Skip to content
Permalink
Browse files

s/incumbent/current/ settings object. Closes #15.

  • Loading branch information
mikewest committed Jul 4, 2016
1 parent f753c85 commit d153c48422ef5d94e902d1f73fadd72ff10761b6
Showing with 10 additions and 10 deletions.
  1. +6 −6 index.html
  2. +4 −4 index.src.html
@@ -1958,7 +1958,7 @@ <h4 class="heading settled" data-level="2.2.1" id="monkey-patching-shared-worker
steps:"), run the following step:</p>
<ol>
<li data-md="">
<p>If the result of executing <a href="#settings-object">§3.1 Is settings object a secure context?</a> on the <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#incumbent-settings-object">incumbent
<p>If the result of executing <a href="#settings-object">§3.1 Is settings object a secure context?</a> on the <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#current-settings-object">current
settings object</a> does not match the result of executing the same
algorithm on <var>worker global scope</var>’s <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#relevant-settings-object-for-a-global-object">relevant settings
object</a>, then throw a <code>SecurityError</code> exception, and abort
@@ -2214,11 +2214,11 @@ <h3 class="heading settled" data-level="7.3" id="new"><span class="secno">7.3. <
<p>When writing a specification for new features, we recommend that authors
and editors guard sensitive APIs with checks against <a data-link-type="dfn" href="#secure-context" id="ref-for-secure-context-30">secure contexts</a>.
For example, something like the following might be a good approach:</p>
<div class="example" id="example-1611693b">
<a class="self-link" href="#example-1611693b"></a>
<div class="example" id="example-3c0f6ca7">
<a class="self-link" href="#example-3c0f6ca7"></a>
<ol>
<li>
If the <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#incumbent-settings-object">incumbent settings object</a> is <em>not</em> a <a data-link-type="dfn" href="#secure-context" id="ref-for-secure-context-31">secure
If the <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#current-settings-object">current settings object</a> is <em>not</em> a <a data-link-type="dfn" href="#secure-context" id="ref-for-secure-context-31">secure
context</a>, then:
<ol>
<li> [<i>insert something appropriate here: perhaps a Promise could be
@@ -2273,7 +2273,7 @@ <h4 class="heading settled" data-level="7.4.1" id="legacy-example"><span class="
<li data-md="">
<p><a data-link-type="dfn" href="https://www.w3.org/2015/Process-20150901/#rec-modify">Modify</a> the specification to include
checks against <a data-link-type="dfn" href="#secure-context" id="ref-for-secure-context-36">secure context</a> before executing the algorithms for <code class="idl"><a data-link-type="idl" href="http://www.w3.org/TR/geolocation-API/#get-current-position">getCurrentPosition()</a></code> and <code class="idl"><a data-link-type="idl" href="http://www.w3.org/TR/geolocation-API/#watch-position">watchPosition()</a></code>.</p>
<p>If the <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#incumbent-settings-object">incumbent settings object</a> is not a <a data-link-type="dfn" href="#secure-context" id="ref-for-secure-context-37">secure context</a>,
<p>If the <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#current-settings-object">current settings object</a> is not a <a data-link-type="dfn" href="#secure-context" id="ref-for-secure-context-37">secure context</a>,
then the algorithm should be aborted, and the <code>errorCallback</code> invoked with a <code>code</code> of <code>PERMISSION_DENIED</code>.</p>
<li data-md="">
<p>The user agent should announce clear intentions to disable the API for
@@ -2381,8 +2381,8 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
<li><a href="http://www.w3.org/TR/html5/browsers.html#auxiliary-browsing-context">auxiliary browsing context</a>
<li><a href="http://www.w3.org/TR/html5/browsers.html#browsing-context">browsing context</a>
<li><a href="http://www.w3.org/TR/html5/browsers.html#creator-document">creator document</a>
<li><a href="http://www.w3.org/TR/html5/webappapis.html#current-settings-object">current settings object</a>
<li><a href="http://www.w3.org/TR/html5/webappapis.html#global-object">global object</a>
<li><a href="http://www.w3.org/TR/html5/webappapis.html#incumbent-settings-object">incumbent settings object</a>
<li><a href="http://www.w3.org/TR/html5/browsers.html#origin">opaque identifier</a>
<li><a href="http://www.w3.org/TR/html5/browsers.html#opener-browsing-context">opener browsing context</a>
<li><a href="http://www.w3.org/TR/html5/browsers.html#origin">origin</a>
@@ -54,7 +54,7 @@ <h1>Secure Contexts</h1>
text: opaque identifier; url: origin
text: opener browsing context
urlPrefix: webappapis.html
text: incumbent settings object
text: current settings object
text: settings object
text: relevant settings object; url: relevant-settings-object-for-a-global-object
text: responsible document
@@ -639,7 +639,7 @@ <h4 id="monkey-patching-shared-workers">Shared Workers</h4>
7.7 ("If <var>worker global scope</var> is not `null`, then run these
steps:"), run the following step:

1. If the result of executing [[#settings-object]] on the <a>incumbent
1. If the result of executing [[#settings-object]] on the <a>current
settings object</a> does not match the result of executing the same
algorithm on <var>worker global scope</var>'s <a>relevant settings
object</a>, then throw a `SecurityError` exception, and abort
@@ -988,7 +988,7 @@ <h3 id="new">Restricting New Features</h3>
<div class="example">
<ol>
<li>
If the <a>incumbent settings object</a> is <em>not</em> a <a>secure
If the <a>current settings object</a> is <em>not</em> a <a>secure
context</a>, then:

<ol>
@@ -1057,7 +1057,7 @@ <h4 id="legacy-example">Example: Geolocation</h4>
checks against <a>secure context</a> before executing the algorithms for
{{getCurrentPosition()}} and {{watchPosition()}}.

If the <a>incumbent settings object</a> is not a <a>secure context</a>,
If the <a>current settings object</a> is not a <a>secure context</a>,
then the algorithm should be aborted, and the `errorCallback`
invoked with a `code` of `PERMISSION_DENIED`.

0 comments on commit d153c48

Please sign in to comment.
You can’t perform that action at this time.