Skip to content

Commit

Permalink
Define URL scope for web apps (closes #114)
Browse files Browse the repository at this point in the history
  • Loading branch information
@marcoscaceres
Marcos Caceres authored and marcoscaceres committed Dec 19, 2014
1 parent a1f23df commit 44cdd3a
Showing 1 changed file with 129 additions and 62 deletions.
191 changes: 129 additions & 62 deletions index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,51 @@ <h2>
parsing</a></dfn> are defined in [[!WHATWG-URL]].
</p>
</section>
<section>
<h2>
Navigation scope
</h2>
<p>
A <dfn>navigation scope</dfn> is a [[!URL]] that represents the set of
URLs to which an <a>application context</a> can be navigated while the
manifest is being <a>applied</a>. A developer specifies the navigation
scope via the <a><code>scope</code></a> member.
</p>
<p>
A URL <var>A</var> is said the be <dfn>in scope</dfn> of navigation
scope <var>B</var>, if:
</p>
<ul>
<li>
<var>B</var> is <code>undefined</code>.
</li>
<li>the scheme, host, and port components of <var>A</var> match those
of <var>B</var>.
</li>
<li>the path component of <var>A</var> matches, or subsumes, the path
component of <var>B</var> (see URL spec <a href=
"https://github.com/webspecs/url/issues/20">issue 20</a> regarding
"subsumes").
</li>
</ul>
<div class="issue" title="🐒 Monkey patch">
<p>
Enforcing the navigation scope depends on [[!HTML]]'s navigate
algorithm. As such, the following algorithm monkey patches [[!HTML]].
<a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=27653">Bug
27653</a> has been filed to address this.
</p>
</div>
<p>
The user agent MUST navigate the application context as per [[!HTML]]'s
navigate algorithm with exceptions enabled. If the URL being navigated
to is not in scope of the navigation scope, then the user agent MUST
behave as if the application context is not <a>allowed to navigate</a>.
If during the <a>handle redirects</a> step of HTML's navigate
algorithm, if the the redirect URL is not in scope, abort HTML's
navigation algorithm with a <code>SecurityError</code>.
</p>
</section>
<section>
<h2>
Display modes
Expand Down Expand Up @@ -334,8 +379,7 @@ <h3>
<p>
A resource is said to be <dfn>associated with a manifest</dfn> if the
resource representation, an HTML document, has a <a href=
"#linking"><code>manifest</code> link relationship</a>, or the resource
has a <a>well-known manifest</a>.
"#linking"><code>manifest</code> link relationship</a>.
</p>
<section id="linking">
<h3>
Expand Down Expand Up @@ -422,29 +466,6 @@ <h3>
<code>link</code></a> matches the environment or not.
</p>
</section>
<section>
<h3>
The "manifest.json" well-known URI
</h3>
<p>
The <dfn>well-known manifest</dfn> is a manifest resource located at
standardized URI. This specification registers the "manifest.json"
well-known URI in the <a href=
"http://www.iana.org/assignments/well-known-uris/well-known-uris.xml">
Well-Known URI Registry</a> as required by [[!RFC5785]].
</p>
<div class="example">
<p>
An example of a <a href="#dfn-well-known-manifest" class=
"internalDFN">well-known manifest</a>:
</p>
<ul>
<li>
<code>http://example.com/.well-known/manifest.json</code>
</li>
</ul>
</div>
</section>
</section>
<section>
<h2>
Expand Down Expand Up @@ -496,17 +517,8 @@ <h3>
</li>
</ol>
</li>
<li>Otherwise, if <var>manifest element</var> is <code>null</code>:
<ol>
<li>Let <var>url</var> be the result of <a title=
"URL parsing">parsing</a> the URL
"<code>/.well-known/manifest.json</code>" using the <a href=
"http://www.whatwg.org/specs/web-apps/current-work/#top-level-browsing-context">
top-level browsing context's</a> <a href=
"http://www.whatwg.org/specs/web-apps/current-work/#the-document's-address">
address</a> as the base.
</li>
</ol>
<li>Otherwise, if <var>manifest element</var> is <code>null</code>,
terminate this algorithm.
</li>
<li>Using the <a href=
"http://www.whatwg.org/specs/web-apps/current-work/multipage/webappapis.html#networking-task-source">
Expand Down Expand Up @@ -692,6 +704,11 @@ <h3>
of running the <a>steps for processing the <code>icons</code>
member</a>.
</li>
<li>Let <var>scope</var> of <var>parsed manifest</var> be the result
of running the <a>steps for processing the <code>scope</code> member
with <var>manifest</var>, <var>manifest URL,</var> <var>document
URL</var>, and <var>start URL</var> as arguments</a>.
</li>
<li>Return <var>parsed manifest</var>.
</li>
</ol>
Expand Down Expand Up @@ -825,6 +842,82 @@ <h3>
</li>
</ol>
</section>
<section>
<h3>
<code>scope</code> member
</h3>
<p>
The <dfn id="member-scope"><code>scope</code></dfn> member is a
string that represents the navigation scope of this web application's
<a>application context</a>.
</p>
<p>
The <dfn>steps for processing the <code>scope</code> member</dfn> is
given by the following algorithm. The algorithm takes a
<a>manifest</a> <var>manifest</var>, a <a>URL</a> <var>manifest
URL</var>, a <a>URL</a> <var>origin URL</var>, and a URL <var>start
URL</var>. This algorithm returns a <a>URL or
<code>undefined</code></a>.
</p>
<ol>
<li>Let <var>value</var> be the result of calling the
<a>[[\GetOwnProperty]]</a> internal method of the <var>manifest</var>
with argument "<code>scope</code>".
</li>
<li>Let <var>type</var> be <a>Type</a>(<var>value</var>).
</li>
<li>If <var>type</var> is not "string" or <var>value</var> is the
empty string, then:
<ol>
<li>If <var>type</var> is not "<code>undefined</code>", <a>issue
a developer warning</a> that the type is unsupported.
</li>
<li>Return <code>undefined</code>.
</li>
</ol>
</li>
<li>Let <var>scope URL</var> be a new <a>URL</a> using
<var>value</var> as <var>input</var> and <var>manifest URL</var> as
the <var>base</var> URL.
</li>
<li>If <var>scope URL</var> is failure:
<ul>
<li>
<a>Issue a developer warning</a>.
</li>
<li>Return <code>undefined</code>.
</li>
</ul>
</li>
<li>If <var>scope URL</var> is not <a href=
"http://www.whatwg.org/specs/web-apps/current-work/#same-origin">same
origin</a> as <var>origin URL</var>:
<ol>
<li>
<a>Issue a developer warning</a> that the <code>scope</code>
needs to be <a href=
"http://www.whatwg.org/specs/web-apps/current-work/#same-origin">
same-origin</a> as <code>Document</code> of the <a>application
context</a>.
</li>
<li>Return <code>undefined</code>.
</li>
</ol>
</li>
<li>If <var>start URL</var> is not <a>in scope</a> of scope URL:
<ol>
<li>
<a>Issue a developer warning</a> that the start URL did was not
in scope of the navigation scope.
</li>
<li>Return <code>undefined</code>.
</li>
</ol>
</li>
<li>Otherwise, return <var>scope URL</var>.
</li>
</ol>
</section>
<section>
<h3>
<code title="">icons</code> member
Expand Down Expand Up @@ -1468,32 +1561,6 @@ <h2>
The following registration is for community review and will be
submitted to the IESG for review, approval, and registration with IANA.
</p>
<section>
<h3>
The "manifest.json" well-known URI
</h3>
<dl>
<dt>
URI suffix:
</dt>
<dd>
manifest.json
</dd>
<dt>
Change controller:
</dt>
<dd>
<a href="www.w3.org/2008/webapps/">Web Applications (WebApps)
Working Group</a>
</dd>
<dt>
Specification document(s):
</dt>
<dd>
This document is the relevant specification.
</dd>
</dl>
</section>
<section>
<h3>
Media type registration
Expand Down

0 comments on commit 44cdd3a

Please sign in to comment.