[giow] (2) Prevent cross-origin javascript: navigation of browsing co…
…ntexts. Define the base URL and document's address of pages generated by javascript: URLs. Minor editorial tweaks.
git-svn-id: http://svn.whatwg.org/webapps@2683 340c8d12-0b0e-0410-8428-c7bf67bfef74
<i><a href=#initial-code-entry-point>initial code entry-point</a></i> of this <a href=#concept-script title=concept-script>script</a>. If an exception was
raised, let <var title="">result</var> be void instead.</p>
</dd>
<dt>If a <a href=#browsing-context>browsing context</a> is being <a href=#navigate title=navigate>navigated</a> to a <code>javascript:</code>
URL, and the <a href=#active-document>active document</a> of that browsing
context has an <a href=#origin-0>origin</a> that is <em>not</em> the <a href=#same-origin title="same origin">same</a> as that of the script given by
the URL</dt>
<dd>
<p><a href=#create-an-impotent-script>Create an impotent script</a> using the
aforementioned script source, with the scripting language set to
JavaScript, and with the <a href=#browsing-context>browsing context</a> being
<a href=#navigate title=navigate>navigated</a> as the browsing
context.</p>
<p>Let <var title="">result</var> be the return value of the
<i><a href=#initial-code-entry-point>initial code entry-point</a></i> of this <a href=#concept-script title=concept-script>script</a>. If an exception was
raised, let <var title="">result</var> be void instead.</p>
<p>When it comes time to <a href="#set-the-document's-address">set the document's address</a>
in the <a href=#navigate title=navigate>navigation algorithm</a>, use
the <a href="#script's-base-url">script's base URL</a> as the <a href=#override-url>override
URL</a>.</p>
</dd>
<p>If <var title="">candidate</var> is not marked as <a href=#concept-appcache-foreign title=concept-appcache-foreign>foreign</a>, then the user
agent must discard the failed load and instead continue along
these steps using <var title="">candidate</var> as the
resource.</p>
<p>For the purposes of session history (and features that depend
on session history, e.g. bookmarking) the user agent must use the
URL of the resource that was requested (the one that matched the