A tab or window in a Web browser typically contains a browsing context, as does an <{iframe}> or <{frame}>s in a <{frameset}>.
A browsing context has a corresponding {{WindowProxy}} object. A browsing context has a session history, which lists the {{Document}} objects that the browsing context has presented, is presenting, or will present. At any time, one {{Document}} in each browsing context is designated the active document. A {{Document}}'s browsing context is that browsing context whose session history contains the {{Document}}, if any. (A {{Document}} created using an API such as {{DOMImplementation/createDocument()}} has no browsing context.) Each {{Document}} in a browsing context is associated with a {{Window}} object.
In general, there is a 1-to-1 mapping from the {{Window}} object to the
{{Document}} object. There are two exceptions. First, a {{Window}} can be reused
for the presentation of a second {{Document}} in the same browsing context,
such that the mapping is then 1-to-2. This occurs when a browsing context is
navigated from the initial about:blank {{Document}}
to another, with replacement enabled. Second, a {{Document}} can end up
being reused for several {{Window}} objects when the {{Document/open()|document.open()}} method is
used, such that the mapping is then many-to-1.
A {{Document}} does not necessarily have a browsing context associated with it. In particular, data mining tools are likely to never instantiate browsing contexts.
If a [=browsing context=] context has a [=creator browsing context=] creator, it also has the following properties. In what follows, let creator document be creator's [=active document=] at the time context is created:
The internal slot value is updated when navigations occur.
* Let realm execution context be the created JavaScript execution context. 1. Set the new browsing context's associated {{WindowProxy}} to windowProxy. 1. Let document be a new {{Document}}, whose [=url/URL=] is about:blank, which is marked as being an HTML document, whose character encoding is UTF-8, and which is both [=ready for post-load tasks=] and completely loaded immediately. 1. Set the [=concept/origin=] of document: * If the new browsing context has a creator browsing context, then the [=concept/origin=] of document is the creator origin. * Otherwise, the [=concept/origin=] of document is a unique opaque origin assigned when the new browsing context is created. 1. If the new browsing context has a creator browsing context, then set document's referrer to the creator URL. 1. If the new browsing context has a creator browsing context, then set document's referrer policy to the creator referrer policy. 1. Ensure that document has a single child <{html}> node, which itself has two empty child nodes: a <{head}> element, and a <{body}> element. 1. Implement the sandboxing for document. 1. Add document to the new browsing context's session history. 1. Set window's associated {{Document}} to document. 1. Set up a browsing context environment settings object with realm execution context.Document D, then P is
said to be the parent browsing context of C and C is said to be a child browsing context of P.
Otherwise, the nested browsing context C has no parent
browsing context.
A browsing context A is said to be an ancestor of a browsing context B if there exists a browsing
context A' that is a child browsing context of A and that is itself an ancestor of
B, or if the browsing context A is the
parent browsing context of B.
A browsing context that is not a nested browsing context has no parent
browsing context, and is the top-level browsing context of all the browsing
contexts for which it is an ancestor browsing context.
The transitive closure of parent browsing contexts
for a nested browsing context gives the list of ancestor browsing contexts.
The list of the descendant browsing contexts of a {{Document}} d is the (ordered) list returned by the following algorithm:
Document d, in the tree order of the elements nesting those browsing
contexts, run these substeps:
load events mode. This is used when it is navigated, to delay the load event of the browsing
context container before the new {{Document}} is created.
The document family of a browsing context consists of the union of all
the {{Document}} objects in that browsing context's session
history and the document families of all those
{{Document}} objects. The document family of a {{Document}} object
consists of the union of all the document families of the
browsing contexts that are nested through the {{Document}} object.
The content document of a [=browsing context container=] |container| is the result of
the following algorithm:
1. If |container|'s [=nested browsing context=] is null, then return null.
2. Let |context| be |container|'s [=nested browsing context=].
3. Let |document| be |context|'s [=active document=].
4. If |document|'s [=concept/origin=] and the [=security/origin=] specified by the
[=current settings object=] are not [=same origin-domain=], then return null.
5. Return |document|.
topWindowProxy for the top-level browsing context.
parentWindowProxy for the parent browsing context.
frameElementtop IDL attribute on the {{Window}} object
of a {{Document}} in a browsing context b must return
the {{WindowProxy}} object of its top-level browsing context (which would be
its own {{WindowProxy}} object if it was a top-level browsing context
itself), if it has one, or its own {{WindowProxy}} object otherwise (e.g., if it was a
detached nested browsing context).
The parent IDL attribute on the {{Window}} object
of a {{Document}} that has a browsing context b must return the {{WindowProxy}}
object of the parent browsing context, if there is one (i.e., if b is a
child browsing context), or the {{WindowProxy}} object of the browsing context
b itself, otherwise (i.e., if it is a top-level browsing context or a detached
nested browsing context).
The frameElement IDL attribute, on getting, must
run the following algorithm:
1. Let d be the {{Window}} object's
associated Document.
2. Let context be d's browsing context.
3. If context is not a nested browsing context, return null and abort these
steps.
4. Let container be context's browsing context container.
5. If container's node document's [=concept/origin=] is not
same origin-domain with the entry settings object's [=concept/origin=],
then return null and abort these steps.
6. Return container.
opener IDL attribute on the {{Window}} object,
on getting, must return the {{WindowProxy}} object of the browsing context from which the
current browsing context was created (its opener browsing context), if there is one,
if it is still available, and if the current browsing context has not
disowned its opener; otherwise, it must return null.
On setting the {{Window/opener}} attribute, if the new value is null then the current
browsing context must disown its opener; if the new
value is anything else then the user agent must call the \[[DefineOwnProperty]] internal method of
the {{Window}} object, passing the property name "opener" as the property key, and
the Property Descriptor {
\[[Value]]: value, \[[Writable]]: true, \[[Enumerable]]: true,
\[[Configurable]]: true } as the property descriptor,
where value is the new value.
The relationship "familiar with" may be used to decide the value of a browsing context name, see the table in the following browsing context names section for details.
There is also at most one event loop per unit of related similar-origin browsing contexts (though several units of related similar-origin browsing contexts can have a shared event loop).
_blank, _self, _parent, or _top.
These values have different meanings based on whether the page is sandboxed or not, as summarized
in the following (non-normative) table. In this table, "current" means the browsing context
that the link or script is in, "parent" means the parent browsing context of the one the
link or script is in, "top" means the top-level browsing context of the one the link or
script is in, "new" means a new top-level browsing context or
auxiliary browsing context is to be created, subject to various user preferences and user
agent policies, "none" means that nothing will happen, and "maybe new" means the same as "new" if
the "allow-popups" keyword is also specified on the <{iframe/sandbox}> attribute
(or if the user overrode the sandboxing), and the same as "none" otherwise.
| Keyword | Ordinary effect | Effect in an iframe with...
| |
|---|---|---|---|
sandbox=""
| sandbox="allow-top-navigation"
| ||
| none specified, for links and form submissions | current | current | current |
| empty string | current | current | current |
_blank
| new | maybe new | maybe new |
_self
| current | current | current |
_parent if there isn't a parent
| current | current | current |
_parent if parent is also top
| parent/top | none | parent/top |
_parent if there is one and it's not top
| parent | none | none |
_top if top is current
| current | current | current |
_top if top is not current
| top | none | top |
| name that doesn't exist | new | maybe new | maybe new |
| name that exists and is a descendant | specified descendant | specified descendant | specified descendant |
| name that exists and is current | current | current | current |
| name that exists and is an ancestor that is top | specified ancestor | none | specified ancestor/top |
| name that exists and is an ancestor that is not top | specified ancestor | none | none |
| other name that exists with common top | specified | none | none |
| name that exists with different top, if familiar and one permitted sandboxed navigator | specified | specified | specified |
| name that exists with different top, if familiar but not one permitted sandboxed navigator | specified | none | none |
| name that exists with different top, not familiar | new | maybe new | maybe new |
click event
was trusted.changeclickdblclickmouseupresetsubmitFor example, if a user clicked a button, it might be acceptable for a popup to result from that after 4 seconds, but it would likely not be acceptable for a popup to result from that after 4 hours.
