This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
attribute represents the cookies of the resource.</p>
<!-- XXX this needs work; e.g. document.open() should return the
cookies of the document that called document.open(), not of
about:blank or the document that had .open() called on, as I
understand it. -->
<p id=sandboxCookies>On getting, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin
browsing context flag</a> is set on the <a href=#browsing-context>browsing
context</a> of the document, the user agent must raise a
<code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, it must return the
same string as the value of the <code title="">Cookie</code> HTTP
header it would include if <a href=#fetch title=fetch>fetching</a> the
resource indicated by <a href="#the-document's-address">the document's address</a> over HTTP,
as per RFC 2109 section 4.3.4 or later specifications. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>
<p>On setting, if the <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context
flag</a> is set on the <a href=#browsing-context>browsing context</a> of the
document, the user agent must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
exception. Otherwise, the user agent must act as it would when
processing cookies if it had just attempted to <a href=#fetch>fetch</a>
<a href="#the-document's-address">the document's address</a> over HTTP, and had received a
response with a <code>Set-Cookie</code> header whose value was the
specified value, as per RFC 2109 sections 4.3.1, 4.3.2, and 4.3.3 or
later specifications. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>
<p id=sandboxCookies>On getting, if the document is not associated
with a <a href=#browsing-context>browsing context</a> then the user agent must raise
an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
<a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> is set on the
<a href=#browsing-context>browsing context</a> of the document, the user agent must
raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
document's address</a> does not use a server-based naming
authority, it must return the empty string. Otherwise, it must
return the same string as the value of the <code title="">Cookie</code> HTTP header it would include if <a href=#fetch title=fetch>fetching</a> the resource indicated by <a href="#the-document's-address">the
document's address</a> over HTTP, as per RFC 2109 section 4.3.4
or later specifications. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>
<p>On setting, if the document is not associated with a
<a href=#browsing-context>browsing context</a> then the user agent must raise an
<code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. Otherwise, if the
<a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a> is set on the
<a href=#browsing-context>browsing context</a> of the document, the user agent must
raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document's-address">the
document's address</a> does not use a server-based naming
authority, it must do nothing. Otherwise, the user agent must act as
it would when processing cookies if it had just attempted to
<a href=#fetch>fetch</a> <a href="#the-document's-address">the document's address</a> over HTTP,
and had received a response with a <code>Set-Cookie</code> header
whose value was the specified value, as per RFC 2109 sections 4.3.1,
4.3.2, and 4.3.3 or later specifications. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>
<p class=note>Since the <code title=dom-document-cookie><a href=#dom-document-cookie>cookie</a></code> attribute is accessible
across frames, the path restrictions on cookies are only a tool to
<li><p>Change the <a href="#document's-character-encoding">document's character encoding</a> to
UTF-16.</li>
<li><p>Change <a href="#the-document's-address">the document's address</a> to the <a href="#the-document's-address" title="the document's address">address</a> of the <a href=#script-document-context>script
document context</a> of the script that invoked the <code title=dom-document-open><a href=#dom-document-open>document.open()</a></code> method.</li>
<li><p>Create a new <a href=#html-parser>HTML parser</a> and associate it with
the document. This is a <dfn id=script-created-parser>script-created parser</dfn> (meaning
that it can be closed by the <code title=dom-document-open><a href=#dom-document-open>document.open()</a></code> and <code title=dom-document-close><a href=#dom-document-close>document.close()</a></code> methods, and
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters