Skip to content
Permalink
Browse files

[giow] (3) Allow custom properties on Location objects to work for th…

…e Document whose Location object it originally was.

Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=20701
Affected topics: DOM APIs, Security

git-svn-id: http://svn.whatwg.org/webapps@7758 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
Hixie committed Mar 15, 2013
1 parent 7b0112b commit 11fe2fd3d5016338d38d866f323f22c494cf8956
Showing with 70 additions and 51 deletions.
  1. +24 −18 complete.html
  2. +24 −18 index
  3. +22 −15 source
<h5 id=security-location><span class=secno>6.5.3.1 </span>Security</h5>

<p id=security-3>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
properties of a <code><a href=#location>Location</a></code> object are accessed by scripts whose <a href=#effective-script-origin>effective script
origin</a> is not the <a href=#same-origin title="same origin">same</a> as the <code><a href=#location>Location</a></code>
object's associated <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active
document</a>'s <a href=#effective-script-origin>effective script origin</a>, with the following exceptions:</p>

<ul><li>The <code title=dom-location-href><a href=#dom-location-href>href</a></code> setter, if the script is running in a
<a href=#browsing-context>browsing context</a> that is <a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with
which the <code><a href=#location>Location</a></code> object is associated

<li>The <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> method, if the script is running in a
<a href=#browsing-context>browsing context</a> that is <a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with
which the <code><a href=#location>Location</a></code> object is associated

</ul><p>When a script whose <a href=#effective-script-origin>effective script origin</a> is not the same as the
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script
origin</a> attempts to access that <code><a href=#location>Location</a></code> object's methods or attributes, the
user agent must act as if any changes to the <code><a href=#location>Location</a></code> object's properties, getters,
setters, etc, were not present.</p>
properties of a <code><a href=#location>Location</a></code> object are accessed when the <a href=#entry-script>entry script</a>'s
<a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same origin">same</a> as the
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s
<a href=#active-document>active document</a>'s <a href=#effective-script-origin>effective script origin</a>, with the following
exceptions:</p>

<ul><li>The <code title=dom-location-href><a href=#dom-location-href>href</a></code> setter, if the <a href=#entry-script>entry script</a>'s
<a href="#script's-browsing-context">script's browsing context</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing
context</a> with which the <code><a href=#location>Location</a></code> object is associated

<li>The <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> method, if the <a href=#entry-script>entry
script</a>'s <a href="#script's-browsing-context">script's browsing context</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the
<a href=#browsing-context>browsing context</a> with which the <code><a href=#location>Location</a></code> object is associated

<li>Any properties not defined in the IDL for the <code><a href=#location>Location</a></code> object or indirectly via
one of those properties (e.g. <code title="">toString()</code>, which is defined via the <code title="">stringifier</code> keyword), if the <a href=#entry-script>entry script</a>'s <a href=#effective-script-origin>effective script
origin</a> is the <a href=#same-origin>same origin</a> as the <code><a href=#location>Location</a></code> object's associated
<code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>

</ul><p>When the <a href=#entry-script>entry script</a>'s <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin>same
origin</a> as the <code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s
<a href=#effective-script-origin>effective script origin</a>, attempts to access that <code><a href=#location>Location</a></code> object's
methods or attributes must cause the user agent to act as if any changes to the
<code><a href=#location>Location</a></code> object's properties, getters, setters, etc, were not present.</p>

<p>For members that return objects (including function objects), each distinct <a href=#effective-script-origin>effective
script origin</a> that is not the same as the <code><a href=#location>Location</a></code> object's
42 index
<h5 id=security-location><span class=secno>6.5.3.1 </span>Security</h5>

<p id=security-3>User agents must throw a <code><a href=#securityerror>SecurityError</a></code> exception whenever any
properties of a <code><a href=#location>Location</a></code> object are accessed by scripts whose <a href=#effective-script-origin>effective script
origin</a> is not the <a href=#same-origin title="same origin">same</a> as the <code><a href=#location>Location</a></code>
object's associated <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active
document</a>'s <a href=#effective-script-origin>effective script origin</a>, with the following exceptions:</p>

<ul><li>The <code title=dom-location-href><a href=#dom-location-href>href</a></code> setter, if the script is running in a
<a href=#browsing-context>browsing context</a> that is <a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with
which the <code><a href=#location>Location</a></code> object is associated

<li>The <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> method, if the script is running in a
<a href=#browsing-context>browsing context</a> that is <a href=#allowed-to-navigate>allowed to navigate</a> the browsing context with
which the <code><a href=#location>Location</a></code> object is associated

</ul><p>When a script whose <a href=#effective-script-origin>effective script origin</a> is not the same as the
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script
origin</a> attempts to access that <code><a href=#location>Location</a></code> object's methods or attributes, the
user agent must act as if any changes to the <code><a href=#location>Location</a></code> object's properties, getters,
setters, etc, were not present.</p>
properties of a <code><a href=#location>Location</a></code> object are accessed when the <a href=#entry-script>entry script</a>'s
<a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin title="same origin">same</a> as the
<code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing context</a>'s
<a href=#active-document>active document</a>'s <a href=#effective-script-origin>effective script origin</a>, with the following
exceptions:</p>

