Skip to content

Commit

Permalink
[giow] (2) Make the case of an API call trying to navigate a browsing…
Browse files Browse the repository at this point in the history 
… context that it can't navigate due to sandboxing throw a security exception rather than silently fail.

Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=24110
Affected topics: DOM APIs, HTML

git-svn-id: http://svn.whatwg.org/webapps@8370 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
@Hixie
Hixie committed Jan 3, 2014
1 parent a9d9256 commit f1f63e4
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 21 deletions.
23 changes: 16 additions & 7 deletions complete.html
View file
Expand Up @@ -8424,7 +8424,8 @@ <h3 id=documents><span class=secno>3.1 </span>Documents</h3>

<!--CLEANUP-->
<li><p><a href=#navigate>Navigate</a><!--DONAV reload after d.open()--> the <a href=#browsing-context>browsing context</a>
to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>.
to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>
and <a href=#exceptions-enabled>exceptions enabled</a>.
The <a href=#source-browsing-context>source browsing context</a> is that given to the <a href=#an-overridden-reload title="an overridden
reload">overridden reload</a> algorithm.
When the <a href=#navigate>navigate</a> algorithm creates a <code><a href=#document>Document</a></code> object for this purpose,
Expand Down Expand Up @@ -64863,13 +64864,13 @@ <h4 id=apis-for-creating-and-navigating-browsing-contexts-by-name><span class=se
<!--CLEANUP-->
<p>Otherwise, if <var title="">url</var> is not "<code><a href=#about:blank>about:blank</a></code>", the user agent must
<a href=#navigate>navigate</a><!--DONAV window.open()--> the selected <a href=#browsing-context>browsing context</a> to the
<a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
<a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
context</a> was just created as part of <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a browsing context given a
browsing context name</a>, then <a href=#replacement-enabled title="replacement enabled">replacement must be
enabled</a>. The navigation must be done with the <a href=#responsible-browsing-context>responsible
enabled</a> also. The navigation must be done with the <a href=#responsible-browsing-context>responsible
browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a> as the <a href=#source-browsing-context>source browsing
context</a>. If the <a href=#resolve-a-url>resolve a URL</a> algorithm failed, then the user agent may either
instead <a href=#navigate>navigate</a> to an inline error page, using the same replacement behavior and
instead <a href=#navigate>navigate</a> to an inline error page, with <a href=#exceptions-enabled>exceptions enabled</a> and using the same replacement behavior and
source browsing context behavior as described earlier in this paragraph; or treat the <var title="">url</var> as "<code><a href=#about:blank>about:blank</a></code>", acting as described in the next paragraph.</p>

<p>If <var title="">url</var> <em>is</em> "<code><a href=#about:blank>about:blank</a></code>", and the <a href=#browsing-context>browsing
Expand Down Expand Up @@ -66635,7 +66636,7 @@ <h4 id=the-location-interface><span class=secno>6.5.3 </span>The <code><a href=#
method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
successful, must <a href=#navigate>navigate</a><!--DONAV location.href/assign--> the <a href=#browsing-context>browsing
context</a> to the specified <var title="">url</var>. If the <a href=#browsing-context>browsing context</a>'s
context</a> to the specified <var title="">url</var>, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <a href=#browsing-context>browsing context</a>'s
<a href=#session-history>session history</a> contains only one <code><a href=#document>Document</a></code>, and that was the
<code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> created when the <a href=#browsing-context>browsing context</a> was
created, then the navigation must be done with <a href=#replacement-enabled>replacement enabled</a>.</p> <!-- READ ME
Expand All @@ -66648,7 +66649,7 @@ <h4 id=the-location-interface><span class=secno>6.5.3 </span>The <code><a href=#
method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
successful, <a href=#navigate>navigate</a><!--DONAV location.href/replace--> the <a href=#browsing-context>browsing
context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a>.</p>
context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>.</p>

