From 8a843f2169a6864a3024c4329528dccb2051d275 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Wed, 23 Mar 2016 13:32:54 +0100 Subject: [PATCH] Merge effective script origin into origin This aligns our definition with that of contemporary implementations, whose origin model makes a whole lot more sense. Origins are shared across documents and have a single mutable field, called domain. Then they have two comparison operations, "same origin" and "same origin-domain". The latter is used where we used to compare effective script origins. This change also does away with the "other fields" notion of tuples. Such extensions now need to be standardized. This fixes https://www.w3.org/Bugs/Public/show_bug.cgi?id=27378 and https://www.w3.org/Bugs/Public/show_bug.cgi?id=28675. --- source | 607 +++++++++++++++++++++++++++------------------------------ 1 file changed, 286 insertions(+), 321 deletions(-) diff --git a/source b/source index 986f681a4b9..8fb49f6060f 100644 --- a/source +++ b/source @@ -8610,15 +8610,15 @@ partial /*sealed*/ interface Document {

On getting, if the document is a cookie-averse Document object, then the user agent must return the empty string. Otherwise, if the - Document's origin is not a tuple, the user agent must throw a SecurityError - exception. Otherwise, the user agent must return the cookie-string for the - document's address for a "non-HTTP" API, decoded using UTF-8 decode without - BOM.

+ Document's origin is an opaque + origin, the user agent must throw a SecurityError exception. Otherwise, the + user agent must return the cookie-string for the document's address for + a "non-HTTP" API, decoded using UTF-8 decode without BOM. +

On setting, if the document is a cookie-averse Document object, then the user agent must do nothing. Otherwise, if the Document's origin is - not a tuple, the user agent must throw a + an opaque origin, the user agent must throw a SecurityError exception. Otherwise, the user agent must act as it would when receiving a set-cookie-string for the document's address via a "non-HTTP" API, consisting of the new value audio</a> test instead.)</p>

The contentDocument IDL attribute must return the Document object of the active document of the iframe element's nested browsing context, if any and if its - effective script origin is the same origin as the effective script - origin specified by the incumbent settings object, or null otherwise.

+ origin is the same origin-domain as the origin specified by + the incumbent settings object, or null otherwise.

The contentWindow IDL attribute must return the WindowProxy object of the iframe element's nested @@ -28632,8 +28632,8 @@ attribute, set the browsing context name of the element's nes

The contentDocument IDL attribute must return the Document object of the active document of the object element's nested browsing context, if any and if its - effective script origin is the same origin as the effective script - origin specified by the incumbent settings object, or null otherwise.

+ origin is the same origin-domain as the origin specified by + the incumbent settings object, or null otherwise.

The contentWindow IDL attribute must return the WindowProxy object of the object element's nested @@ -37905,9 +37905,8 @@ dictionary TrackEventInit : EventInit { these steps.

  • If the active document of the nested browsing context does not - have the same effective script origin as the - element's node document, then return null and abort these - steps.

    • + have the same origin-domain for its origin as the element's node + document's origin, then return null and abort these steps.

  • If the nested browsing context's active document was created by the page load processing model for XML files section because @@ -76018,25 +76017,16 @@ dictionary DragEventInit : MouseEventInit { tasks and completely loaded immediately.

  • -

    Set the origin and effective script - origin of document:

    +

    Set the origin of document:

      -
    • -

      If the new browsing context has a creator browsing context, - then the origin of document is a copy of the origin of - the creator Document and the effective script origin of - document is the effective script origin of the creator - Document.

      - -

      The effective script origin is shared and not copied - purposefully.

      -
      • +

    • If the new browsing context has a creator browsing context, + then the origin of document the origin of the + creator Document.

      • -

    • Otherwise, the origin of document is a globally unique - identifier assigned when the new browsing context is created and the - effective script origin of document is a copy of its - origin.

      • +

    • Otherwise, the origin of document is a unique opaque origin assigned when the new browsing + context is created.

