Skip to content

Commit

Permalink
Bug w3c#256: Further review updates
Browse files Browse the repository at this point in the history 
- Replace <a>SecurityError</a> with {{SecurityError}}
- Remove unnecessary anchor
  • Loading branch information
@jcjones
jcjones committed Dec 27, 2016
1 parent 72ba450 commit cac70de
Showing 1 changed file with 9 additions and 14 deletions.
23 changes: 9 additions & 14 deletions index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@ spec: HTML51; urlPrefix: http://www.w3.org/TR/html51/; for: web
text: tuple origin
text: relaxing the same-origin restriction
text: domain; url: origin-domain
text: active sandboxing flag set
type: dfn
urlPrefix: webappapis.html;
text: current settings object; for:web; url:current-settings-object
Expand All @@ -62,10 +61,6 @@ spec: URL; urlPrefix: https://url.spec.whatwg.org/; for: url
type: dfn
text: host parser
text: domain; url: concept-domain

spec: WebIDL; urlPrefix: https://heycam.github.io/webidl/; for: webidl
type: dfn
text: securityerror
</pre> <!-- class=anchors -->

# Introduction # {#intro}
Expand Down Expand Up @@ -418,7 +413,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
- If the {{ScopedCredentialOptions/rpId}} member of {{options}} is <a>present</a>, then invoke the [[#algo-relax-same-origin-restriction]],
using {{ScopedCredentialOptions/rpId}}. If no errors are thrown, set |rpId| to the value of `host` as
computed by this algorithm, and |rpIdHash| to the SHA-256 hash of the UTF-8 encoding of |rpId|. Otherwise, reject
|promise| with a <a>DOMException</a> whose name is "<a>SecurityError</a>", and terminate this algorithm.
|promise| with a <a>DOMException</a> whose name is "{{SecurityError}}", and terminate this algorithm.

4. Process each element of {{cryptoParameters}} using the following steps, to produce a new sequence |normalizedParameters|.
- Let |current| be the currently selected element of {{cryptoParameters}}.
Expand Down Expand Up @@ -512,7 +507,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
- If the {{AssertionOptions/rpId}} member of {{options}} is <a>present</a>, then invoke the [[#algo-relax-same-origin-restriction]], using
{{AssertionOptions/rpId}} as the given value. If no errors are thrown, set |rpId| to the value of `host` as computed
by this algorithm, and |rpIdHash| to the SHA-256 hash of the UTF-8 encoding of |rpId|. Otherwise, reject |promise| with
a <a>DOMException</a> whose name is "<a>SecurityError</a>", and terminate this algorithm.
a <a>DOMException</a> whose name is "{{SecurityError}}", and terminate this algorithm.

4. If the {{AssertionOptions/extensions}} member of {{options}} is <a>present</a>, process any extensions supported by this
client platform, to produce the extension data that needs to be sent to the authenticator. If an error is encountered while
Expand Down Expand Up @@ -986,21 +981,21 @@ restriction</a> in a particular fashion, under certain circumstances.
The below algorithm implements a same-origin relaxation in the same vein as
cookies and `document.domain`, but without modifying the <a>Document</a> object.

1. If the given value is the empty string, then throw a "<a>SecurityError</a>" <a>DOMException</a>.
1. If the given value is the empty string, then throw a "{{SecurityError}}" <a>DOMException</a>.
2. Let |host| be the result of <a>parsing</a> the given value.
3. If |host| is failure, then throw a "<a>SecurityError</a>" <a>DOMException</a>.
4. If this <a>Document</a> object’s <a link-for='web'>origin</a> is an <a link-for='web'>opaque origin</a>, then throw a "<a>SecurityError</a>" <a>DOMException</a>.
5. Let |originalHost| be this <a>Document</a> object’s <a link-for='web'>origin</a>’s <a link-for='url'>`host`</a>.
3. If |host| is failure, then throw a "{{SecurityError}}" <a>DOMException</a>.
4. If this <a>Document</a> object’s <a link-for='web'>origin</a> is an <a link-for='web'>opaque origin</a>, then throw a "{{SecurityError}}" <a>DOMException</a>.
5. Let |originalHost| be this <a>Document</a> object’s <a link-for='web'>origin</a>’s <a link-for='url'>host</a>.
6. If |host| is not <a link-for='url'>equal</a> to |originalHost|, then run these substeps:
1. If |host| or |originalHost| is not a <a link-for='url'>domain</a>, then throw a "<a>SecurityError</a>" <a>DOMException</a>.
1. If |host| or |originalHost| is not a <a link-for='url'>domain</a>, then throw a "{{SecurityError}}" <a>DOMException</a>.

Note: This is meant to exclude <a link-for='url'>hosts</a> that are an <a>IPv4 address</a> or an
<a>IPv6 address</a>.

2. If |host|, prefixed by a U+002E FULL STOP (.), does not exactly match the end of |originalHost|, then throw a
"<a>SecurityError</a>" <a>DOMException</a>.
"{{SecurityError}}" <a>DOMException</a>.
3. If |host| matches a suffix in the Public Suffix List, or, if |host|, prefixed by a U+002E FULL STOP (.), matches the
end of a suffix in the Public Suffix List, then throw a "<a>SecurityError</a>" <a>DOMException</a>. [[!PSL]]
end of a suffix in the Public Suffix List, then throw a "{{SecurityError}}" <a>DOMException</a>. [[!PSL]]

Suffixes must be compared after applying the <a link-for='url'>host parser</a> algorithm.
7. Return |host|.
Expand Down

0 comments on commit cac70de

Please sign in to comment.