_self, then
the chosen browsing context must be the current one._parent, then the chosen
browsing context must be the parent browsing context of the current one,
unless there isn't one, in which case the chosen browsing context must be the current browsing
context._top, then the chosen browsing
context must be the top-level browsing context of the current one, if there is one,
or else the current browsing context._blank and there exists a
browsing context whose name is the same as name,
within the unit of related browsing contexts, then that browsing context must be the chosen
one. If there are multiple matching browsing contexts, the user agent should select one in some
arbitrary consistent manner, such as the most recently opened, most recently focused, or more
closely related.This non-deterministic approach is likely to change in a future version of HTML.
If this case occurs, it means that an author has explicitly sandboxed the document that is trying to open a link.
_blank, then the new top-level browsing context's
name must be the given browsing context name (otherwise, it has no name). The chosen browsing
context must be this new browsing context. The creation of such a browsing context
is a new start for session storage.
If it is immediately navigated, then the navigation will be done with replacement enabled.
_blank, then the new auxiliary browsing context's name must be the given
browsing context name (otherwise, it has no name). The chosen browsing context must be this new
browsing context.
If it is immediately navigated, then the navigation will be done with replacement enabled.
If the chosen browsing context picked above, if any, is a new browsing context, then:
Let flagSet be the current browsing context's active document's active sandboxing flag set.
If flagSet's sandboxed navigation browsing context flag is set, then the current browsing context must be set as the new browsing context's one permitted sandboxed navigator.
If flagSet's sandbox propagates to auxiliary browsing contexts flag is set, then all the flags that are set in flagSet must be set in the new browsing context's popup sandboxing flag set.
Window, WindowProxy, and {{Location}} objectsmethod" and e has neither
\[[NeedsGet]] nor \[[NeedsSet]], then return.
2. Otherwise, if type is "getter" and
e.\[[NeedsGet]] is true, then return.
3. Otherwise, if type is "setter" and
e.\[[NeedsSet]] is true, then return.
2. If IsPlatformObjectSameOrigin(platformObject) is false, then throw a
"{{SecurityError}}" {{DOMException}}.
The [[CrossOriginPropertyDescriptorMap]] internal slot contains a map with entries whose keys are (currentOrigin, objectOrigin, propertyKey)-tuples and values are property descriptors, as a memoization of what is visible to scripts when currentOrigin inspects a {{Window}} or {{Location}} object from objectOrigin. It is filled lazily by CrossOriginGetOwnPropertyHelper, which consults it on future lookups.
User agents should allow a value held in the map to be garbage collected along with its corresponding key when nothing holds a reference to any part of the value. That is, as long as garbage collection is not observable.const href = Object.getOwnPropertyDescriptor(crossOriginLocation, "href").setthe value and its corresponding key in the map cannot be garbage collected as that would be observable.
example.com" on
www.example.com means user agents can remove all key-value pairs from the map where
part of the key is www.example.com, as that can never be part of the origin again and
therefore the corresponding value could never be retrieved from the map.
« {
[[Property]]: "href",
[[NeedsGet]]: false,
[[NeedsSet]]: true
},
{
[[Property]]: "replace"
} »
3. Let crossOriginWindowProperties be
« {
[[Property]]: "window",
[[NeedsGet]]: true,
[[NeedsSet]]: false
},
{
[[Property]]: "self",
[[NeedsGet]]: true,
[[NeedsSet]]: false
},
{
[[Property]]: "location",
[[NeedsGet]]: true,
[[NeedsSet]]: true
},
{
[[Property]]: "close"
},
{
[[Property]]: "closed",
[[NeedsGet]]: true,
[[NeedsSet]]: false
},
{
[[Property]]: "focus"
},
{
[[Property]]: "blur"
},
{
[[Property]]: "frames",
[[NeedsGet]]: true,
[[NeedsSet]]: false
},
{
[[Property]]: "length",
[[NeedsGet]]: true,
[[NeedsSet]]: false
},
{
[[Property]]: "top",
[[NeedsGet]]: true,
[[NeedsSet]]: false
},
{
[[Property]]: "opener",
[[NeedsGet]]: true,
[[NeedsSet]]: false
},
{
[[Property]]: "parent",
[[NeedsGet]]: true,
[[NeedsSet]]: false
},
{
[[Property]]: "postMessage"
} »
4. Repeat for each e that is an element of the
child browsing context name property set:
1. Add { \[[Property]]: e } as the last element of crossOriginWindowProperties.
5. Return crossOriginWindowProperties.
Indexed properties do not need to be safelisted as they are handled directly by the {{WindowProxy}} object.
If this abstract operation returns undefined and there is no custom behavior, the caller needs to throw a "{{SecurityError}}" {{DOMException}}.
1. If P is @@toStringTag, @@hasInstance, or @@isConcatSpreadable, then return PropertyDescriptor { \[[Value]]: undefined, \[[Writable]]: false, \[[Enumerable]]: false, \[[Configurable]]: true }. 2. Let crossOriginKey be a tuple consisting of the current settings object's [=concept/origin=]'s effective domain, O's relevant settings object's [=concept/origin=]'s effective domain, and P. 3. Repeat for each e that is an element of CrossOriginProperties(O): 1. If SameValue(e.\[[Property]], P) is true, then: 1. If the value of the [[CrossOriginPropertyDescriptorMap]] internal slot of O contains an entry whose key is crossOriginKey, then return that entry's value. 2. Let originalDesc be OrdinaryGetOwnProperty(O, P). 3. Let crossOriginDesc be CrossOriginPropertyDescriptor(e, originalDesc). 4. Create an entry in the value of the [[CrossOriginPropertyDescriptorMap]] internal slot of O with key crossOriginKey and value crossOriginDesc. 5. Return crossOriginDesc. 4. Return undefined.Due to this being invoked from a different [=concept/origin=], a
cross-origin wrapper function will have a different value for
Function.prototype from the function being wrapped. This follows from how JavaScript
creates anonymous built-in functions.
Window object
[PrimaryGlobal, LegacyUnenumerableNamedProperties]
/*sealed*/ interface Window : EventTarget {
// the current browsing context
[Unforgeable] readonly attribute WindowProxy window;
[Replaceable] readonly attribute WindowProxy self;
[Unforgeable] readonly attribute Document document;
attribute DOMString name;
[PutForwards=href, Unforgeable] readonly attribute Location location;
readonly attribute History history;
readonly attribute CustomElementRegistry customElements;
[Replaceable] readonly attribute BarProp locationbar;
[Replaceable] readonly attribute BarProp menubar;
[Replaceable] readonly attribute BarProp personalbar;
[Replaceable] readonly attribute BarProp scrollbars;
[Replaceable] readonly attribute BarProp statusbar;
[Replaceable] readonly attribute BarProp toolbar;
attribute DOMString status;
void close();
readonly attribute boolean closed;
void stop();
void focus();
void blur();
// other browsing contexts
[Replaceable] readonly attribute WindowProxy frames;
[Replaceable] readonly attribute unsigned long length;
[Unforgeable] readonly attribute WindowProxy top;
attribute any opener;
[Replaceable] readonly attribute WindowProxy parent;
readonly attribute Element? frameElement;
WindowProxy open(optional DOMString url = "about:blank", optional DOMString target = "_blank", [TreatNullAs=EmptyString] optional DOMString features = "", optional boolean replace = false);
getter WindowProxy (unsigned long index);
getter object (DOMString name);
// Since this is the global object, the IDL named getter adds a NamedPropertiesObject exotic
// object on the prototype chain. Indeed, this does not make the global object an exotic object.
// Indexed access is taken care of by the WindowProxy exotic object.
// the user agent
readonly attribute Navigator navigator;
// user prompts
void alert();
void alert(DOMString message);
boolean confirm(optional DOMString message = "");
DOMString? prompt(optional DOMString message = "", optional DOMString default = "");
void print();
unsigned long requestAnimationFrame(FrameRequestCallback callback);
void cancelAnimationFrame(unsigned long handle);
void postMessage(any message, USVString targetOrigin, optional sequence<object> transfer = []);
};
Window implements GlobalEventHandlers;
Window implements WindowEventHandlers;
callback FrameRequestCallback = void (DOMHighResTimeStamp time);
windowframesselfdocumentdefaultViewwindow,
frames, and
self
IDL attributes must all return the {{Window}} object's browsing context's {{WindowProxy}}
object.
The document IDL attribute must return
the Window object's newest Document object.
The {{Document}} object associated with a Window object can change in
exactly one case: when the navigate algorithm initializes a new {{Document}} object for the
first page loaded in a browsing context. In that specific case, the {{Window}} object of
the original about:blank page is reused and gets a new {{Document}} object.
defaultView IDL attribute of the {{Document}}
interface must return the {{Document}}'s browsing context's {{WindowProxy}} object, if
there is one, or null otherwise.
