sandboxed-origin-browsing-context-flag title="sandboxed origin
+    browsing context flag">sandboxed into a unique origin</a>, a
     <code><a href=#security_err>SECURITY_ERR</a></code> exception will be thrown.</p>
    </dd>
 
@@ -7039,22 +7039,20 @@ <h4 id=resource-metadata-management><span class=secno>3.1.3 </span><dfn>Resource
   <p id=sandboxCookies>On getting, if the document is a
   <a href=#cookie-free-document-object>cookie-free <code>Document</code> object</a>, then the user
   agent must return the empty string. Otherwise, if the
-  <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
-  <a href=#browsing-context>browsing context</a> of the <code><a href=#document>Document</a></code> when the
-  <code><a href=#document>Document</a></code> was created, the user agent must raise a
+  <code><a href=#document>Document</a></code>'s <a href=#origin>origin</a> is not a
+  scheme/host/port tuple, the user agent must raise a
   <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, the user agent must
   first <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then return the
   cookie-string for <a href="#the-document's-address">the document's address</a> for a
   "non-HTTP" API. <a href=#refsCOOKIES>[COOKIES]</a></p>
 
   <p>On setting, if the document is a <a href=#cookie-free-document-object>cookie-free
   <code>Document</code> object</a>, then the user agent must do
-  nothing. Otherwise, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context
-  flag</a> was set on the <a href=#browsing-context>browsing context</a> of the
-  <code><a href=#document>Document</a></code> when the <code><a href=#document>Document</a></code> was created,
-  the user agent must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
-  exception. Otherwise, the user agent must <a href=#obtain-the-storage-mutex>obtain the storage
-  mutex</a> and then act as it would when <span title="receives a
+  nothing. Otherwise, if the <code><a href=#document>Document</a></code>'s
+  <a href=#origin>origin</a> is not a scheme/host/port tuple, the user agent
+  must raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, the
+  user agent must <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then act
+  as it would when <span title="receives a
   set-cookie-string">receiving a set-cookie-string</span> for
   <a href="#the-document's-address">the document's address</a> via a "non-HTTP" API, consisting
   of the new value. <a href=#refsCOOKIES>[COOKIES]</a></p>

diff --git a/index b/index
@@ -6910,10 +6910,10 @@ interface <dfn id=htmldocument>HTMLDocument</dfn> {
     applied to this resource, the empty string will be returned.</p>
     <p>Can be set, to add a new cookie to the element's set of HTTP
     cookies.</p>
-    <p>If the <code><a href=#document>Document</a></code> has no <a href=#browsing-context>browsing
-    context</a> an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception will be
-    thrown. If the contents are <a href=#sandboxed-origin-browsing-context-flag title="sandboxed origin browsing
-    context flag">sandboxed into a unique origin</a>, a
+    <p>Cookies of <code><a href=#document>Document</a></code>s that weren't obtained by
+    downloading a resource from a Web site will always be blank, even
+    after being set. If the contents are <a href=#sandboxed-origin-browsing-context-flag title="sandboxed origin
+    browsing context flag">sandboxed into a unique origin</a>, a
     <code><a href=#security_err>SECURITY_ERR</a></code> exception will be thrown.</p>
    </dd>
 
@@ -6938,22 +6938,20 @@ interface <dfn id=htmldocument>HTMLDocument</dfn> {
   <p id=sandboxCookies>On getting, if the document is a
   <a href=#cookie-free-document-object>cookie-free <code>Document</code> object</a>, then the user
   agent must return the empty string. Otherwise, if the
-  <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> was set on the
-  <a href=#browsing-context>browsing context</a> of the <code><a href=#document>Document</a></code> when the
-  <code><a href=#document>Document</a></code> was created, the user agent must raise a
+  <code><a href=#document>Document</a></code>'s <a href=#origin>origin</a> is not a
+  scheme/host/port tuple, the user agent must raise a
   <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, the user agent must
   first <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then return the
   cookie-string for <a href="#the-document's-address">the document's address</a> for a
   "non-HTTP" API. <a href=#refsCOOKIES>[COOKIES]</a></p>
 