<!--CLEANUP-->
<p>Navigation for the <code title=dom-location-assign><a href=#dom-location-assign>assign()</a></code> and <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> methods must be done with the <a href=#responsible-browsing-context>responsible browsing context</a> specified by
Expand Down Expand Up @@ -66687,7 +66688,7 @@ <h4 id=the-location-interface><span class=secno>6.5.3 </span>The <code><a href=#
<!--CLEANUP-->
<dd><p><a href=#navigate>Navigate</a><!--DONAV location.reload()--> the
<a href=#browsing-context>browsing context</a> to <a href="#the-document's-address">the document's
address</a> with <a href=#replacement-enabled>replacement enabled</a>. The
address</a> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>. The
<a href=#source-browsing-context>source browsing context</a> must be the <a href=#browsing-context>browsing
context</a> being navigated.</dd> <!-- it appears that
document.reload() always uses GET and does not, e.g., re-POST. -->
Expand Down Expand Up @@ -66892,6 +66893,10 @@ <h4 id=navigating-across-documents><span class=secno>6.6.1 </span>Navigating acr
<p class=note>Doing so, however, can be dangerous, as it means that the user is overriding the
author's explicit request to sandbox the content.</p>

<p>If the <a href=#navigate>navigate</a> algorithm was invoked with <dfn id=exceptions-enabled>exceptions enabled</dfn>, and it
is aborted on this step, then in addition to aborting this algorithm, the user agent must also
throw a <code><a href=#securityerror>SecurityError</a></code> exception.</p>

</li>

<li id=seamlessLinks><p>If the <a href=#source-browsing-context>source browsing context</a> is the same as the
Expand Down Expand Up @@ -73302,6 +73307,10 @@ <h4 id=dialogs-implemented-using-separate-documents><span class=secno>7.5.3 </sp
browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a>
as the <a href=#source-browsing-context>source browsing context</a>.</p>

<!-- we don't call this with <span>exceptions enabled</span>, since that would risk leaving the
browser in an unusuable state (or would require that we catch and rethrow the exception, and
this API is deprecated so we're not worried about keeping it sane) -->

</li>

<li>
Expand Down
23 changes: 16 additions & 7 deletions index
View file
Expand Up @@ -8424,7 +8424,8 @@ interface <dfn id=transferable>Transferable</dfn> { };

<!--CLEANUP-->
<li><p><a href=#navigate>Navigate</a><!--DONAV reload after d.open()--> the <a href=#browsing-context>browsing context</a>
to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>.
to a resource whose source is <var title="">source</var>, with <a href=#replacement-enabled>replacement enabled</a>
and <a href=#exceptions-enabled>exceptions enabled</a>.
The <a href=#source-browsing-context>source browsing context</a> is that given to the <a href=#an-overridden-reload title="an overridden
reload">overridden reload</a> algorithm.
When the <a href=#navigate>navigate</a> algorithm creates a <code><a href=#document>Document</a></code> object for this purpose,
Expand Down Expand Up @@ -64863,13 +64864,13 @@ END:VCARD</pre>
<!--CLEANUP-->
<p>Otherwise, if <var title="">url</var> is not "<code><a href=#about:blank>about:blank</a></code>", the user agent must
<a href=#navigate>navigate</a><!--DONAV window.open()--> the selected <a href=#browsing-context>browsing context</a> to the
<a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
<a href=#absolute-url>absolute URL</a> obtained from <a href=#resolve-a-url title="resolve a url">resolving</a> <var title="">url</var> earlier, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <var title="">replace</var> is true or if the <a href=#browsing-context>browsing
context</a> was just created as part of <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a browsing context given a
browsing context name</a>, then <a href=#replacement-enabled title="replacement enabled">replacement must be
enabled</a>. The navigation must be done with the <a href=#responsible-browsing-context>responsible
enabled</a> also. The navigation must be done with the <a href=#responsible-browsing-context>responsible
browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a> as the <a href=#source-browsing-context>source browsing
context</a>. If the <a href=#resolve-a-url>resolve a URL</a> algorithm failed, then the user agent may either
instead <a href=#navigate>navigate</a> to an inline error page, using the same replacement behavior and
instead <a href=#navigate>navigate</a> to an inline error page, with <a href=#exceptions-enabled>exceptions enabled</a> and using the same replacement behavior and
source browsing context behavior as described earlier in this paragraph; or treat the <var title="">url</var> as "<code><a href=#about:blank>about:blank</a></code>", acting as described in the next paragraph.</p>

<p>If <var title="">url</var> <em>is</em> "<code><a href=#about:blank>about:blank</a></code>", and the <a href=#browsing-context>browsing
Expand Down Expand Up @@ -66635,7 +66636,7 @@ State: &lt;OUTPUT NAME=I&gt;1&lt;/OUTPUT&gt; &lt;INPUT VALUE="Increment" TYPE=BU
method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
successful, must <a href=#navigate>navigate</a><!--DONAV location.href/assign--> the <a href=#browsing-context>browsing
context</a> to the specified <var title="">url</var>. If the <a href=#browsing-context>browsing context</a>'s
context</a> to the specified <var title="">url</var>, with <a href=#exceptions-enabled>exceptions enabled</a>. If the <a href=#browsing-context>browsing context</a>'s
<a href=#session-history>session history</a> contains only one <code><a href=#document>Document</a></code>, and that was the
<code><a href=#about:blank>about:blank</a></code> <code><a href=#document>Document</a></code> created when the <a href=#browsing-context>browsing context</a> was
created, then the navigation must be done with <a href=#replacement-enabled>replacement enabled</a>.</p> <!-- READ ME
Expand All @@ -66648,7 +66649,7 @@ State: &lt;OUTPUT NAME=I&gt;1&lt;/OUTPUT&gt; &lt;INPUT VALUE="Increment" TYPE=BU
method is invoked, the UA must <a href=#resolve-a-url title="resolve a url">resolve</a> the argument, relative
to the <a href=#api-base-url>API base URL</a> specified by the <a href=#entry-settings-object>entry settings object</a>, and if that is
successful, <a href=#navigate>navigate</a><!--DONAV location.href/replace--> the <a href=#browsing-context>browsing
context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a>.</p>
context</a> to the specified <var title="">url</var> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>.</p>

<!--CLEANUP-->
<p>Navigation for the <code title=dom-location-assign><a href=#dom-location-assign>assign()</a></code> and <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> methods must be done with the <a href=#responsible-browsing-context>responsible browsing context</a> specified by
Expand Down Expand Up @@ -66687,7 +66688,7 @@ State: &lt;OUTPUT NAME=I&gt;1&lt;/OUTPUT&gt; &lt;INPUT VALUE="Increment" TYPE=BU
<!--CLEANUP-->
<dd><p><a href=#navigate>Navigate</a><!--DONAV location.reload()--> the
<a href=#browsing-context>browsing context</a> to <a href="#the-document's-address">the document's
address</a> with <a href=#replacement-enabled>replacement enabled</a>. The
address</a> with <a href=#replacement-enabled>replacement enabled</a> and <a href=#exceptions-enabled>exceptions enabled</a>. The
<a href=#source-browsing-context>source browsing context</a> must be the <a href=#browsing-context>browsing
context</a> being navigated.</dd> <!-- it appears that
document.reload() always uses GET and does not, e.g., re-POST. -->
Expand Down Expand Up @@ -66892,6 +66893,10 @@ State: &lt;OUTPUT NAME=I&gt;1&lt;/OUTPUT&gt; &lt;INPUT VALUE="Increment" TYPE=BU
<p class=note>Doing so, however, can be dangerous, as it means that the user is overriding the
author's explicit request to sandbox the content.</p>

<p>If the <a href=#navigate>navigate</a> algorithm was invoked with <dfn id=exceptions-enabled>exceptions enabled</dfn>, and it
is aborted on this step, then in addition to aborting this algorithm, the user agent must also
throw a <code><a href=#securityerror>SecurityError</a></code> exception.</p>

</li>

<li id=seamlessLinks><p>If the <a href=#source-browsing-context>source browsing context</a> is the same as the
Expand Down Expand Up @@ -73302,6 +73307,10 @@ scheduleWork(); // queues a task to do lots of work</pre>
browsing context</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a>
as the <a href=#source-browsing-context>source browsing context</a>.</p>

<!-- we don't call this with <span>exceptions enabled</span>, since that would risk leaving the
browser in an unusuable state (or would require that we catch and rethrow the exception, and
this API is deprecated so we're not worried about keeping it sane) -->

</li>

<li>
Expand Down

0 comments on commit f1f63e4

Please sign in to comment.