    • @@ -76227,10 +76217,9 @@ dictionary DragEventInit : MouseEventInit {

  • Let container be context's browsing context container.

    • -

  • If container's node document does not have the - same effective script origin as the - effective script origin specified by the entry settings object, then - return null and abort these steps.

    • +

  • If container's node document's origin is not + same origin-domain with the entry settings object's + origin, then return null and abort these steps.

  • Return container.

    • @@ -76380,10 +76369,11 @@ dictionary DragEventInit : MouseEventInit {

    Each unit of related browsing contexts is then further divided into the smallest number of groups such that every member of each group has an active document with an - effective script origin that, through appropriate manipulation of the document.domain attribute, could be made to be the same as - other members of the group, but could not be made the same as members of any other group. Each - such group is a unit of related similar-origin browsing contexts.

    + origin that, through appropriate manipulation of the document.domain attribute, could be made to be same + origin-domain with other members of the group, but could not be made the same as members of + any other group. Each such group is a unit of related similar-origin browsing + contexts.

    There is also at most one event loop per unit of related similar-origin browsing contexts (though several For example, setting document.domain to "example.com" on www.example.com means user agents can remove all key-value pairs from the map where part of the key is www.example.com, as that can never be part - of the effective script origin again and therefore the corresponding value could - never be retrieved from the map.

    + of the origin again and therefore the corresponding value could never be retrieved + from the map.

    Shared abstract operations

    @@ -76961,9 +76943,9 @@ dictionary DragEventInit : MouseEventInit {
    IsPlatformObjectSameOrigin ( O )
      -

    1. Return true if the current settings object's effective script - origin is same origin with O's relevant settings - object's effective script origin, and false otherwise.

      2. +

    2. Return true if the current settings object's origin is + same origin-domain with O's relevant settings object's + origin, and false otherwise.

    CrossOriginGetOwnPropertyHelper ( O, P )
    @@ -76980,8 +76962,9 @@ dictionary DragEventInit : MouseEventInit { [[Configurable]]: true }.

  • Let crossOriginKey be a tuple consisting of the current settings - object's effective script origin, O's relevant settings - object's effective script origin, and P.

    • + object's origin's effective + domain, O's relevant settings object's origin's effective domain, and P.

  • Repeat for each e that is an element of @@ -78150,171 +78133,129 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp -

    The origin of a resource and the - effective script origin of a resource are each one of the - following:

    +

    An origin is + one of the following:

    +
    An opaque origin
    +

    An internal value, with no serialisation, for which the only meaningful operation is + testing for equality.

    - -
    Opaque identifiers
    - +
    A tuple origin
    +

    A tuple consists of: -

    Internal values, with no serialisation, for which the only meaningful operation is testing - for equality.

    - +
      +

    • A scheme (a + scheme).

      • +

    • A host (a host).

      • +

    • A port (a port).

      • +
    • +

      A domain (null or a domain). Null unless stated otherwise. -

      Tuples
      +

      A Document object's origin's domain can be changed through the document.domain API.

      +
      • +
    +
    +
    -
    +

    Origins can be shared, e.g., among multiple + Document objects.

    -

    Tuples consisting of a scheme component, a host component, a port component, and optionally - extra data.

    +

    The effective domain of an + origin origin is computed as follows:

    -

    The extra data could include the certificate of the site when using encrypted - connections, to ensure that if the site's secure certificate changes, the origin is considered to - change as well.

    +
      +

    1. If origin is an opaque origin, then + return origin.

      2. - +

    2. If origin's domain is non-null, + then return origin's domain.

      3. -

      An effective script origin can be shared, e.g., among multiple - Document objects, and can be changed through the document.domain API.

      +

    3. Return origin's host.

      4. +
    -

    These characteristics are defined as follows:

    +

    Various specification objects are defined to have an origin. These origins are determined as follows:

    -
    For URLs
    - -
    - -

    The origin and effective script origin of the URL are - the URL origin defined in the WHATWG URL standard.

    - -
    - -
    For Document objects
    -
    If a Document's active sandboxing flag set has - its sandboxed origin browsing context flag set
    - -
    - -

    The origin is a globally unique identifier assigned when the - Document is created.

    +
    If the Document's active sandboxing flag set + has its sandboxed origin browsing context flag set
    -

    The effective script origin is initially a copy of the origin of - the Document.

    - -
    +

    A unique opaque origin assigned when the + Document is created.

    -
    If a Document was served over the network and has an address that uses a URL +
    If the Document was served over the network and has an address that uses a URL scheme with a server-based naming authority
    -
    - -

    The origin is a copy of the origin of - the Document's address.

    - -

    The effective script origin is initially a copy of the origin of - the Document.

    - -
    - - -
    If a Document is the initial "about:blank" document
    +

    A copy of the Document's address's origin.

    -
    -

    The origin and effective script origin of the - Document are those it was assigned when its - browsing context was created.

    +
    If the Document is the initial "about:blank" document
    -
    +

    The one it was assigned when its browsing context was + created.

    -
    If a Document is a non-initial "about:blank" document
    +
    If the Document is a non-initial "about:blank" document
    -
    If a Document was generated from a data: URL found in another Document or in a script
    -
    - -

    The origin is a copy of the origin specified by the - incumbent settings object when the navigate algorithm was invoked, - or, if no script was involved, of the node - document of the element that initiated the navigation to - that URL.

    +

    The origin of the incumbent settings object when the + navigate algorithm was invoked, or, if no script was involved, the origin of the node + document of the element that initiated the navigation to + that URL.

    -

    The effective script origin is the effective script origin of - that same environment settings object or Document.

    - - - -
    If a Document was created as part of the processing for If the Document was created as part of the processing for javascript: URLs
    -
    +

    The origin of the active document of the browsing + context being navigated when the navigate algorithm was invoked.

    -

    The origin is a copy of the origin of the active - document of the browsing context being navigated when the - navigate algorithm was invoked.

    -

    The effective script origin is the effective script origin of - that same Document.

    - - - - -
    If a Document is an iframe If the Document is an iframe srcdoc document
    -
    - -

    The origin of the Document is a copy of the origin - of the Document's browsing context's - browsing context container's node document.

    - -

    The effective script origin is the effective script origin of the - Document's browsing context's - browsing context container's node document.

    - -
    +

    The origin of the Document's browsing context's browsing context + container's node document.

    -
    If a Document was obtained in some other manner (e.g. a data: URL typed in by the user or that was returned as the location of a redirect, a Document created using the createDocument() API, etc)
    -

    The default behaviour as defined in the WHATWG DOM standard applies. .

    -

    The origin is a globally unique identifier assigned when the - Document is created, and the effective script origin is a copy of - the origin of the Document.

    - +

    The origin is a unique opaque origin assigned when the Document is + created.

    -

    The effective script origin of a Document can be - manipulated using the document.domain IDL - attribute.

    - @@ -78326,19 +78267,17 @@ callback FrameRequestCallback = void (DOMHighResTimeStampIf the image data is CORS-cross-origin -
    The origin is a globally unique identifier assigned when the image is - created.
    +

    A unique opaque origin assigned when the + image is created.

    If the image data is CORS-same-origin
    -
    The origin is a copy of the origin of the img - element's node document.
    +

    The img element's node document's + origin.

    -

    Images do not have an effective script origin.

    - @@ -78350,20 +78289,17 @@ callback FrameRequestCallback = void (DOMHighResTimeStampIf the media data is CORS-cross-origin -
    The origin is a globally unique identifier assigned when the media - data is fetched.
    +

    A unique opaque origin assigned when the + media data is fetched.

    If the media data is CORS-same-origin
    -
    The origin is a copy of the origin of the media - element's node document.
    +

    The media element's node document's + origin.

