diff --git a/index.html b/index.html index bc7dfbeb..22c7fcb0 100644 --- a/index.html +++ b/index.html @@ -813,39 +813,43 @@
/
.
- + If the application context's active document's URL is not within scope of the + navigation scope of the application context's manifest, the user + agent SHOULD show a prominent UI element indicating the document URL, or at least its + origin, including whether it is served over a secure connection. + This UI SHOULD differ from any UI used when the document URL is within scope, in + order to make it obvious that the user is navigating off scope. +
++ Nothing prevents an application context from navigating to a + URL that is outside of the application's navigation + scope, while still having the manifest applied to + it. +
- Enforcing the navigation scope depends on [[!HTML]]'s navigate - algorithm. As such, the following algorithm monkey patches [[!HTML]]. - Bug - 27653 has been filed to address this. + Unlike previous versions of this specification, user agents are no + longer required or allowed to block off-scope navigations, or open + them in a new top-level browsing context. This practice broke + some sites that navigate to an off-scope URL (e.g., to perform + third-party authentication). See Issue 646.
- The user agent MUST navigate the application context as per [[!HTML]]'s
- navigate algorithm with exceptions enabled. If the URL of the
- resource being loaded in the navigation is not within scope of
- the navigation scope of the application context's manifest, then the
- user agent MUST behave as if the application context is not allowed
- to navigate. This provides the ability for the user agent to
- perform the navigation in a different browsing context, or in a
- different user agent entirely. If during the handle redirects step of
- HTML's navigate algorithm the redirect URL is not within
- scope of the navigation scope of the application context's
- manifest, abort HTML's navigation algorithm with a
- SecurityError
.
-
- It should not be possible to navigate the top-level browsing - context to somewhere outside the scope while the manifest - is applied to the top-level browsing context. That's - not to say that the web application cannot be navigated: just that - the set of URLs to which the manifest applies is restricted by the - navigation scope. + The above recommendation (to show some UI when the application + context is navigated to an out-of-scope URL) is for + security reasons. It ensures that users are always aware of which + origin they are interacting with.