<ul><li>The <code title=dom-location-href><a href=#dom-location-href>href</a></code> setter, if the <a href=#entry-script>entry script</a>'s
<a href="#script's-browsing-context">script's browsing context</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing
context</a> with which the <code><a href=#location>Location</a></code> object is associated

<li>The <code title=dom-location-replace><a href=#dom-location-replace>replace()</a></code> method, if the <a href=#entry-script>entry
script</a>'s <a href="#script's-browsing-context">script's browsing context</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the
<a href=#browsing-context>browsing context</a> with which the <code><a href=#location>Location</a></code> object is associated

<li>Any properties not defined in the IDL for the <code><a href=#location>Location</a></code> object or indirectly via
one of those properties (e.g. <code title="">toString()</code>, which is defined via the <code title="">stringifier</code> keyword), if the <a href=#entry-script>entry script</a>'s <a href=#effective-script-origin>effective script
origin</a> is the <a href=#same-origin>same origin</a> as the <code><a href=#location>Location</a></code> object's associated
<code><a href=#document>Document</a></code>'s <a href=#effective-script-origin>effective script origin</a>

</ul><p>When the <a href=#entry-script>entry script</a>'s <a href=#effective-script-origin>effective script origin</a> is not the <a href=#same-origin>same
origin</a> as the <code><a href=#location>Location</a></code> object's associated <code><a href=#document>Document</a></code>'s
<a href=#effective-script-origin>effective script origin</a>, attempts to access that <code><a href=#location>Location</a></code> object's
methods or attributes must cause the user agent to act as if any changes to the
<code><a href=#location>Location</a></code> object's properties, getters, setters, etc, were not present.</p>

<p>For members that return objects (including function objects), each distinct <a href=#effective-script-origin>effective
script origin</a> that is not the same as the <code><a href=#location>Location</a></code> object's
37 source
<h5 id="security-location">Security</h5>

<p id="security-3">User agents must throw a <code>SecurityError</code> exception whenever any
properties of a <code>Location</code> object are accessed by scripts whose <span>effective script
origin</span> is not the <span title="same origin">same</span> as the <code>Location</code>
object's associated <code>Document</code>'s <span>browsing context</span>'s <span>active
document</span>'s <span>effective script origin</span>, with the following exceptions:</p>
properties of a <code>Location</code> object are accessed when the <span>entry script</span>'s
<span>effective script origin</span> is not the <span title="same origin">same</span> as the
<code>Location</code> object's associated <code>Document</code>'s <span>browsing context</span>'s
<span>active document</span>'s <span>effective script origin</span>, with the following
exceptions:</p>

<ul>

<li>The <code title="dom-location-href">href</code> setter, if the script is running in a
<span>browsing context</span> that is <span>allowed to navigate</span> the browsing context with
which the <code>Location</code> object is associated
<li>The <code title="dom-location-href">href</code> setter, if the <span>entry script</span>'s
<span>script's browsing context</span> is <span>allowed to navigate</span> the <span>browsing
context</span> with which the <code>Location</code> object is associated

<li>The <code title="dom-location-replace">replace()</code> method, if the <span>entry
script</span>'s <span>script's browsing context</span> is <span>allowed to navigate</span> the
<span>browsing context</span> with which the <code>Location</code> object is associated

<li>The <code title="dom-location-replace">replace()</code> method, if the script is running in a
<span>browsing context</span> that is <span>allowed to navigate</span> the browsing context with
which the <code>Location</code> object is associated
<li>Any properties not defined in the IDL for the <code>Location</code> object or indirectly via
one of those properties (e.g. <code title="">toString()</code>, which is defined via the <code
title="">stringifier</code> keyword), if the <span>entry script</span>'s <span>effective script
origin</span> is the <span>same origin</span> as the <code>Location</code> object's associated
<code>Document</code>'s <span>effective script origin</span>

</ul>

<p>When a script whose <span>effective script origin</span> is not the same as the
<code>Location</code> object's associated <code>Document</code>'s <span>effective script
origin</span> attempts to access that <code>Location</code> object's methods or attributes, the
user agent must act as if any changes to the <code>Location</code> object's properties, getters,
setters, etc, were not present.</p>
<p>When the <span>entry script</span>'s <span>effective script origin</span> is not the <span>same
origin</span> as the <code>Location</code> object's associated <code>Document</code>'s
<span>effective script origin</span>, attempts to access that <code>Location</code> object's
methods or attributes must cause the user agent to act as if any changes to the
<code>Location</code> object's properties, getters, setters, etc, were not present.</p>

<p>For members that return objects (including function objects), each distinct <span>effective
script origin</span> that is not the same as the <code>Location</code> object's

0 comments on commit 11fe2fd

Please sign in to comment.
You can’t perform that action at this time.