2.1.113 [HTML5] Section 5.3.1 Relaxing the same-origin restriction

V0254: No SecurityError exceptiont is thrown if there is no browsing context et al.

The specification states:

 5.3.1 Relaxing the same-origin restriction
     ...
     On setting, the user agent must run the following algorithm:
  
         1.  If the Document has no browsing context, throw a SecurityError exception and 
             abort these steps.
  
         2.  If the Document's active sandboxing flag set has its sandboxed 
             document.domain browsing context flag set, throw a SecurityError exception 
             and abort these steps.
  
         3.  If the new value is an IPv4 or IPv6 address, let new value be the new value. 
             Otherwise, apply the IDNA ToASCII algorithm to the new value, with both the 
             AllowUnassigned and UseSTD3ASCIIRules flags set, and let new value be the 
             result of the ToASCII algorithm.
  
             If ToASCII fails to convert one of the components of the string, e.g. because 
             it is too long or because it contains invalid characters, then throw a 
             SecurityError exception and abort these steps. [RFC5890]
  
         4. If new value is not exactly equal to the current value of the document.domain 
            attribute, then run these substeps:
  
             1.  If the current value is an IPv4 or IPv6 address, throw a SecurityError 
                 exception and abort these steps.
  
             2.  If new value, prefixed by a "." (U+002E), does not exactly match the end 
                 of the current value, throw a SecurityError exception and abort these 
                 steps.
  
                 Note: If the new value is an IPv4 or IPv6 address, it cannot match the 
                 new value in this way and thus an exception will be thrown here.
  
             3.  If new value matches a suffix in the Public Suffix List, or, if new 
                 value, prefixed by a "." (U+002E), matches the end of a suffix in the 
                 Public Suffix List, then throw a SecurityError exception and abort these 
                 steps. [PSL]

All document modes (All versions)

No SecurityError exception is thrown if: there is no browsing context, the sandbox flag is set, and the new value is not exactly equal to the current value of document.domain.

Show: