Skip to content

Commit

Permalink
Cleanup origin serialization
Browse files Browse the repository at this point in the history 
Origin serialization didn’t properly serialize hosts and ports and
used the domain to Unicode and  domain to ASCII algorithms
incorrectly, passing domain labels rather than domains (not
accounting for the fact that the host might not be a domain either).

This depends on #868 landing since it assumes aliasing is no longer a
thing.

This also depends on the URL Standard changing to no longer pass the
default port when computing the origin of a URL. Instead, an origin
and a URL should share the same data model subset, where port can be
null. Since they serialise the same way, that makes things easier to
understand.

This fixes #611,
https://www.w3.org/Bugs/Public/show_bug.cgi?id=28788, and
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29056.
  • Loading branch information
@annevk
annevk committed Mar 14, 2016
1 parent 8047961 commit 4df1973
Showing 1 changed file with 45 additions and 54 deletions.
99 changes: 45 additions & 54 deletions source
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2757,7 +2757,6 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
<li><dfn data-noexport="" data-x-href="https://url.spec.whatwg.org/#percent-decode">Percent decode</dfn>
<li><dfn data-noexport="" data-x-href="https://url.spec.whatwg.org/#set-the-username">set the username</dfn>
<li><dfn data-noexport="" data-x-href="https://url.spec.whatwg.org/#set-the-password">set the password</dfn>
<li>The <dfn data-noexport="" data-x-href="https://url.spec.whatwg.org/#concept-domain-to-ascii">domain to ASCII</dfn> algorithm</li>
<li>The <dfn data-noexport="" data-x-href="https://url.spec.whatwg.org/#concept-domain-to-unicode">domain to Unicode</dfn> algorithm</li>
<li>The <dfn data-noexport="" data-x-href="https://url.spec.whatwg.org/#concept-urlencoded"><code>application/x-www-form-urlencoded</code></dfn> format
<li>The <dfn data-noexport="" data-x-href="https://url.spec.whatwg.org/#concept-urlencoded-serializer"><code>application/x-www-form-urlencoded</code> serializer</dfn>
Expand Down Expand Up @@ -8514,19 +8513,19 @@ partial /*sealed*/ interface <dfn>Document</dfn> {

<p id="sandboxCookies">On getting, if the document is a <span>cookie-averse <code>Document</code>
object</span>, then the user agent must return the empty string. Otherwise, if the
<code>Document</code>'s <span>origin</span> is not a scheme/host/port tuple, the user agent must
throw a <code>SecurityError</code> exception. Otherwise, the user agent must return the
<span>cookie-string</span> for <span>the document's address</span> for a "non-HTTP" API, decoded
using <span>UTF-8 decode without BOM</span>. <ref spec=COOKIES> <!--INSERT FINGERPRINT-->
</p>
<code>Document</code>'s <span>origin</span> is not a <span
data-x="concept-origin-tuple">tuple</span>, the user agent must throw a <code>SecurityError</code>
exception. Otherwise, the user agent must return the <span>cookie-string</span> for <span>the
document's address</span> for a "non-HTTP" API, decoded using <span>UTF-8 decode without
BOM</span>. <ref spec=COOKIES> <!--INSERT FINGERPRINT--></p>

<p>On setting, if the document is a <span>cookie-averse <code>Document</code> object</span>, then
the user agent must do nothing. Otherwise, if the <code>Document</code>'s <span>origin</span> is
not a scheme/host/port tuple, the user agent must throw a <code>SecurityError</code> exception.
Otherwise, the user agent must act as it would when <span data-x="receives a
set-cookie-string">receiving a set-cookie-string</span> for <span>the document's address</span>
via a "non-HTTP" API, consisting of the new value <span data-x="utf-8 encode">encoded as
UTF-8</span>. <ref spec=COOKIES> <ref spec=ENCODING></p>
not a <span data-x="concept-origin-tuple">tuple</span>, the user agent must throw a
<code>SecurityError</code> exception. Otherwise, the user agent must act as it would when <span
data-x="receives a set-cookie-string">receiving a set-cookie-string</span> for <span>the
document's address</span> via a "non-HTTP" API, consisting of the new value <span data-x="utf-8
encode">encoded as UTF-8</span>. <ref spec=COOKIES> <ref spec=ENCODING></p>

<p class="note">Since the <code data-x="dom-document-cookie">cookie</code> attribute is accessible
across frames, the path restrictions on cookies are only a tool to help manage which cookies are
Expand Down Expand Up @@ -78104,15 +78103,15 @@ callback <dfn>FrameRequestCallback</dfn> = void (<span>DOMHighResTimeStamp</span
<dl>


<dt><dfn data-x="concept-origin-opaque-identifiers">Opaque identifiers</dfn></dt>
<dt><dfn data-x="concept-origin-opaque-identifier">Opaque identifiers</dfn></dt>

<dd>

<p>Internal values, with no serialisation, for which the only meaningful operation is testing
for equality.</p>


<dt><dfn data-x="concept-origin-tuples">Tuples</dfn></dt>
<dt><dfn data-x="concept-origin-tuple">Tuples</dfn></dt>

<dd>

Expand Down Expand Up @@ -78368,61 +78367,51 @@ callback <dfn>FrameRequestCallback</dfn> = void (<span>DOMHighResTimeStamp</span
<hr>

<p>The <dfn>Unicode serialisation of an origin</dfn> is the string obtained by applying the
following algorithm to the given <span>origin</span>:</p>
following algorithm to the given <span>origin</span> <var>origin</var>:</p>

<ol>
<li><p>If <var>origin</var> is not a <span data-x="concept-origin-tuple">tuple</span>, then
return "<code data-x="">null</code>".</p></li>

<li><p>If the <span>origin</span> in question is not a scheme/host/port tuple, then return the
literal string "<code data-x="">null</code>" and abort these steps.</p></li>

<li><p>Otherwise, let <var>result</var> be the scheme part of the <span>origin</span>
tuple.</p></li>
<li><p>Let <var>host</var> be the host part of <var>origin</var>.</p></li>

<li><p>Append the string "<code data-x="">://</code>" to <var>result</var>.</p></li>

<li><p>Apply the <span>domain to Unicode</span> algorithm to each component of the host
part of the <span>origin</span> tuple, and append the results &mdash; each component, in the same
order, separated by U+002E FULL STOP characters (.) &mdash; to <var>result</var>. <ref spec=URL></p></li>
<li><p>Let <var>unicodeHost</var> be <var>host</var> if <var>host</var> is not a
<span>domain</span>, and the result of applying <span>domain to Unicode</span> to <var>host</var>
otherwise.</p></li>

<li><p>If the port part of the <span>origin</span> tuple gives a port that is different from the
default port for the protocol given by the scheme part of the <span>origin</span> tuple, then
append a U+003A COLON character (:) and the given port, in base ten, to <var>result</var>.</p></li>
<li><p>Let <var>unicodeOrigin</var> be a new <span data-x="concept-origin-tuple">tuple</span>
consisting of the scheme part of <var>origin</var>, <var>unicodeHost</var>, and the port part of
<var>origin</var>.</p></li>

<li><p>Return <var>result</var>.</p></li>
<li>
<p>Return the <span>ASCII serialisation of an origin</span>, given <var>unicodeOrigin</var>.</p>

<p class="note">The name <span>ASCII serialisation of an origin</span> is misleading, as it
merely serialises an origin, which are all ASCII by default due to the <span>URL
parser</span>.</p>
</li>
</ol>


<p>The <dfn>ASCII serialisation of an origin</dfn> is the string obtained by applying the
following algorithm to the given <span>origin</span>:</p>
following algorithm to the given <span>origin</span> <var>origin</var>:</p>

<ol>
<li><p>If <var>origin</var> is not a <span data-x="concept-origin-tuple">tuple</span>, then
return "<code data-x="">null</code>".</p></li>

<li><p>If the <span>origin</span> in question is not a scheme/host/port tuple, then return the
literal string "<code data-x="">null</code>" and abort these steps.</p></li>
<li><p>Otherwise, let <var>result</var> be the scheme part of <var>origin</var>.</p></li>

<li><p>Otherwise, let <var>result</var> be the scheme part of the <span>origin</span>
tuple.</p></li>
<li><p>Append "<code data-x="">://</code>" to <var>result</var>.</p></li>

<li><p>Append the string "<code data-x="">://</code>" to <var>result</var>.</p></li>
<li><p>Append the host part of <var>origin</var>, <span data-x="host
serialiser">serialised</span>, to <var>result</var>.</p></li>

<li>

<p>Apply the <span>domain to ASCII</span> algorithm to each component of the host part of
the <span>origin</span> tuple, and append the results &mdash; each component, in the same order,
separated by U+002E FULL STOP characters (.) &mdash; to <var>result</var>. <ref spec=URL></p>

<p>If the <span>domain to ASCII</span> algorithm returns failure, e.g. because a component is too long or because it contains
invalid characters, then throw a <code>SecurityError</code> exception and abort these steps.</p>

</li>

<li><p>If the port part of the <span>origin</span> tuple gives a port that is different from the
default port for the protocol given by the scheme part of the <span>origin</span> tuple, then
append a U+003A COLON character (:) and the given port, in base ten, to <var>result</var>.</p></li>
<li><p>If the port part of <var>origin</var> is non-null, append a U+003A COLON character (:),
and the port part, <span data-x="serialise an integer">serialised</span>, to
<var>result</var>.</p></li>

<li><p>Return <var>result</var>.</p></li>

</ol>


Expand Down Expand Up @@ -78480,9 +78469,10 @@ callback <dfn>FrameRequestCallback</dfn> = void (<span>DOMHighResTimeStamp</span

<p>Each <code>Document</code> object has an associated <dfn data-x="the document's
domain">domain</dfn>. Its initial value is the host component of the document's
<span>origin</span>, if the value of that <span>origin</span> is a scheme/host/port tuple and if
the <code>Document</code> object has a <span data-x="concept-document-bc">browsing context</span>,
and the empty <span data-x="concept-domain">domain</span> otherwise.</p>
<span>origin</span>, if the value of that <span>origin</span> is a <span
data-x="concept-origin-tuple">tuple</span> and if the <code>Document</code> object has a <span
data-x="concept-document-bc">browsing context</span>, and the empty <span
data-x="concept-domain">domain</span> otherwise.</p>
<!-- Use an empty domain rather than empty string so the host serialiser works fine. -->

<p>The <dfn><code data-x="dom-document-domain">domain</code></dfn> attribute's getter must return
Expand Down Expand Up @@ -95744,8 +95734,9 @@ interface <dfn>WindowLocalStorage</dfn> {
instead of returning a <code>Storage</code> object if the request violates a policy decision
(e.g. if the user agent is configured to not allow the page to persist data).</p></li>

<li><p>If the <code>Document</code>'s <span>origin</span> is not a scheme/host/port tuple, then
throw a <code>SecurityError</code> exception and abort these steps.</p></li>
<li><p>If the <code>Document</code>'s <span>origin</span> is not a <span
data-x="concept-origin-tuple">tuple</span>, then throw a <code>SecurityError</code> exception and
abort these steps.</p></li>

<li><p>Check to see if the user agent has allocated a local storage area for the
<span>origin</span> of the <code>Document</code> of the <code>Window</code> object on which the
Expand Down

0 comments on commit 4df1973

Please sign in to comment.