Skip to content

Commit

Permalink
[giow] (3) Allow custom properties on Location objects to work for th…
Browse files Browse the repository at this point in the history 
…e Document whose Location object it originally was.

Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=20701
Affected topics: DOM APIs, Security

git-svn-id: http://svn.whatwg.org/webapps@7758 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
@Hixie
Hixie committed Mar 15, 2013
1 parent 7b0112b commit 11fe2fd
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 51 deletions.
42 changes: 24 additions & 18 deletions complete.html
View file
Expand Up @@ -66606,24 +66606,30 @@ <h4 id=the-location-interface><span class=secno>6.5.3 </span>The <code><a href=#
<h5 id=security-location><span class=secno>6.5.3.1 </span>Security</h5>

<p id=security-3>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
properties of a <code><a href=#location>Location</a></code> object are accessed by scripts whose <a href=#effective-script-origin>effective script
origin</a> is not the <a href=#same-origin title="same origin">same</a> as the <code><a href=#location>Location</a></code>
object's associated <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active
document</a>'s <a href=#effective-script-origin>effective script origin</a>, with the following exceptions:</p>

<ul><li>The <code title=dom-location-href><a href=#dom-location-href>href</a></code> setter, if the script is running in a
<a href=#browsing-context>browsing context</a> that is <a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with
which the <code><a href=#location>Location</a></code> object is associated

<li>The <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> method, if the script is running in a
<a href=#browsing-context>browsing context</a> that is <a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with
which the <code><a href=#location>Location</a></code> object is associated

</ul><p>When a script whose <a href=#effective-script-origin>effective script origin</a> is not the same as the
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script
origin</a> attempts to access that <code><a href=#location>Location</a></code> object's methods or attributes, the
user agent must act as if any changes to the <code><a href=#location>Location</a></code> object's properties, getters,
setters, etc, were not present.</p>
properties of a <code><a href=#location>Location</a></code> object are accessed when the <a href=#entry-script>entry script</a>'s
<a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same origin">same</a> as the
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s
<a href=#active-document>active document</a>'s <a href=#effective-script-origin>effective script origin</a>, with the following
exceptions:</p>

<ul><li>The <code title=dom-location-href><a href=#dom-location-href>href</a></code> setter, if the <a href=#entry-script>entry script</a>'s
<a href="#script's-browsing-context">script's browsing context</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing
context</a> with which the <code><a href=#location>Location</a></code> object is associated

<li>The <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> method, if the <a href=#entry-script>entry
script</a>'s <a href="#script's-browsing-context">script's browsing context</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the
<a href=#browsing-context>browsing context</a> with which the <code><a href=#location>Location</a></code> object is associated

<li>Any properties not defined in the IDL for the <code><a href=#location>Location</a></code> object or indirectly via
one of those properties (e.g. <code title="">toString()</code>, which is defined via the <code title="">stringifier</code> keyword), if the <a href=#entry-script>entry script</a>'s <a href=#effective-script-origin>effective script
origin</a> is the <a href=#same-origin>same origin</a> as the <code><a href=#location>Location</a></code> object's associated
<code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>

</ul><p>When the <a href=#entry-script>entry script</a>'s <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin>same
origin</a> as the <code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s
<a href=#effective-script-origin>effective script origin</a>, attempts to access that <code><a href=#location>Location</a></code> object's
methods or attributes must cause the user agent to act as if any changes to the
<code><a href=#location>Location</a></code> object's properties, getters, setters, etc, were not present.</p>

<p>For members that return objects (including function objects), each distinct <a href=#effective-script-origin>effective
script origin</a> that is not the same as the <code><a href=#location>Location</a></code> object's
Expand Down
42 changes: 24 additions & 18 deletions index
View file
Expand Up @@ -66606,24 +66606,30 @@ State: &lt;OUTPUT NAME=I&gt;1&lt;/OUTPUT&gt; &lt;INPUT VALUE="Increment" TYPE=BU
<h5 id=security-location><span class=secno>6.5.3.1 </span>Security</h5>

<p id=security-3>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
properties of a <code><a href=#location>Location</a></code> object are accessed by scripts whose <a href=#effective-script-origin>effective script
origin</a> is not the <a href=#same-origin title="same origin">same</a> as the <code><a href=#location>Location</a></code>
object's associated <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active
document</a>'s <a href=#effective-script-origin>effective script origin</a>, with the following exceptions:</p>

<ul><li>The <code title=dom-location-href><a href=#dom-location-href>href</a></code> setter, if the script is running in a
<a href=#browsing-context>browsing context</a> that is <a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with
which the <code><a href=#location>Location</a></code> object is associated

<li>The <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> method, if the script is running in a
<a href=#browsing-context>browsing context</a> that is <a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with
which the <code><a href=#location>Location</a></code> object is associated

</ul><p>When a script whose <a href=#effective-script-origin>effective script origin</a> is not the same as the
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script
origin</a> attempts to access that <code><a href=#location>Location</a></code> object's methods or attributes, the
user agent must act as if any changes to the <code><a href=#location>Location</a></code> object's properties, getters,
setters, etc, were not present.</p>
properties of a <code><a href=#location>Location</a></code> object are accessed when the <a href=#entry-script>entry script</a>'s
<a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same origin">same</a> as the
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s
<a href=#active-document>active document</a>'s <a href=#effective-script-origin>effective script origin</a>, with the following
exceptions:</p>

<ul><li>The <code title=dom-location-href><a href=#dom-location-href>href</a></code> setter, if the <a href=#entry-script>entry script</a>'s
<a href="#script's-browsing-context">script's browsing context</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing
context</a> with which the <code><a href=#location>Location</a></code> object is associated

<li>The <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> method, if the <a href=#entry-script>entry
script</a>'s <a href="#script's-browsing-context">script's browsing context</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the
<a href=#browsing-context>browsing context</a> with which the <code><a href=#location>Location</a></code> object is associated

<li>Any properties not defined in the IDL for the <code><a href=#location>Location</a></code> object or indirectly via
one of those properties (e.g. <code title="">toString()</code>, which is defined via the <code title="">stringifier</code> keyword), if the <a href=#entry-script>entry script</a>'s <a href=#effective-script-origin>effective script
origin</a> is the <a href=#same-origin>same origin</a> as the <code><a href=#location>Location</a></code> object's associated
<code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>

</ul><p>When the <a href=#entry-script>entry script</a>'s <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin>same
origin</a> as the <code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s
<a href=#effective-script-origin>effective script origin</a>, attempts to access that <code><a href=#location>Location</a></code> object's
methods or attributes must cause the user agent to act as if any changes to the
<code><a href=#location>Location</a></code> object's properties, getters, setters, etc, were not present.</p>

<p>For members that return objects (including function objects), each distinct <a href=#effective-script-origin>effective
script origin</a> that is not the same as the <code><a href=#location>Location</a></code> object's
Expand Down
37 changes: 22 additions & 15 deletions source
View file
Expand Up @@ -79224,28 +79224,35 @@ State: &lt;OUTPUT NAME=I>1&lt;/OUTPUT> &lt;INPUT VALUE="Increment" TYPE=BUTTON O
<h5 id="security-location">Security</h5>

<p id="security-3">User agents must throw a <code>SecurityError</code> exception whenever any
properties of a <code>Location</code> object are accessed by scripts whose <span>effective script
origin</span> is not the <span title="same origin">same</span> as the <code>Location</code>
object's associated <code>Document</code>'s <span>browsing context</span>'s <span>active
document</span>'s <span>effective script origin</span>, with the following exceptions:</p>
properties of a <code>Location</code> object are accessed when the <span>entry script</span>'s
<span>effective script origin</span> is not the <span title="same origin">same</span> as the
<code>Location</code> object's associated <code>Document</code>'s <span>browsing context</span>'s
<span>active document</span>'s <span>effective script origin</span>, with the following
exceptions:</p>

<ul>

<li>The <code title="dom-location-href">href</code> setter, if the script is running in a
<span>browsing context</span> that is <span>allowed to navigate</span> the browsing context with
which the <code>Location</code> object is associated
<li>The <code title="dom-location-href">href</code> setter, if the <span>entry script</span>'s
<span>script's browsing context</span> is <span>allowed to navigate</span> the <span>browsing
context</span> with which the <code>Location</code> object is associated

<li>The <code title="dom-location-replace">replace()</code> method, if the <span>entry
script</span>'s <span>script's browsing context</span> is <span>allowed to navigate</span> the
<span>browsing context</span> with which the <code>Location</code> object is associated

<li>The <code title="dom-location-replace">replace()</code> method, if the script is running in a
<span>browsing context</span> that is <span>allowed to navigate</span> the browsing context with
which the <code>Location</code> object is associated
<li>Any properties not defined in the IDL for the <code>Location</code> object or indirectly via
one of those properties (e.g. <code title="">toString()</code>, which is defined via the <code
title="">stringifier</code> keyword), if the <span>entry script</span>'s <span>effective script
origin</span> is the <span>same origin</span> as the <code>Location</code> object's associated
<code>Document</code>'s <span>effective script origin</span>

</ul>

<p>When a script whose <span>effective script origin</span> is not the same as the
<code>Location</code> object's associated <code>Document</code>'s <span>effective script
origin</span> attempts to access that <code>Location</code> object's methods or attributes, the
user agent must act as if any changes to the <code>Location</code> object's properties, getters,
setters, etc, were not present.</p>
<p>When the <span>entry script</span>'s <span>effective script origin</span> is not the <span>same
origin</span> as the <code>Location</code> object's associated <code>Document</code>'s
<span>effective script origin</span>, attempts to access that <code>Location</code> object's
methods or attributes must cause the user agent to act as if any changes to the
<code>Location</code> object's properties, getters, setters, etc, were not present.</p>

<p>For members that return objects (including function objects), each distinct <span>effective
script origin</span> that is not the same as the <code>Location</code> object's
Expand Down

0 comments on commit 11fe2fd

Please sign in to comment.