The customElements attribute returns the
{{CustomElementRegistry}} associated with that {{Window}} object.
HTMLDocument whose value is the
{{Document}} interface object.
open( [ url [, target [, features [, replace ] ] ] ] )about:blank), and
returns it. The target argument gives the name of the new window. If a
window exists with that name already, it is reused. The replace attribute,
if true, means that whatever page is currently open in that window will be removed from the
window's session history. The features argument can be used to influence the rendering of the new window.
name [ = value ]close()closedstop()open() method on Window objects
provides a mechanism for navigating an existing browsing
context or opening and navigating an auxiliary browsing context.
When the method is invoked, the user agent must run the following steps:
_blank" instead.
For example, suppose there is a user agent that supports control-clicking a
link to open it in a new tab. If a user clicks in that user agent on an element whose onclick handler uses the window.open() API to open a page in an iframe, but, while doing so,
holds the control key down, the user agent could override the selection of the target browsing
context to instead target a new tab.
about:blank".about:blank".about:blank" and new is true, queue
a task to fire a simple event named load at
target browsing context's Window object, with target override set to target browsing
context's Window object's
{{Document}} object.
Otherwise, navigate target browsing context
to resource, with the exceptions enabled flag set. If new is true, then
replacement must be enabled also. The source
browsing context is source browsing context.
name attribute of the Window object
must, on getting, return the current name of the
browsing context, if one is set, or the empty string otherwise; and, on setting, set
the name of the browsing context to the
new value.
The name gets reset when the browsing context is navigated to another domain.
close() method on Window
objects should, if all the following conditions are met, close the browsing context A:
closed attribute on Window
objects must return true if the Window object's browsing context has
been discarded, and false otherwise.
The stop() method on Window
objects should, if there is an existing attempt to navigate the browsing
context and that attempt is not currently running the unload a document
algorithm, cancel that navigation; then, it must abort the active document of the browsing
context of the Window object on which it was invoked.
length IDL attribute's getter must return the
number of child browsing contexts of this {{Window}} object.
Indexed access to child browsing contexts is defined through the \[[GetOwnProperty]] internal method of the {{WindowProxy}} object.
Window objectdocument.querySelector().
Window interface supports named properties.
The supported property names at any moment consist of the following, in tree order,
ignoring later duplicates:
* the child browsing context name property set.
* the value of the name content attribute for all <{a}>, <{area}>,
<{embed}>, <{form}>, <{frameset}>, <{img}>, and <{object}> elements in the
active document that have a non-empty name content attribute, and
* the value of the <{global/id}> content attribute of any HTML element in the
active document with a non-empty <{global/id}> content attribute.
To determine the value of a named property name when
the Window object is indexed for property retrieval, the user agent must
return the value obtained using the following steps:
There will be at least one such object, by definition.
WindowProxy object of the nested browsing context corresponding to
the first browsing context container in tree order whose
browsing context is in objects, and abort these steps.
HTMLCollection rooted at the {{Document}} node,
whose filter matches only named objects with
the name name. (By definition, these will all be elements.)
name content attribute whose value is name, orWindowProxy object, and the user agent itself has a strong reference to its
top-level browsing contexts.
A {{Document}} has a strong reference to its Window object.
A Window object has a strong reference to its {{Document}} object through its document attribute. Thus, references from other scripts to either of
those objects will keep both alive. Similarly, both {{Document}} and Window
objects have implied strong references to the
WindowProxy object.
Document, the user
agent must run the following steps:
Document.
Whenever a {{Document}} object is discarded, it is also removed from the list of the worker's
Documents of each worker whose list contains that {{Document}}.
WindowProxy object is eligible for garbage collection.
BarProp object:
interface BarProp {
readonly attribute boolean visible;
};
locationbar . visiblemenubar . visiblepersonalbar . visiblescrollbars . visiblestatusbar . visibletoolbar . visibleBarProp objects exist for each {{Document}} object in a
browsing context. Some of the user interface elements represented by these objects
might have no equivalent in some user agents; for those user agents, except when otherwise
specified, the object must act as if it was present and visible (i.e., its visible attribute must return true).
BarProp objectBarProp objectBarProp objectBarProp objectBarProp objectvisible attribute may return false).BarProp objectvisible attribute may return
false).locationbar attribute must return
the location bar BarProp object.
The menubar attribute must return the
menu bar BarProp object.
The personalbar attribute must return
the personal bar BarProp object.
The scrollbars attribute must return
the scrollbar BarProp object.
The statusbar attribute must return
the status bar BarProp object.
The toolbar attribute must return the
toolbar BarProp object.
status attribute
on the Window object must, on getting, return the last string it was set to, and on
setting, must set itself to the new value. When the Window object is created, the
attribute must be set to the empty string. It does not do anything else.
WindowProxy objectWindowProxy is an exotic object that wraps a {{Window}}
ordinary object, indirecting most operations through to the wrapped object. Each
browsing context has an associated {{WindowProxy}} object. When the browsing context
is navigated, the {{Window}} object wrapped by the browsing context's associated
{{WindowProxy}} object is changed.
There is no {{WindowProxy}} interface object.
Every {{WindowProxy}} object has a [[Window]] internal slot
representing the wrapped {{Window}} object.
Although {{WindowProxy}} is named as a "proxy", it does not do polymorphic dispatch on its target's internal methods as a real proxy would, due to a desire to reuse machinery between {{WindowProxy}} and {{Location}} objects. As long as the {{Window}} object remains an ordinary object this is unobservable and can be implemented either way.
var x = window;
x instanceof Window; // true
x === this; // true
WindowProxy internal methodsThis violates JavaScript's internal method invariants.
4. Let property be CrossOriginGetOwnPropertyHelper(W, P). 5. If property is not undefined, return property. 6. If property is undefined and P is in the child browsing context name property set, then: 1. Let value be the {{WindowProxy}} object of the named object with the name P. 2. Return PropertyDescriptor{ \[[Value]]: value, \[[Enumerable]]: false, \[[Writable]]: false, \[[Configurable]]: true }. 7. Throw a "{{SecurityError}}" {{DOMException}}.See above about how this violates JavaScript's internal method invariants.
4. Throw a "{{SecurityError}}" {{DOMException}}.For example, if Example Bank's Web site, hosted at
bank.example.com, tries to examine the DOM of Example Charity's Web site, hosted at
charity.example.org, a "{{SecurityError}}" {{DOMException}} will be raised.
Origins can be shared, e.g., among multiple {{Document}} objects. Furthermore, origins are generally immutable. Only the domain of a tuple origin can be changed, and only through the {{Document/domain|document.domain}} API.
The effective domain of an [=concept/origin=] origin is computed as follows: 1. If origin is an opaque origin, then return "null".
2. If origin's domain is non-null, then return
origin's domain.
3. Return origin's host.
Various specification objects are defined to have an [=concept/origin=]. These
origins are determined as follows:
: For {{Document}} objects
::
data: URL
The {{Document/open()|document.open(type, replace)}} method can change the
{{Document}}'s [=url/URL=] to "about:blank". Therefore the
[=concept/origin=] is assigned when the {{Document}} is created.
about:blank" documentabout:blank" documentjavascript: URLsThe [=concept/origin=] is a unique opaque origin assigned when the {{Document}} is created.
null".
2. Let host be origin's host.
3. Let unicodeHost be host if host is not a
domain, and the result of applying domain to Unicode to
host otherwise.
4. Let unicodeOrigin be a new tuple origin consisting origin's
scheme, unicodeHost, and origin's
port.
5. Return the ASCII serialization of an origin, given unicodeOrigin.
The name ASCII serialization of an origin is misleading, as it merely serialises an origin, which are all ASCII by default due to the URL parser.
https",
"xn--maraa-rta.example", null, null) is "https://maraña.example".
null".
2. Otherwise, let result be origin's scheme.
3. Append "://" to result.
4. Append origin's host,
serialized, to result.
5. If origin's port is non-null, append a
U+003A COLON character (:), and origin's port,
serialized, to result.
6. Return result.
Two origins A and B are said to be
same origin if the following
algorithm returns true:
1. If A and B are the same opaque origin, then return true.
2. If A and B are both tuple origins, and their
schemes, hosts, and
ports are identical, then return true.