    -

    Media elements do not have an effective script - origin.

    - @@ -78371,43 +78307,42 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp -

    The origin of a downloadable Web font is a copy of the origin of the absolute URL used to obtain the - font (after any redirects).

    -

    The origin of a locally installed system font is a copy of the - origin of the Document in which that font is being used.

    - -

    Fonts do not have an effective script origin.

    +

    For a locally installed system font is the origin of the Document + in which that font is being used.

    Other specifications can override the above definitions by themselves specifying the origin of - a particular URL, Document, image, media element, or - font.

    + a particular Document object, image, media element, or font.

    -

    The Unicode serialisation of an origin is the string obtained by applying the - following algorithm to the given origin origin:

    +

    The Unicode serialisation of an origin is the string obtained by + applying the following algorithm to the given origin origin:

      -

    1. If origin is not a tuple, then +

    2. If origin is an opaque origin, then return "null".

      3. -

    3. Let host be the host part of origin.

      4. +

    4. Let host be origin's host.

    5. Let unicodeHost be host if host is not a domain, and the result of applying domain to Unicode to host otherwise.

      6. -

    6. Let unicodeOrigin be a new tuple - consisting of the scheme part of origin, unicodeHost, and the port part of - origin.

      7. +

    7. Let unicodeOrigin be a new tuple + origin consisting origin's scheme, + unicodeHost, and origin's port.

    8. Return the ASCII serialisation of an origin, given unicodeOrigin.

      @@ -78418,58 +78353,110 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp
    +

    The Unicode + serialisation of ("https", "xn--maraa-rta.example", null, null) is "https://maraña.example".

    -

    The ASCII serialisation of an origin is the string obtained by applying the - following algorithm to the given origin origin:

    +

    The ASCII serialisation of an origin is the string obtained by + applying the following algorithm to the given origin origin:

      -

    1. If origin is not a tuple, then +

    2. If origin is an opaque origin, then return "null".

      3. -

    3. Otherwise, let result be the scheme part of origin.

      4. +

    4. Otherwise, let result be origin's scheme.

    5. Append "://" to result.

      6. -

    6. Append the host part of origin, serialised, to result.

      7. +

    7. Append origin's host, serialised, to result.

      8. -

    8. If the port part of origin is non-null, append a U+003A COLON character (:), - and the port part, serialised, to - result.

      9. +

    9. If origin's port is non-null, append + a U+003A COLON character (:), and origin's port, serialised, + to result.

    10. Return result.

    +
    -

    Two origins are said to be the same origin if the - following algorithm returns true:

    +

    Two origins, A and B, are said to be + same origin if the following algorithm returns true:

      +

    1. If A and B are the same opaque + origin, then return true.

      2. -

    2. Let A be the first origin being compared, and B be the second origin being compared.

      3. +

    3. If A and B are both tuple + origins and their schemes, hosts, and port are + identical, then return true.

      4. -

    4. If A and B are both opaque identifiers, and their - value is equal, then return true.

      5. - -

    5. Otherwise, if either A or B or both are opaque - identifiers, return false.

      6. +

    6. Return false.

      7. +
    -

  • If A and B have scheme components that are not - identical, return false.

    • +

    Two origins, A and B, are said to be + same origin-domain if the following algorithm returns true:

    -

  • If A and B have host components that are not - identical, return false.

    • +
      +

    1. If A and B are the same opaque + origin, then return true.

      2. -

    2. If A and B have port components that are not - identical, return false.

      3. +
    3. +

      If A and B are both tuple + origins, run these substeps:

