Skip to content
Permalink
Browse files

[] (0) Clear up document.cookie; make document.open() update the doc …

…address.

git-svn-id: http://svn.whatwg.org/webapps@2469 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
Hixie committed Nov 27, 2008
1 parent fe74ee5 commit 60e0bac40ec21f41170f2e5aa12da82109354f10
Showing with 60 additions and 46 deletions.
  1. +28 −23 index
  2. +32 −23 source
51 index
@@ -5712,29 +5712,31 @@ http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C%21DOCTYPE%20html%3E..
<hr><p>The <dfn id=dom-document-cookie title=dom-document-cookie><code>cookie</code></dfn>
attribute represents the cookies of the resource.</p>

<!-- XXX this needs work; e.g. document.open() should return the
cookies of the document that called document.open(), not of
about:blank or the document that had .open() called on, as I
understand it. -->

<p id=sandboxCookies>On getting, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin
browsing context flag</a> is set on the <a href=#browsing-context>browsing
context</a> of the document, the user agent must raise a
<code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, it must return the
same string as the value of the <code title="">Cookie</code> HTTP
header it would include if <a href=#fetch title=fetch>fetching</a> the
resource indicated by <a href="#the-document's-address">the document's address</a> over HTTP,
as per RFC 2109 section 4.3.4 or later specifications. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>

<p>On setting, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context
flag</a> is set on the <a href=#browsing-context>browsing context</a> of the
document, the user agent must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
exception. Otherwise, the user agent must act as it would when
processing cookies if it had just attempted to <a href=#fetch>fetch</a>
<a href="#the-document's-address">the document's address</a> over HTTP, and had received a
response with a <code>Set-Cookie</code> header whose value was the
specified value, as per RFC 2109 sections 4.3.1, 4.3.2, and 4.3.3 or
later specifications. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>
<p id=sandboxCookies>On getting, if the document is not associated
with a <a href=#browsing-context>browsing context</a> then the user agent must raise
an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
<a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> is set on the
<a href=#browsing-context>browsing context</a> of the document, the user agent must
raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
document's address</a> does not use a server-based naming
authority, it must return the empty string. Otherwise, it must
return the same string as the value of the <code title="">Cookie</code> HTTP header it would include if <a href=#fetch title=fetch>fetching</a> the resource indicated by <a href="#the-document's-address">the
document's address</a> over HTTP, as per RFC 2109 section 4.3.4
or later specifications. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>

<p>On setting, if the document is not associated with a
<a href=#browsing-context>browsing context</a> then the user agent must raise an
<code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
<a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> is set on the
<a href=#browsing-context>browsing context</a> of the document, the user agent must
raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
document's address</a> does not use a server-based naming
authority, it must do nothing. Otherwise, the user agent must act as
it would when processing cookies if it had just attempted to
<a href=#fetch>fetch</a> <a href="#the-document's-address">the document's address</a> over HTTP,
and had received a response with a <code>Set-Cookie</code> header
whose value was the specified value, as per RFC 2109 sections 4.3.1,
4.3.2, and 4.3.3 or later specifications. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>

<p class=note>Since the <code title=dom-document-cookie><a href=#dom-document-cookie>cookie</a></code> attribute is accessible
across frames, the path restrictions on cookies are only a tool to
@@ -7307,6 +7309,9 @@ http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C%21DOCTYPE%20HTML%3E%0
<li><p>Change the <a href="#document's-character-encoding">document's character encoding</a> to
UTF-16.</li>

<li><p>Change <a href="#the-document's-address">the document's address</a> to the <a href="#the-document's-address" title="the document's address">address</a> of the <a href=#script-document-context>script
document context</a> of the script that invoked the <code title=dom-document-open><a href=#dom-document-open>document.open()</a></code> method.</li>