3. Return false.
Two origins A and B are said to be
same origin-domain if the following algorithm returns true:
1. If A and B are the same opaque origin, then return true.
2. If A and B are both tuple origins, run these substeps:
1. If A and B's schemes are identical, and
their domains are identical and non-null, then return true.
2. Otherwise, if A and B are same origin and their
domains are identical and null, then return true.
3. Return false.
| A | B | same origin | same origin-domain |
|---|---|---|---|
("https", "example.org", null, null)
| ("https", "example.org", null, null)
| ✅ | ✅ |
("https", "example.org", 314, "example.org")
| ("https", "example.org", 420, "example.org")
| ❌ | ✅ |
("https", "example.org", null, null)
| ("https", "example.org", null, "example.org")
| ✅ | ❌ |
("https", "example.org", null, "example.org")
| ("http", "example.org", null, "example.org")
| ❌ | ❌ |
true:
1. If hostSuffixString is the empty string, then return false.
1. Let host be the result of parsing hostSuffixString.
1. If host is failure, then return false.
1. If host is not equal to originalHost,
run these substeps:
1. If host or originalHost is not a domain, return false.
I.e exclude IPv4 and IPv6 addresses as hosts.
1. If host, prefixed by a U+002E FULL STOP (.), does not exactly match the end of originalHost, returnfalse.
1. If host matches a suffix in the Public Suffix List, or, if host,
prefixed by a U+002E FULL STOP (.), matches the end of a suffix in the Public Suffix List
[[!PSL]], return false.
Suffixes must be compared after applying the host parser algorithm.
1. Returntrue.
The domain attribute's getter must run these
steps:
1. If this {{Document}} object does not have a browsing context,
then return the empty string.
2. Let effectiveDomain be this {{Document}}'s [=concept/origin=]'s
effective domain.
3. If effectiveDomain is null return the empty string.
4. Return effectiveDomain, serialised.
The {{Document/domain}} attribute on setting must run these steps:
1. If this {{Document}} object has no browsing context, throw a
"{{SecurityError}}" {{DOMException}}.
1. If this {{Document}} object's active sandboxing flag set has its
sandboxed document.domain browsing context flag set, then throw a
"{{SecurityError}}" {{DOMException}}.
1. Let effectiveDomain be this {{Document}}'s [=concept/origin=]'s
effective domain.
1. If effectiveDomain is null, then throw a "{{SecurityError}}" {{DOMException}}.
1. If the given value is not
a registrable domain suffix of and is not equal to effectiveDomain
throw a "{{SecurityError}}" {{DOMException}}.
1. Set origin's domain to the result of
parsing
the given value.
The {{Document/domain|document.domain}} attribute is used to enable pages on different hosts of a domain to access each others' DOMs.
Do not use the {{Document/domain|document.domain}} attribute when using shared hosting. If an untrusted third party is able to host an HTTP server at the same IP address but on a different port, then the same-origin protection that normally protects two different sites on the same host will fail, as the ports are ignored when comparing origins after the {{Document/domain|document.domain}} attribute has been used.
target attribute, the window.open() method.
document.cookie IDL attribute, and blocks access to
localStorage. [[!WEBSTORAGE]]
requestFullscreen() method.
document.domain browsing context flagwindow.alert()window.confirm()window.print()window.prompt()beforeunload eventallow-popups keyword.allow-top-navigation keyword.allow-same-origin keyword.
allow-same-origin keyword is intended for two cases.
First, it can be used to allow content from the same site to be sandboxed to disable
scripting, while still allowing access to the DOM of the sandboxed content.
Second, it can be used to embed content from a third-party site, sandboxed to prevent that
site from opening pop-up windows, etc, without preventing the embedded page from
communicating back to its originating site, using the database APIs to store data, etc.
allow-forms keyword.allow-pointer-lock keyword.allow-scripts keyword.allow-scripts keyword (defined above).
This flag is relaxed by the same keyword as scripts, because when scripts are enabled these features are trivially possible anyway, and it would be unfortunate to force authors to use script to do them, when sandboxed, rather than allowing them to use the declarative features.
document.domain browsing context flag.allow-popups-to-escape-sandbox
keyword.allow-modals keyword.allow-presentation keyword.
There is only one known native implementation of the allow-presentation
token (Chrome/Blink). Therefore this feature should not be relied upon until it becomes
interoperable.
allow-orientation-lock keyword.iframe sandboxing flag set,
which is a sandboxing flag set. Which flags in a nested browsing context's
iframe sandboxing flag set are set at any particular time is determined
by the <{iframe}> element's <{iframe/sandbox}> attribute.
Every {{Document}} has an active sandboxing flag set, which is a
sandboxing flag set. When the {{Document}} is created, its
active sandboxing flag set must be empty. It is populated by the
navigation algorithm.
Every resource that is obtained by the navigation algorithm has a
forced sandboxing flag set, which is a sandboxing flag set. A resource by
default has no flags set in its forced sandboxing flag set, but other specifications
can define that certain flags are set.
In particular, the forced sandboxing flag set is used by the Content Security Policy specification. [[!CSP3]]
iframe sandboxing flag set.
Each entry, when first created, has a {{Document}}. However, when a {{Document}} is not active, it's possible for it to be discarded to free resources. The [=url/URL=] and other data in a session history entry is then used to bring a new {{Document}} into being to take the place of the original, should the user agent find itself having to reactivate that {{Document}}.
Titles associated with session history entries need not have any relation with the current <{title}> of the {{Document}}. The title of a session history entry is intended to explain the state of the document at that point, so that the user can navigate the document's history.
URLs without associated serialized state are added to the session history as the user (or script) navigates from page to page.History object which must all model the same underlying
session history.
The history attribute of the Window
interface must return the object implementing the History interface for that
{{Window}} object's newest {{Document}}.
Serialized state is a serialization (via StructuredSerializeForStorage) of an object representing a user interface state. We sometimes informally refer to "state objects", which are the objects representing user interface state supplied by the author, or alternately the objects created by deserializing (via StructuredDeserialize) serialized state.
Pages can add serialized state to the session history. These are then deserialized and returned to the script when the user (or script) goes back in the history, thus enabling authors to use the "navigation" metaphor even in one-page applications.The current entry is usually an entry for the [=Document/URL=] of the {{Document}}. However, it can also be one of the entries for serialized state added to the history by that document.
An entry with persisted user state is one that also has user-agent defined state. This specification does not specify what kind of state can be stored.For example, some user agents might want to persist the scroll position, or the values of form controls.
User agents that persist the value of form controls are encouraged to also persist their directionality (the value of the element's <{global/dir}> attribute). This prevents values from being displayed incorrectly after a history traversal when the user had originally entered the values with an explicit, non-default directionality.
An entry's scroll restoration mode indicates whether the user agent should restore the persisted scroll position (if any) when traversing to it. The scroll restoration mode may be one of the following:auto"manual"auto".
Entries that consist of serialized state share the same
{{Document}} as the entry for the page that was active when they were added.
Contiguous entries that differ just by fragment also share the same {{Document}}.
All entries that share the same {{Document}} (and that are therefore merely different states of one particular document) are contiguous by definition.
Each {{Document}} in a browsing context can also have a latest entry. This is the entry for that {{Document}} to which the browsing context's session history was most recently traversed. When a {{Document}} is created, it initially has no latest entry. User agents may discard the {{Document}} objects of entries other than the current entry that are not referenced from any script, reloading the pages afresh when the user or script navigates back to such pages. This specification does not specify when user agents should discard {{Document}} objects and when they should cache them. Entries that have had their {{Document}} objects discarded must, for the purposes of the algorithms given below, act as if they had not. When the user or script navigates back or forwards to a page which has no in-memory DOM objects, any other entries that shared the same {{Document}} object with it must share the new object as well.History interface
enum ScrollRestoration { "auto", "manual" };
interface History {
readonly attribute unsigned long length;
attribute ScrollRestoration scrollRestoration;
readonly attribute any state;
void go(optional long delta = 0);
void back();
void forward();
void pushState(any data, DOMString title, optional DOMString? url = null);
void replaceState(any data, DOMString title, optional DOMString? url = null);
};
history . lengthhistory . scrollRestoration [ = value ]history . statehistory . go( [ delta ] )history . back()history . forward()history . pushState(data, title [, url ] )history . replaceState(data, title [, url ] )Since each {{Document}} in a browsing context might have a different event loop, the actual state of the joint session history can be somewhat nebulous. For example, two sibling <{iframe}> elements could both traverse from one unique origin to another at the same time, so their precise order might not be well-defined; similarly, since they might only find out about each other later, they might disagree about the length of the joint session history.