      -

    4. If either A or B have additional data, but that - data is not identical for both, return false.

      5. +
        +

      1. If A and B's schemes + are identical, and their domains are identical and + non-null, then return true.

        2. -

      2. Return true.

        3. +

      3. Otherwise, if A and B are same origin and their domains are identical and null, then return + true.

        4. +
      +

    5. Return false.

    +
    + + + + + + +
    A + B + same origin + same origin-domain +
    ("https", "example.org", null, null) + ("https", "example.org", null, null) + ✅ + ✅ +
    ("https", "example.org", 314, "example.org") + ("https", "example.org", 420, "example.org") + ❌ + ✅ +
    ("https", "example.org", null, null) + ("https", "example.org", null, "example.org") + ✅ + ❌ +
    ("https", "example.org", null, "example.org") + ("http", "example.org", null, "example.org") + ❌ + ❌ +
    +
    + @@ -78483,9 +78470,10 @@ callback FrameRequestCallback = void (DOMHighResTimeStampReturns the current domain used for security checks.

    -

    Can be set to a value that removes subdomains, to change the effective script - origin to allow pages on other subdomains of the same domain (if they do the same thing) - to access each other. (Can't be set in sandboxed iframes.)

    +

    Can be set to a value that removes subdomains, to change the origin's domain to allow pages on other subdomains of the same + domain (if they do the same thing) to access each other. (Can't be set in sandboxed + iframes.)

    @@ -78493,77 +78481,74 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp -

    Each Document object has an associated domain. Its initial value is the host component of the document's - origin, if the value of that origin is a tuple and if the Document object has a browsing context, and the empty domain otherwise.

    - +

    The domain attribute's getter must run + these steps:

    + +
      +

    1. If this Document object does not have a browsing context, then return the empty string. + +

    2. Let effectiveDomain be this Document's origin's effective domain. -

      The domain attribute's getter must return - this Document's domain, - serialised.

      +

    3. If effectiveDomain is an opaque + origin, then return the empty string.

      4. + +

    4. Return effectiveDomain, serialised.

      5. +

    The domain attribute's setter must run these steps:

    1. If this Document object has no browsing - context, throw a SecurityError exception.

      2. + context, then throw a SecurityError exception.

    2. If this Document object's active sandboxing flag set has its sandboxed document.domain browsing context - flag set, throw a SecurityError exception.

      3. + flag set, then throw a SecurityError exception.

      -

    3. If the given value is the empty string, throw a SecurityError +

    4. If the given value is the empty string, then throw a SecurityError exception.

    5. Let host be the result of parsing the given value.

      6. -

    6. If host is failure, throw a SecurityError exception.

      7. +

    7. If host is failure, then throw a SecurityError exception.

      8. -
    8. +

    9. Let effectiveDomain be this Document object's + origin's effective + domain.

      10. -

      If host is not equal to this - Document object's domain, run these - substeps:

      +
    10. +

      If host is not equal to + effectiveDomain, then run these substeps:

      1. -

        If host or this Document object's domain is not a domain, throw a - SecurityError exception.

        +

        If host or effectiveDomain is not a domain, then throw a SecurityError exception.

        -

        This is meant to exclude hosts that are an - IPv4 address or an IPv6 address.

        +

        This is meant to exclude hosts that are an + IPv4 address or an IPv6 address.

      2. If host, prefixed by a U+002E FULL STOP (.), does not exactly match the end - of this Document object's domain, - throw a SecurityError exception.

        3. + of effectiveDomain, then throw a SecurityError exception.

      3. If host matches a suffix in the Public Suffix List, or, if host, prefixed by a U+002E FULL STOP (.), matches the end of a suffix in the Public Suffix List, - throw a SecurityError exception.

        + then throw a SecurityError exception.

        Suffixes must be compared after applying the host parser algorithm.

      11. -

    11. Set this Document object's domain - to host.

      12. - -

    12. Set the host component of the effective script origin tuple of this - Document to host.

      - -

    13. Set the port component of the effective script origin tuple of this - Document to "manual override" (a value that, for the purposes of comparing origins, is identical to "manual override" but not identical to any - other value).

      14. +

    14. Set origin's domain to + host.

    @@ -78730,9 +78715,8 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp -

    This flag prevents content from using the document.domain feature to change the effective script - origin.