   <p>On setting, if the document is a <a href=#cookie-free-document-object>cookie-free
   <code>Document</code> object</a>, then the user agent must do
-  nothing. Otherwise, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context
-  flag</a> was set on the <a href=#browsing-context>browsing context</a> of the
-  <code><a href=#document>Document</a></code> when the <code><a href=#document>Document</a></code> was created,
-  the user agent must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
-  exception. Otherwise, the user agent must <a href=#obtain-the-storage-mutex>obtain the storage
-  mutex</a> and then act as it would when <span title="receives a
+  nothing. Otherwise, if the <code><a href=#document>Document</a></code>'s
+  <a href=#origin>origin</a> is not a scheme/host/port tuple, the user agent
+  must raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, the
+  user agent must <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then act
+  as it would when <span title="receives a
   set-cookie-string">receiving a set-cookie-string</span> for
   <a href="#the-document's-address">the document's address</a> via a "non-HTTP" API, consisting
   of the new value. <a href=#refsCOOKIES>[COOKIES]</a></p>

diff --git a/source b/source
@@ -6796,10 +6796,10 @@ interface <dfn>HTMLDocument</dfn> {
     applied to this resource, the empty string will be returned.</p>
     <p>Can be set, to add a new cookie to the element's set of HTTP
     cookies.</p>
-    <p>If the <code>Document</code> has no <span>browsing
-    context</span> an <code>INVALID_STATE_ERR</code> exception will be
-    thrown. If the contents are <span title="sandboxed origin browsing
-    context flag">sandboxed into a unique origin</span>, a
+    <p>Cookies of <code>Document</code>s that weren't obtained by
+    downloading a resource from a Web site will always be blank, even
+    after being set. If the contents are <span title="sandboxed origin
+    browsing context flag">sandboxed into a unique origin</span>, a
     <code>SECURITY_ERR</code> exception will be thrown.</p>
    </dd>
 
@@ -6828,22 +6828,20 @@ interface <dfn>HTMLDocument</dfn> {
   <p id="sandboxCookies">On getting, if the document is a
   <span>cookie-free <code>Document</code> object</span>, then the user
   agent must return the empty string. Otherwise, if the
-  <span>sandboxed origin browsing context flag</span> was set on the
-  <span>browsing context</span> of the <code>Document</code> when the
-  <code>Document</code> was created, the user agent must raise a
+  <code>Document</code>'s <span>origin</span> is not a
+  scheme/host/port tuple, the user agent must raise a
   <code>SECURITY_ERR</code> exception. Otherwise, the user agent must
   first <span>obtain the storage mutex</span> and then return the
   cookie-string for <span>the document's address</span> for a
   "non-HTTP" API. <a href="#refsCOOKIES">[COOKIES]</a></p>
 
   <p>On setting, if the document is a <span>cookie-free
   <code>Document</code> object</span>, then the user agent must do
-  nothing. Otherwise, if the <span>sandboxed origin browsing context
-  flag</span> was set on the <span>browsing context</span> of the
-  <code>Document</code> when the <code>Document</code> was created,
-  the user agent must raise a <code>SECURITY_ERR</code>
-  exception. Otherwise, the user agent must <span>obtain the storage
-  mutex</span> and then act as it would when <span title="receives a
+  nothing. Otherwise, if the <code>Document</code>'s
+  <span>origin</span> is not a scheme/host/port tuple, the user agent
+  must raise a <code>SECURITY_ERR</code> exception. Otherwise, the
+  user agent must <span>obtain the storage mutex</span> and then act
+  as it would when <span title="receives a
   set-cookie-string">receiving a set-cookie-string</span> for
   <span>the document's address</span> via a "non-HTTP" API, consisting
   of the new value. <a href="#refsCOOKIES">[COOKIES]</a></p>