Thelength attribute of the History
interface, on getting, must return the number of entries in the
top-level browsing context's joint session history. If this History
object is associated with a {{Document}} that is not fully active, getting must instead
throw a "{{SecurityError}}" {{DOMException}}.
The actual entries are not accessible from script.
The scrollRestoration attribute of the
History interface, on getting, must return the scroll restoration mode of the current
entry in the session history. On setting, the scroll restoration mode of the
current entry in the session history must be set to the new value. If this
History object is associated with a {{Document}} that is not fully active,
both getting and setting must instead throw a "{{SecurityError}}" {{DOMException}}.
The state attribute of the
History interface, on getting, must return the last value it was set to by the user
agent. If this History object is associated with a {{Document}} that is
not fully active, getting must instead throw a {{SecurityError}} {{DOMException}}.
Initially, its value must be null.
When the go(delta) method is
invoked, if delta is zero, the user agent must act as if the
location.reload() method was called instead. Otherwise,
the user agent must traverse the history by a delta whose value is
delta If this History object is associated with a {{Document}}
that is not fully active, invoking must instead throw a
"{{SecurityError}}" {{DOMException}}.
When the back() method is invoked, the user
agent must traverse the history by a delta −1. If this History
object is associated with a {{Document}} that is not fully active,
invoking must instead throw a "{{SecurityError}}" {{DOMException}}.
When the forward()method is invoked, the
user agent must traverse the history by a delta +1. If this History
object is associated with a {{Document}} that is not fully active,
invoking must instead throw a "{{SecurityError}}" {{DOMException}}.
This doesn't necessarily have to affect the user agent's user interface.
2. Remove any tasks queued by the history traversal task source that are associated with any {{Document}} objects in the top-level browsing context's document family. 3. If appropriate, update the current entry to reflect any state that the user agent wishes to persist. The entry is then said to be an entry with persisted user state. 4. Add a session history entry entry to the session history, after the current entry, with serializedData as the serialized state, the given title as the title, new URL as the [=url/URL=] of the entry, and the scroll restoration mode of the current entry in the session history as the scroll restoration mode. 5. Update the current entry to be this newly added entry. Otherwise, if the method invoked was the {{History/replaceState()}} method: 1. Update the current entry in the session history so that serializedData is the entry's new serialized state, the given title is the new title, and new URL is the entry's new [=url/URL=]. 8. If the current entry in the session history represents a non-GET request (e.g., it was the result of a POST submission) then update it to instead represent a GET request. 9. Set the document's [=url/URL=] to new URL.Since this is neither a navigation of the browsing context nor a
history traversal, it does not cause a hashchange event to be fired.
The title is purely advisory. User agents might use the title in the user interface.
User agents may limit the number of state objects added to the session history per page. If a page hits the user agent-defined limit, user agents must remove the entry immediately after the first entry for that {{Document}} object in the session history after having added the new entry. (Thus the state history acts as a FIFO buffer for eviction, but as a LIFO buffer for navigation.)pushState() method is
the same information as would be sent to the server, but in a more convenient form, so that the
script doesn't have to parse the URL each time the user navigates.
scrollRestoration
attribute as soon as possible (e.g., in the first <{script}> element in the
document's <{head}> element) to ensure that any entry added to the history session gets the
desired scroll restoration mode.
Location interfacetoString", {
\[[Value]]: %ObjProto_toString%, \[[Writable]]: false, \[[Enumerable]]: false,
\[[Configurable]]: false }).
3. Perform ! location.\[[DefineOwnProperty]]("toJSON", {
\[[Value]]: undefined, \[[Writable]]: false, \[[Enumerable]]: false,
\[[Configurable]]: false }).
4. Perform ! location.\[[DefineOwnProperty]]("valueOf", {
\[[Value]]: %ObjProto_valueOf%, \[[Writable]]: false, \[[Enumerable]]: false,
\[[Configurable]]: false }).
5. Perform ! location.\[[DefineOwnProperty]](@@toPrimitive, {
\[[Value]]: undefined, \[[Writable]]: false, \[[Enumerable]]: false,
\[[Configurable]]: false }).
6. Set the value of the [[DefaultProperties]] internal slot of location to
location.\[[OwnPropertyKeys]]().
7. Return location.
location attribute of the {{Document}}
interface must return the {{Location}} object for that {{Document}} object's global object,
if it has a browsing context, and null otherwise.
The location attribute of the {{Window}} interface
must return the {{Location}} object for that {{Window}} object.
{{Location}} objects provide a representation of the [=url/URL=] of the active document
of their {{Document}}'s browsing context, and allow the current entry of the
browsing context's session history to be changed, by adding or
replacing entries in the {{Window/history}} object.
interface Location {
[Unforgeable] stringifier attribute USVString href;
[Unforgeable] readonly attribute USVString origin;
[Unforgeable] attribute USVString protocol;
[Unforgeable] attribute USVString host;
[Unforgeable] attribute USVString hostname;
[Unforgeable] attribute USVString port;
[Unforgeable] attribute USVString pathname;
[Unforgeable] attribute USVString search;
[Unforgeable] attribute USVString hash;
[Unforgeable] void assign(USVString url);
[Unforgeable] void replace(USVString url);
[Unforgeable] void reload();
[Unforgeable, SameObject] readonly attribute USVString[] ancestorOrigins;
};
toString()?" if
non-empty).
Can be set, to navigate to the same URL with a changed query (ignores leading "?").
#" if
non-empty).
Can be set, to navigate to the same URL with a changed fragment (ignores leading
"#").
Document, which is this
{{Location}} object's associated {{Document}} object's browsing context's
active document.
A {{Location}} object has an associated url, which is this {{Location}}
object's relevant Document's [=document url|URL=].
A {{Location}} object has an associated ancestor origins array. When a {{Location}}
object is created, its ancestor origins array must be set to a array created from the list
of strings that the following steps would produce:
1. Let output be an empty ordered list of strings.
2. Let current be the browsing context of the {{Document}} with which the
{{Location}} object is associated.
3. Loop: If current has no parent browsing context, jump to
the step labeled End.
4. Let current be current's parent browsing context.
5. Append the Unicode serialization of current's active document's
[=concept/origin=] to output as a new value.
6. Return to the step labeled Loop.
7. End: Return output.
A {{Location}} object has an associated Location-object-setter navigate
algorithm, which given a url, runs these steps:
1. If any of the following conditions are met, let replacement flag be unset;
otherwise, let it be set:
* This {{Location}} object's relevant Document has
completely loaded, or
* In the task in which the algorithm is running, an activation behavior is
currently being processed whose click event was trusted, or
* In the task in which the algorithm is running, the event listener for a
trusted click event is being handled.
2. Location-object navigate, given url and
replacement flag.
To Location-object navigate, given a url and
replacement flag, run these steps:
1. The source browsing context is the responsible browsing context specified by the
incumbent settings object.
2. Navigate the browsing context to url, with the
exceptions enabled flag set. Rethrow any exceptions.
If the replacement flag is set or the browsing context's
session history contains only one {{Document}}, and that was the
about:blank {{Document}} created when the browsing context was created,
then the navigation must be done with replacement enabled.
The href attribute's getter must run these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Return this {{Location}} object's [=url/URL=], serialized.
The {{Location/href}} attribute's setter must run these steps:
1. Parse the given value relative to the entry settings object. If that failed,
throw a TypeError exception.
2. Location-object-setter navigate to the resulting URL record.
The {{Location/href}} attribute setter intentionally has no security check.
Theorigin attribute's getter must run these
steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Return the Unicode serialization of this {{Location}} object's [=url/URL=]'s
[=concept/origin=].
It returns the Unicode rather than the ASCII serialization for compatibility with
MessageEvent.
protocol attribute's getter must run these
steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Return this {{Location}} object's [=url/URL=]'s [=url/scheme=], followed by
":".
The {{Location/protocol}} attribute's setter must run these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Let copyURL be a copy of this {{Location}} object's [=url/URL=].
3. Let possibleFailure be the result of basic URL parsing
the given value, followed by ":", with copyURL as url and
scheme start state as state override.