    +

    This flag prevents content from using the + document.domain setter.

    @@ -79849,9 +79833,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

    1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

      2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

    2. Return this Location object's url, serialised.

      3. @@ -79875,9 +79858,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

      1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

        2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

      2. Return the Unicode serialization of this Location object's url's 1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

        1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

          2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

        2. Return this Location object's url's scheme, @@ -79906,9 +79887,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

          1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

            2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

          2. Let copyURL be a copy of this Location object's url.

            3. @@ -79931,9 +79911,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

            1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

              2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

            2. Let url be this Location object's url.

              3. @@ -79955,9 +79934,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

              1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

              2. Let copyURL be a copy of this Location object's url.

                3. @@ -79977,9 +79955,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                  2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                2. If this Location object's url's host is null, return the empty string.

                  3. @@ -79994,9 +79971,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                  1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                    2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                  2. Let copyURL be a copy of this Location object's url.

                    3. @@ -80016,9 +79992,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                    1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                      2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                    2. If this Location object's url's port is null, return the empty string.

                      3. @@ -80032,9 +80007,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                      1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                        2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                      2. Let copyURL be a copy of this Location object's url.

                        3. @@ -80056,9 +80030,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                        1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                          2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                        2. Let url be this Location object's url.

                          3. @@ -80076,9 +80049,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                          1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                            2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                          2. Let copyURL be a copy of this Location object's url.

                            3. @@ -80101,9 +80073,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                            1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                              2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                            2. If this Location object's url's query is either null or the empty string, return the @@ -80119,9 +80090,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                              1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                                2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                              2. Let copyURL be a copy of this Location object's url.

                                3. @@ -80154,9 +80124,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                                1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                                  2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                                2. If this Location object's url's fragment is either null or the empty string, return @@ -80171,9 +80140,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                                  1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                                    2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                                  2. Let copyURL be a copy of this Location object's url.

                                    3. @@ -80210,9 +80178,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                                    1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                                      2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                                    2. Parse url relative to the entry settings object. If that failed, throw a SyntaxError exception.

                                      3. @@ -80243,8 +80210,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O
                                      If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin
                                      + origin is not same origin-domain with the entry settings + object's origin

                                      Throw a SecurityError exception.

                                      @@ -80301,9 +80268,8 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O

                                      1. If this Location object's relevant Document's - effective script origin is not same origin with entry settings - object's effective script origin, throw a SecurityError - exception.

                                        2. + origin is not same origin-domain with the entry settings + object's origin, then throw a SecurityError exception.

                                      2. Otherwise, return this Location object's ancestor origins array.

                                        3. @@ -84956,7 +84922,7 @@ interface NavigatorOnLine { -
                                        An origin and an effective script origin
                                        +
                                        An origin
                                        @@ -94937,7 +94903,7 @@ interface AbstractWorker {
                                        -
                                        The origin and effective script origin
                                        +
                                        The origin

                                        Return inherited origin.

                                        @@ -95823,9 +95789,9 @@ interface WindowLocalStorage { instead of returning a Storage object if the request violates a policy decision (e.g. if the user agent is configured to not allow the page to persist data).

                                        -

                                      3. If the Document's origin is not a tuple, then throw a SecurityError exception and - abort these steps.

                                        4. +

                                      4. If the Document's origin is an opaque origin, then throw a SecurityError + exception and abort these steps.

                                      5. Check to see if the user agent has allocated a local storage area for the origin of the Document of the Window object on which the @@ -110629,9 +110595,8 @@ if (s = prompt('What is your name?')) {

                                        The contentDocument IDL attribute of the frame element must return the Document object of the active document of the frame element's nested browsing context, if any - and if its effective script origin is the same origin as the - effective script origin specified by the incumbent settings object, or - null otherwise.

                                        + and if its origin is the same origin-domain as the origin + specified by the incumbent settings object, or null otherwise.

                                        The contentWindow IDL attribute must return the WindowProxy object of the frame element's nested