<li><p>Create a new <a href=#html-parser>HTML parser</a> and associate it with
the document. This is a <dfn id=script-created-parser>script-created parser</dfn> (meaning
that it can be closed by the <code title=dom-document-open><a href=#dom-document-open>document.open()</a></code> and <code title=dom-document-close><a href=#dom-document-close>document.close()</a></code> methods, and
55 source
@@ -5716,31 +5716,35 @@ http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C%21DOCTYPE%20html%3E..
<p>The <dfn title="dom-document-cookie"><code>cookie</code></dfn>
attribute represents the cookies of the resource.</p>

<!-- XXX this needs work; e.g. document.open() should return the
cookies of the document that called document.open(), not of
about:blank or the document that had .open() called on, as I
understand it. -->

<p id="sandboxCookies">On getting, if the <span>sandboxed origin
browsing context flag</span> is set on the <span>browsing
context</span> of the document, the user agent must raise a
<code>SECURITY_ERR</code> exception. Otherwise, it must return the
same string as the value of the <code title="">Cookie</code> HTTP
header it would include if <span title="fetch">fetching</span> the
resource indicated by <span>the document's address</span> over HTTP,
as per RFC 2109 section 4.3.4 or later specifications. <a
href="#refsRFC2109">[RFC2109]</a> <a
<p id="sandboxCookies">On getting, if the document is not associated
with a <span>browsing context</span> then the user agent must raise
an <code>INVALID_STATE_ERR</code> exception. Otherwise, if the
<span>sandboxed origin browsing context flag</span> is set on the
<span>browsing context</span> of the document, the user agent must
raise a <code>SECURITY_ERR</code> exception. Otherwise, if <span>the
document's address</span> does not use a server-based naming
authority, it must return the empty string. Otherwise, it must
return the same string as the value of the <code
title="">Cookie</code> HTTP header it would include if <span
title="fetch">fetching</span> the resource indicated by <span>the
document's address</span> over HTTP, as per RFC 2109 section 4.3.4
or later specifications. <a href="#refsRFC2109">[RFC2109]</a> <a
href="#refsRFC2965">[RFC2965]</a></p>

<p>On setting, if the <span>sandboxed origin browsing context
flag</span> is set on the <span>browsing context</span> of the
document, the user agent must raise a <code>SECURITY_ERR</code>
exception. Otherwise, the user agent must act as it would when
processing cookies if it had just attempted to <span>fetch</span>
<span>the document's address</span> over HTTP, and had received a
response with a <code>Set-Cookie</code> header whose value was the
specified value, as per RFC 2109 sections 4.3.1, 4.3.2, and 4.3.3 or
later specifications. <a href="#refsRFC2109">[RFC2109]</a> <a
<p>On setting, if the document is not associated with a
<span>browsing context</span> then the user agent must raise an
<code>INVALID_STATE_ERR</code> exception. Otherwise, if the
<span>sandboxed origin browsing context flag</span> is set on the
<span>browsing context</span> of the document, the user agent must
raise a <code>SECURITY_ERR</code> exception. Otherwise, if <span>the
document's address</span> does not use a server-based naming
authority, it must do nothing. Otherwise, the user agent must act as
it would when processing cookies if it had just attempted to
<span>fetch</span> <span>the document's address</span> over HTTP,
and had received a response with a <code>Set-Cookie</code> header
whose value was the specified value, as per RFC 2109 sections 4.3.1,
4.3.2, and 4.3.3 or later specifications. <a
href="#refsRFC2109">[RFC2109]</a> <a
href="#refsRFC2965">[RFC2965]</a></p>

<p class="note">Since the <code
@@ -7487,6 +7491,11 @@ http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C%21DOCTYPE%20HTML%3E%0
<li><p>Change the <span>document's character encoding</span> to
UTF-16.</p></li>

<li><p>Change <span>the document's address</span> to the <span
title="the document's address">address</span> of the <span>script
document context</span> of the script that invoked the <code
title="dom-document-open">document.open()</code> method.</p></li>

<li><p>Create a new <span>HTML parser</span> and associate it with
the document. This is a <dfn>script-created parser</dfn> (meaning
that it can be closed by the <code

0 comments on commit 60e0bac

Please sign in to comment.
You can’t perform that action at this time.