4. If possibleFailure is failure, throw a TypeError exception.
5. If copyURL's [=url/scheme=] is not "http" or
"https", terminate these steps.
6. Location-object-setter navigate to copyURL.
The host attribute's getter must run these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Let url be this {{Location}} object's [=url/URL=].
3. If url's host is null, return the empty string.
4. If url's port is null, return url's
host, serialized.
5. Return url's host, serialized, followed by ":" and
url's port, serialized.
The {{Location/host}} attribute's setter must run these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Let copyURL be a copy of this {{Location}} object's [=url/URL=].
3. If copyURL's non-relative flag is set, terminate these steps.
4. Basic URL parse the given value, with copyURL as
url and host state as state override.
5. Location-object-setter navigate to copyURL.
The hostname attribute's getter must run these
steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. If this {{Location}} object's [=url/URL=]'s host is null, return the
empty string.
3. Return this {{Location}} object's [=url/URL=]'s host,
serialized.
The {{Location/hostname}} attribute's setter must run these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Let copyURL be a copy of this {{Location}} object's [=url/URL=].
3. If copyURL's non-relative flag is set, terminate these steps.
4. Basic URL parse the given value, with copyURL as
url and hostname state as state override.
5. Location-object-setter navigate to copyURL.
The port attribute's getter must run these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. If this {{Location}} object's [=url/URL=]'s port is null, return the
empty string.
3. Return this {{Location}} object's [=url/URL=]'s port,
serialized.
The {{Location/port}} attribute's setter must run these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Let copyURL be a copy of this {{Location}} object's [=url/URL=].
3. If copyURL's host is null, copyURL's
non-relative flag is set, or copyURL's [=url/scheme=] is
"file", terminate these steps.
4. Basic URL parse the given value, with copyURL as
url and port state as state override.
5. Location-object-setter navigate to copyURL.
The pathname attribute's getter must run these
steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Let url be this {{Location}} object's [=url/URL=].
3. If url's non-relative flag is set, return the first string in
url's path.
4. Return "/", followed by the strings in url's path (including
empty strings), separated from each other by "/".
The {{Location/pathname}} attribute's setter must run these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Let copyURL be a copy of this {{Location}} object's [=url/URL=].
3. If copyURL's non-relative flag is set, terminate these steps.
4. Set copyURL's path to the empty list.
5. Basic URL parse the given value, with copyURL as
url and path start state as state override.
6. Location-object-setter navigate to copyURL.
The search attribute's getter must run these
steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. If this {{Location}} object's [=url/URL=]'s query is either null or
the empty string, return the empty string.
3. Return "?", followed by this {{Location}} object's [=url/URL=]'s
query.
The {{Location/search}} attribute's setter must run these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Let copyURL be a copy of this {{Location}} object's [=url/URL=].
3. If the given value is the empty string, set copyURL's query to
null.
4. Otherwise, run these substeps:
1. Let input be the given value with a single leading "?" removed, if
any.
2. Set copyURL's query to the empty string.
3. Basic URL parse input, with copyURL as
url and query state as state override, and the
relevant Document's document's character encoding as
encoding override.
5. Location-object-setter navigate to copyURL.
The hash attribute's getter must run these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. If this {{Location}} object's [=url/URL=]'s fragment is either null
or the empty string, return the empty string.
3. Return "#", followed by this {{Location}} object's [=url/URL=]'s
fragment.
The {{Location/hash}} attribute's setter must run these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Let copyURL be a copy of this {{Location}} object's [=url/URL=].
3. If copyURL's [=url/scheme=] is "javascript", terminate these
steps.
4. Let input be the given value with a single leading "#" removed, if any.
5. Set copyURL's fragment to the empty string.
6. Basic URL parse input, with copyURL as
url and fragment state as state override.
7. Location-object-setter navigate to copyURL.
Unlike the equivalent API for the <{a}> and <{area}> elements, the {{Location/hash}} attribute's setter does not special case the empty string to remain compatible with deployed scripts.
assign(url)
method is invoked, the user agent must run the following steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Parse url, relative to the entry settings object. If that failed,
throw a "{{SyntaxError}}" {{DOMException}}.
3. Location-object navigate to the resulting URL record.
When the
replace(url)
method is invoked, the user agent must run the following steps:
1. Parse url, relative to the entry settings object. If that failed,
throw a "{{SyntaxError}}" {{DOMException}}.
2. Location-object navigate to the resulting URL record with the
replacement flag set.
The {{Location/replace()}} method intentionally has no security check.
When thereload() method is invoked, the user agent
must run the appropriate steps from the following list:
Document's
[=concept/origin=] is not same origin with entry settings object's
[=concept/origin=]resize event in
response to the user resizing the browsing contextiframe attributes of the browsing context's
browsing context container.ancestorOrigins attribute's getter must run
these steps:
1. If this {{Location}} object's relevant Document's
[=concept/origin=] is not same origin-domain with the
entry settings object's [=concept/origin=], then throw a
"{{SecurityError}}" {{DOMException}}.
2. Otherwise, return this {{Location}} object's ancestor origins array.
Location internal methods
For example, following a hyperlink, [[#forms-form-submission]], and the
window.open() and location.assign() methods can all cause a
browsing context to navigate.
A resource has a URL, but that might not be the only information necessary to identify it. For example, a form submission that uses HTTP POST would also have the HTTP method and payload. Similarly, an `iframe` `srcdoc` document needs to know the data it is to use.
Navigation always involves source browsing context, which is the browsing context which was responsible for starting the navigation. When a browsing context is navigated to a new resource, the user agent must run the following steps:Doing so, however, can be dangerous, as it means that the user is overriding the author's explicit request to sandbox the content.
If the navigate algorithm was invoked optionally with an exceptions enabled flag, and it is aborted on this step, then in addition to aborting this algorithm, the user agent must also throw a "{{SecurityError}}" {{DOMException}}.The handle redirects step later in this algorithm can in certain cases jump back to the step labeled Fragments. Since, between those two steps, this algorithm goes from operating immediately in the context of the calling task to operating in parallel independent of the event loop, some of the intervening steps need to be able to handle both being run as part of a task and running in parallel. The gone async flag is thus used to make these steps aware of which mode they are operating in.
GET, and the
URL record of the new resource has a fragment component that is not
null (even if it is empty), then navigate to that fragment
and abort these steps.In the case of a registered handler being used, the algorithm will be reinvoked with a new URL to handle the request.
load events mode.
The user agent must take this nested browsing context out of the
delaying load events mode when this navigation algorithm later
matures, or when it terminates (whether due to having run all the steps, or being canceled,
or being aborted), whichever happens first.
javascriptjavascript: URL" steps,
associated with the active document of the browsing context being navigated:
1. If the [=concept/origin=] of the source browsing context is not the same origin as
the [=concept/origin=] of the active document of the browsing context being
navigated, then let result be undefined, and jump to the step labeled
process results below.
2. Let urlRecord be the result of running the URL parser on the
[=url/URL=] of the new resource.
3. Let script source be the empty string.
4. Append the first string of urlRecord's path component to script
source.
5. If urlRecord's query component is not null, then first
append a U+003F QUESTION MARK character (?) to script source, and then append
urlRecord's query component to script source.
6. If urlRecord's fragment component is not null, then first
append a U+0023 NUMBER SIGN character (#) to script source, and then append
urlRecord's fragment component to script
source.
7. Replace script source with the result of applying the
percent decode algorithm to script source.
8. Replace script source with the result of applying the UTF-8 decode
algorithm to script source.
9. Let address be the [=Document/URL=] of the active document of the
browsing context being navigated.
10. Let settings be the relevant settings object of the browsing
context being navigated.
11. Let script be the result of creating a classic script given
script source and settings.
12. Let result be the result of running the classic script
script. If evaluation was unsuccessful, let result be undefined
instead. (The result will also be undefined if scripting is disabled.)
13. Process results: If Type(result) is not
String, then the result of obtaining the resource for the URL is a
response whose status is 204.
Otherwise, the result of obtaining the resource for the URL is a response whose
[=response/header list=] consists of
Content-Type/[[#text-html|text/html]] and whose
[=response/body=] is result, and whose
[=response/HTTPS state=] is settings's
HTTPS state.
When it comes time to set the document's address in the
navigation algorithm, use address as the override URL.
The task source for this task is the DOM manipulation task source.
javascript: URL in an <{links/href}> attribute of
an <{a}> element would only be evaluated when the link was followed, while such a URL in
the <{iframe/src}> attribute of an <{iframe}> element would be evaluated in the context
of the iframe's own nested browsing context when the
iframe is being set up; once evaluated, its return value (if it was not void)
would replace that browsing context's {{Document}}, thus also
changing the Window object of that browsing context.
Window
object's environment settings object, target browsing context to the
browsing context being navigated, destination to "document",
mode to "navigate", credentials mode to "include",
use-URL-credentials flag, and redirect mode to "manual".Origin-header flag.
GET, or,
if the navigation algorithm was invoked as a result of the form submission
algorithm, then if there is an [=concept/origin=] of the active document
of the source browsing context, unset request's
omit-Origin-header flag.Origin-header flag.
So for instance, if the original URL was "https://example.com/#!sample"
and "https://example.com/" is found to redirect to
"https://example.com/", the URL of the new resource will be
"https://example.com/#!sample".
Content-Disposition headers specifying
the attachment disposition type must be handled as a download.
HTTP 401 responses that do not include a challenge recognized by the user agent must be
processed as if they had no challenge, e.g., rendering the entity body as if the response had
been 200 OK.
User agents may show the entity body of an HTTP 401 response even when the response does
include a recognized challenge, with the option to login being included in a non-modal fashion,
to enable the information provided by the server to be used by the user before authenticating.
Similarly, user agents should allow the user to authenticate (in a non-modal fashion) against
authentication challenges included in other responses such as HTTP 200 OK responses, effectively
allowing resources to present HTTP login forms without requiring their use.
text/css"text/plain"text/vtt"multipart/x-mixed-replace"application/atom+xml MIME type), or one for
which the user agent has a dedicated handler.
The term JSON MIME type is used to refer to the MIME types
application/json, text/json, and any MIME type whose
subtype ends with the five characters "+json".
An explicitly supported JSON type is one for which the user agent is configured to
use an external application to render the content (either a plugin rendering directly
in the browsing context, or a separate application), or one for which the user agent
has dedicated processing rules, or one for which the user agent has a dedicated handler.
Setting the document's address:
If there is no override URL, then any {{Document}} created by these steps must
have its [=Document/URL=] set to the [=url/URL=] that was originally to be fetched, ignoring
any other data that was used to obtain the resource. However, if there is an
override URL, then any {{Document}} created by these steps must have its
[=Document/URL=] set to that [=url/URL=] instead.
An override URL is set when dereferencing a javascript: URL
and when performing an overridden reload.
Document object: when a {{Document}} is created as part
of the above steps, the user agent will be required to additionally run the following algorithm
after creating the new object:
1. If browsingContext's only entry in its session history is the
about:blank {{Document}} that was added when browsingContext was
created, and navigation is occurring with
replacement enabled, and that {{Document}} has the same origin as the new
{{Document}}, then
1. Let window be the {{Window}} object of that {{Document}}.
2. Change the {{Window/document}} attribute of window to point to the new
{{Document}}.
2. Otherwise,
1. Call the JavaScript InitializeHostDefinedRealm() abstract operation with the
following customizations:
* For the global object, create a new {{Window}} object window.
* For the global this value, use browsingContext's {{WindowProxy}}
object.
* Let realm execution context be the created
JavaScript execution context.
* Do not obtain any source texts for scripts or modules.
2. Set up a browsing context environment settings object with
realm execution context, and let settings object be the result.
3. Set window's
associated Document to the new
{{Document}}.
3. Set browsingContext's {{WindowProxy}} object's \[[Window]] internal slot value to
window.
4. Set the {{Document}}'s HTTPS state to the
[=response/HTTPS state=] of the resource used to generate the document.
5. Set the {{Document}}'s referrer policy to the result of
parsing the Referrer-Policy header of the response
used to generate the document. [[!REFERRERPOLICY]]
6. Execute the Initialize a Document's CSP list algorithm on the {{Document}}
object and the resource used to generate the document. [[CSP3]]
7. Set [=the document's referrer=] to the
address of the resource from which Request-URIs are obtained as determined when the
fetch algorithm obtained the resource, if that algorithm was used and determined such a value;
otherwise, set it to the empty string.
8. Implement the sandboxing for the {{Document}}.
9. If the active sandboxing flag set of the {{Document}}'s browsing context or any
of its ancestor browsing contexts (if any) have the
sandboxed fullscreen browsing context flag set, then skip this step.
If the {{Document}}'s browsing context has a browsing context container and
either it is not an <{iframe}> element, or it does not have the <{iframe/allowfullscreen}>
attribute specified, or its {{Document}} does not have the fullscreen enabled flag set,
then also skip this step.
Otherwise, set the {{Document}}'s fullscreen enabled flag.
In the case of a registered handler being used, the algorithm will be reinvoked with a new URL to handle the request.
mailto: URL to a mail client, or a Word document to a word processor),
user agents should attempt to mitigate the risk that this is an attempt to exploit the
target software, e.g., by prompting the user to confirm that the source browsing
context's active document's [=concept/origin=] is to be allowed to invoke the
specified software. In particular, if the navigate algorithm, when it was invoked,
was not allowed to show a popup, the user agent should not invoke the external
software package without prior user confirmation.
For example, there could be a vulnerability in the target software's URL handler which a hostile page would attempt to exploit by tricking a user into clicking a link.
This can only happen if the entry being updated is not the current entry, and can never happen with replacement enabled. (It happens when the user tried to traverse to a session history entry that no longer had a {{Document}} object.)
This doesn't necessarily have to affect the user agent's user interface.
History object representing the new
resource and its {{Document}} object, related state, and the default
scroll restoration mode of "auto".[[#text-html|text/html]]", initialize the
{{Document}} object, and finally create an HTML parser and associate it with the
{{Document}}. Each task that the networking task source places on the
task queue while fetching runs must then fill the parser's input byte stream
with the fetched bytes and cause the HTML parser to perform the
appropriate processing of the input stream.
The input byte stream converts bytes into characters for use in the [[#tokenization|tokenizer]]. This process relies, in part, on character encoding information found in the real Content-Type metadata of the resource; the "computed type" is not used for this purpose.
When no more bytes are available, the user agent must queue a task for the parser to process the implied EOF character, which eventually causes aload event
to be fired.
After creating the {{Document}} object, but before any script execution, certainly
before the parser stops, the user agent must
update the session history with the new page.
The task source for the two tasks mentioned in this section must be the
networking task source.
At the time of writing, the XML specification community had not actually yet specified how XML and the DOM interact.
After the {{Document}} is created, the user agent must initialize the {{Document}} object. The actual HTTP headers and other metadata, not the headers as mutated or implied by the algorithms given in this specification, are the ones that must be used when determining the character encoding according to the rules given in the above specifications. Once the character encoding is established, the document's character encoding must be set to that character encoding. User agents may examine the namespace of the root {{Element}} node of this {{Document}} object to perform namespace-based dispatch to alternative processing tools, e.g., determining that the content is actually a syndication feed and passing it to a feed handler. If such processing is to take place, abort the steps in this section, and jump to the next step (labeled non-document content) in the navigate steps above. Otherwise, then, with the newly created {{Document}}, the user agent must update the session history with the new page. User agents may do this before the complete document has been parsed (thus achieving incremental rendering), and must do this before any scripts are to be executed. Error messages from the parse process (e.g., XML namespace well-formedness errors) may be reported inline by mutating the {{Document}}.load event
to be fired.
After creating the {{Document}} object, but potentially before the page has finished
parsing, the user agent must update the session history with the new page.
User agents may add content to the <{head}> element of the {{Document}}, e.g.,
to link to a style sheet, provide a script, give the document a <{title}>, etc.
In particular, if the user agent supports the Format=Flowed
feature of RFC3676 then the user agent would need to apply extra styling to
cause the text to wrap correctly and to handle the quoting feature. [[RFC3676]]
multipart/x-mixed-replace resourcesmultipart/x-mixed-replace is to be loaded in a
browsing context, the user agent must parse the resource using the rules for
multipart types. [[!RFC2046]]
For each body part obtained from the resource, the user agent must run a new instance of the
navigate algorithm, starting from the resource handling step, using the new
body part as the resource being navigated, with replacement enabled if a previous
body part from the same resource resulted in a {{Document}} object being created and
initialized, and otherwise using the same setup as the navigate attempt that
caused this section to be invoked in the first place.
For the purposes of algorithms processing these body parts as if they were complete stand-alone
resources, the user agent must act as if there were no more bytes for those resources whenever the
boundary following the body part is reached.
Thus, load events (and for that matter unload events)
do fire for each body part loaded.
| Type of media | Element for the media | Appropriate attribute |
|---|---|---|
| Image | img
| src
|
| Video | video
| src
|
| Audio | audio
| src
|
Document object, but potentially before the page has finished
fully loading, the user agent must update the session history with the new page.
User agents may add content to the <{head}> element of the {{Document}}, or attributes to the
element host element, e.g., to link to a style sheet, provide a script, give the
document a <{title}>, make the media autoplay, etc.
embed element
to the address of the resource.
The term plugin document is used by Content Security Policy as part of the
mechanism that ensures <{iframe}>s can't be used to evade plugin-types
directives. [[!CSP3]]
Document object, but potentially before the page has finished
fully loading, the user agent must update the session history with the new page.
User agents may add content to the <{head}> element of the {{Document}}, or attributes to the
<{embed}> element, e.g., to link to a style sheet, to give the document a <{title}>, etc.
If the {{Document}}'s active sandboxing flag set has its sandboxed plugins browsing context flag set, the synthesized <{embed}> element will fail to render the content if the relevant plugin cannot be secured.
[[#text-html|text/html]]",
initialize the {{Document}} object, and then either associate that
{{Document}} with a custom rendering that is not rendered using the normal
{{Document}} rendering rules, or mutate that {{Document}} until it represents
the content the user agent wants to render.
Once the page has been set up, the user agent
must act as if it had [=stop parsing|stopped parsing=].
After creating the Document object, but potentially before
the page has been completely set up, the user agent must
update the session history with the new page.
This doesn't necessarily have to affect the user agent's user interface.
History object representing the new
resource and its {{Document}} object, related state, and current history scroll
restoration preference. Its [=url/URL=] must be set to the address to which the user
agent was navigating. The title must be left unset.If the scrolling fails because the relevant ID has not yet been parsed, then the original navigation algorithm will take care of the scrolling instead, as the last few steps of its update the session history with the new page algorithm.
top, then the indicated part of the document is the top of the document;
stop the algorithm here.This algorithm is not just invoked when explicitly going back or forwards in the session history — it is also invoked in other situations, for example when navigating a browsing context, as part of updating the session history with the new page.
If the resource was obtained using a non-idempotent action, for example a POST form submission, or if the resource is no longer available, for example because the computer is now offline and the page wasn't cached, navigating to it again might not be possible. In this case, the navigation will result in a different page than previously; for example, it might be an error message explaining the problem or offering to resubmit the form.
pushState() or
replaceState() methods, then set its title to the value
returned by the document.title IDL attribute.History object to reflect any state that the user agent
wishes to persist. The entry is then said to be an entry with persisted
user state.off", invoke the
reset algorithm of each of those elements.complete", queue a task to run the following sub-sub-steps:
This is specifically intended for use by the Page Visibility specification. [[PAGE-VISIBILITY]]
pageshow at the
Window object of that {{Document}}, with target override set to the
{{Document}} object, using the PageTransitionEvent interface, with the
{{PageTransitionEvent/persisted}} attribute initialized to true.
This event must not bubble, must not be cancelable, and has no default action.history.state to state.popstate at the Window
object of the {{Document}}, using the PopStateEvent interface, with the
state attribute initialized to the value of state.
This event must bubble but not be cancelable and has no default action.hashchange at the browsing
context's {{Window}} object, using the {{HashChangeEvent}} interface,
with the oldURL attribute initialized to old URL and the
newURL attribute initialized to new URL. This event must
bubble but not be cancelable and has no default action.When the user agent is to restore persisted user state from a history entry, it must run the following steps immediately:
auto"manual" the user agent should not restore
the scroll position for the document, otherwise, it may do so.This can even include updating the <{global/dir}> attribute of <{textarea}> elements or <{input}> elements whose <{input/type}> attribute is in either the <{input/Text}> state or the <{input/Search}> state, if the persisted state includes the directionality of user input in such controls.
PopStateEvent interface
[Constructor(DOMString type, optional PopStateEventInit eventInitDict), Exposed=(Window,Worker)]
interface PopStateEvent : Event {
readonly attribute any state;
};
dictionary PopStateEventInit : EventInit {
any state = null;
};
statepushState() or
replaceState().
state attribute must return the value it
was initialized to. It represents the context information for the event, or null, if the state
represented is the initial state of the {{Document}}.
HashChangeEvent interface
[Constructor(DOMString type, optional HashChangeEventInit eventInitDict), Exposed=(Window,Worker)]
interface HashChangeEvent : Event {
readonly attribute USVString oldURL;
readonly attribute USVString newURL;
};
dictionary HashChangeEventInit : EventInit {
USVString oldURL = "";
USVString newURL = "";
};
oldURLnewURLoldURL attribute must return the
value it was initialized to. It represents context information for the event, specifically the URL
of the session history entry that was traversed from.
The newURL attribute must return the
value it was initialized to. It represents context information for the event, specifically the URL
of the session history entry that was traversed to.
PageTransitionEvent interface
[Constructor(DOMString type, optional PageTransitionEventInit eventInitDict), Exposed=(Window,Worker)]
interface PageTransitionEvent : Event {
readonly attribute boolean persisted;
};
dictionary PageTransitionEventInit : EventInit {
boolean persisted = false;
};
pageshow event, returns false if the page is newly being loaded (and the
load event will fire). Otherwise, returns true.
For the pagehide event, returns false if the page is going away for the last
time. Otherwise, returns true, meaning that (if nothing conspires to make the page
unsalvageable) the page might be reused if the user navigates back to this page.
Things that can cause the page to be unsalvageable include:
document.open()
beforeunload events
unload events
iframes that are not salvageable
WebSocket objects
Document
persisted attribute must return
the value it was initialized to. It represents the context information for the event.
pageshow and pagehide events in a consistent manner
(e.g., that they never receive two pagehide events in a row without an intervening
pageshow, or vice versa).
Event loops have a termination nesting level counter,
which must initially be zero.
When a user agent is to
prompt to unload a document,
it must run the following steps.
BeforeUnloadEvent event object
with the name beforeunload, which does not bubble but is cancelable.Window object.document.open() method.)
pagehide event
and don't rerun the unloading document visibility change steps).pagehide at the
Window object of the {{Document}}, with target override set to the
{{Document}} object, using the PageTransitionEvent interface,
with the {{PageTransitionEvent/persisted}} attribute initialized
to true if the {{Document}} object's salvageable state is true, and false otherwise.
This event must not bubble, must not be cancelable, and has no default action.This is specifically intended for use by the Page Visibility specification. [[PAGE-VISIBILITY]]
unload at the
{{Document}}'s Window object, with target override set to the
{{Document}} object.Document.WebSocket objects that were created by the
WebSocket() constructor from the {{Document}}'s Window object.
If this affected any WebSocket objects, then set {{Document}}'s
salvageable state to false.
EventSource objects that whose constructor was invoked from the
{{Document}}'s Window object.Window's list of active timers.BeforeUnloadEvent interface
interface BeforeUnloadEvent : Event {
attribute DOMString returnValue;
};
There are no BeforeUnloadEvent-specific initialization methods.
returnValue attribute
represents the message to show the user. When the event is created, the attribute must be set to
the empty string. On getting, it must return the last value it was set to. On setting, the
attribute must be set to the new value.
abort at that {{Document}}'s Window object before invoking the
abort algorithm.
[NoInterfaceObject, Exposed=(Window, Worker)]
interface NavigatorOnLine {
readonly attribute boolean onLine;
};
navigator . onLineonline and offline are fired when the value of
this attribute changes.
navigator.onLine
attribute must return false if the user agent will not contact the network when the user
follows links or when a script requests a remote page (or knows that such an attempt would fail),
and must return true otherwise.
When the value that would be returned by the navigator.onLine attribute of a
Window or WorkerGlobalScope changes from true to false,
the user agent must queue a task to fire a simple event named offline
at the Window or WorkerGlobalScope object.
On the other hand, when the value that would be returned by the
navigator.onLine attribute of a Window or
WorkerGlobalScope changes from false to true, the user agent must
queue a task to fire a simple event named online at
the Window or WorkerGlobalScope object.
The task source for these tasks is the networking task source.
This attribute is inherently unreliable. A computer can be connected to a network without having Internet access.