A browsing context is an
environment in which Document
objects are presented to the
user.
A tab or window in a Web browser typically contains
a browsing context, as does an
iframe
.
Each browsing context has a corresponding
WindowProxy
object.
A browsing context has a session history, which lists the
Document
objects that that browsing context has presented, is
presenting, or will present. At any time, one Document
in each browsing context is designated the
active document. A Document
's browsing context is that browsing context whose session history contains the Document
, if any. (A Document
created using an API such as
createDocument()
has no browsing context.)
Each Document
is associated with a
Window
object. A browsing context's WindowProxy
object forwards everything to the browsing context's active document's Window
object.
In general, there is a 1-to-1 mapping from the
Window
object to the Document
object. There are two exceptions.
First, a Window
can be reused for the presentation of
a second Document
in the same browsing context, such that the
mapping is then 1-to-2. This occurs when a browsing context is navigated from the initial about:blank
Document
to another, with
replacement enabled. Second, a Document
can end up being reused for
several Window
objects when the document.open()
method is used,
such that the mapping is then many-to-1.
A Document
does not necessarily have a
browsing context associated with it.
In particular, data mining tools are likely to never instantiate
browsing contexts.
A browsing context can have a creator browsing context, the browsing context that was responsible for its creation. If a browsing context has a parent browsing context, then that is its creator browsing context. Otherwise, if the browsing context has an opener browsing context, then that is its creator browsing context. Otherwise, the browsing context has no creator browsing context.
If a browsing context A
has a creator browsing context, then
the Document
that was the active document of that creator browsing context at the
time A was created is the creator Document
.
Certain elements (for example, iframe
elements) can instantiate further
browsing
contexts. These are called nested browsing contexts. If
a browsing context P has a Document
D with an
element E that nests another browsing context
C inside it, then C is said
to be nested through D, and E is said to be the browsing context container of
C. If the browsing context container
element E is in the Document
D, then
P is said to be the parent browsing context of
C and C is said to be a
child browsing context of
P. Otherwise, the nested browsing context
C has no parent browsing context.
A browsing context A is said to be an ancestor of a browsing context B if there exists a browsing context A' that is a child browsing context of A and that is itself an ancestor of B, or if there is a browsing context P that is a child browsing context of A and that is the parent browsing context of B.
A browsing context that is not a nested browsing context has no parent browsing context, and is the top-level browsing context of all the browsing contexts for which it is an ancestor browsing context.
The transitive closure of parent browsing contexts for a nested browsing context gives the list of ancestor browsing contexts.
The list of
the descendant browsing contexts of a Document
d is the
(ordered) list returned by the following algorithm:
Let list be an empty list.
For each child browsing context of
d that is nested through an element
that is in the
Document
d, in the tree order of the elements nesting those
browsing
contexts, run these substeps:
Append that child browsing context to the list list.
Append the list of the descendant browsing contexts of the active document of that child browsing context to the list list.
Return the constructed list.
A Document
is said to be fully active when it is the active document of its browsing context, and either its
browsing context is a top-level browsing context,
or it has a parent browsing context and the
Document
through which it is nested is itself fully active.
Because they are nested through an element, child
browsing contexts are always tied to a specific Document
in their parent browsing context. User
agents must not allow the user to interact with child
browsing contexts of elements that are in Document
s that are not themselves fully active.
A nested browsing context can
have a
seamless browsing context flag set, if it is embedded through
an iframe
element with a seamless
attribute.
A nested browsing context can in
some cases be taken out of its parent browsing context (e.g. if
an iframe
element is removed from its
Document
). In such a situation, the
nested browsing context has no
parent browsing context, but it
still has the same browsing context container
and is still nested through that element's
Document
. Such a nested browsing context is
not a top-level browsing context,
and cannot contain Document
s that are fully active. Furthermore, if a browsing context container
(such as an iframe
) is moved to another
Document
, then the parent browsing context of its
nested browsing context will
change.
The document family of a
browsing context consists of the union
of all the Document
objects in that browsing context's session history and the document families
of all those Document
objects. The document family of a Document
object consists of the union of
all the document families
of the browsing
contexts that are nested through the
Document
object.
top
Returns the WindowProxy
for the top-level browsing
context.
parent
Returns the WindowProxy
for the parent browsing context.
frameElement
Returns the Element
for the browsing context
container.
Returns null if there isn't one.
Throws a SecurityError
exception in cross-origin situations.
It is possible to create new browsing contexts that are related to a top-level browsing context without being nested through an element. Such browsing contexts are called auxiliary browsing contexts. Auxiliary browsing contexts are always top-level browsing contexts.
An auxiliary browsing context has an opener browsing context, which is the browsing context from which the auxiliary browsing context was created.
The opener
IDL attribute on the
Window
object, on getting, must return the
WindowProxy
object of the browsing context from which the
current browsing context was created (its
opener browsing context), if
there is one, if it is still available, and if the current browsing context has not disowned its opener; otherwise,
it must return null. On setting, if the new value is null then the
current browsing context must disown its
opener; if the new value is anything else then the user agent
must ignore the new value.
User agents may support secondary browsing contexts, which are browsing contexts that form part of the user agent's interface, apart from the main content area.
Browsing contexts can have a browsing context name. By default, a browsing context has no name (its name is not set).
A valid browsing context name is any string with at least one character that does not start with a U+005F LOW LINE character. (Names starting with an underscore are reserved for special keywords.)
A valid
browsing context name or keyword is any string that is either
a valid browsing context name
or that is an ASCII case-insensitive match for
one of: _blank
, _self
,
_parent
, or _top
.
These values have different meanings based on whether the page
is sandboxed or not, as summarized in the following (non-normative)
table. In this table, "current" means the browsing context that the link or
script is in, "parent" means the parent browsing context of the
one the link or script is in, "master" means the nearest ancestor browsing context of
the one the link or script is in that is not itself in a seamless
iframe, "top" means the top-level browsing context of
the one the link or script is in, "new" means a new top-level browsing context or
auxiliary browsing context is
to be created, subject to various user preferences and user agent
policies, "none" means that nothing will happen, and "maybe new"
means the same as "new" if the "allow-popups
" keyword is also
specified on the sandbox
attribute (or if the user
overrode the sandboxing), and the same as "none" otherwise.
Keyword | Ordinary effect | Effect in an iframe with... |
||||
---|---|---|---|---|---|---|
seamless="" |
sandbox="" |
sandbox="" seamless="" |
sandbox="allow-top-navigation" |
sandbox="allow-top-navigation"
seamless="" |
||
none specified, for links and form submissions | current | master | current | master | current | master |
none specified, for window.open()
|
new | new | maybe new† | maybe new† | maybe new† | maybe new† |
empty string | current | master | current | master | current | master |
_blank |
new | new | maybe new | maybe new | maybe new | maybe new |
_self |
current | current | current | current | current | current |
_parent if there isn't a parent |
current | current | current | current | current | current |
_parent if parent is also top |
parent/top | parent/top | none | none | parent/top | parent/top |
_parent if there is one and it's not
top |
parent | parent | none | none | none | none |
_top if top is current |
current | current | current | current | current | current |
_top if top is not current |
top | top | none | none | top | top |
name that doesn't exist | new | new | maybe new | maybe new | maybe new | maybe new |
name that exists and is a descendant | specified descendant | specified descendant | specified descendant | specified descendant | specified descendant | specified descendant |
name that exists and is current | current | current | current | current | current | current |
name that exists and is an ancestor that is top | specified ancestor | specified ancestor | none | none | specified ancestor/top | specified ancestor/top |
name that exists and is an ancestor that is not top | specified ancestor | specified ancestor | none | none | none | none |
† This case is only possible if the sandbox
attribute also allows
scripts.
Window
object[NamedPropertiesObject] interface Window : EventTarget { // the current browsing context [Unforgeable] readonly attribute WindowProxy window; [Replaceable] readonly attribute WindowProxy self; [Unforgeable] readonly attribute Document document; attribute DOMString name; [PutForwards=href, Unforgeable] readonly attribute Location location; readonly attribute History history; [Replaceable] readonly attribute BarProp locationbar; [Replaceable] readonly attribute BarProp menubar; [Replaceable] readonly attribute BarProp personalbar; [Replaceable] readonly attribute BarProp scrollbars; [Replaceable] readonly attribute BarProp statusbar; [Replaceable] readonly attribute BarProp toolbar; attribute DOMString status; void close(); void stop(); void focus(); void blur(); // other browsing contexts [Replaceable] readonly attribute WindowProxy frames; [Replaceable] readonly attribute unsigned long length; [Unforgeable] readonly attribute WindowProxy top; attribute WindowProxy? opener; readonly attribute WindowProxy parent; readonly attribute Element? frameElement; WindowProxy open(optional DOMString url, optional DOMString target, optional DOMString features, optional boolean replace); getter WindowProxy (unsigned long index); getter object (DOMString name); // the user agent readonly attribute Navigator navigator; readonly attribute External external; readonly attribute ApplicationCache applicationCache; // user prompts void alert(DOMString message); boolean confirm(DOMString message); DOMString? prompt(DOMString message, optional DOMString default); void print(); any showModalDialog(DOMString url, optional any argument); // event handler IDL attributes attribute EventHandler onabort; attribute EventHandler onafterprint; attribute EventHandler onbeforeprint; attribute EventHandler onbeforeunload; attribute EventHandler onblur; attribute EventHandler oncancel; attribute EventHandler oncanplay; attribute EventHandler oncanplaythrough; attribute EventHandler onchange; attribute EventHandler onclick; attribute EventHandler onclose; attribute EventHandler oncontextmenu; attribute EventHandler oncuechange; attribute EventHandler ondblclick; attribute EventHandler ondrag; attribute EventHandler ondragend; attribute EventHandler ondragenter; attribute EventHandler ondragleave; attribute EventHandler ondragover; attribute EventHandler ondragstart; attribute EventHandler ondrop; attribute EventHandler ondurationchange; attribute EventHandler onemptied; attribute EventHandler onended; attribute OnErrorEventHandler onerror; attribute EventHandler onfocus; attribute EventHandler onhashchange; attribute EventHandler oninput; attribute EventHandler oninvalid; attribute EventHandler onkeydown; attribute EventHandler onkeypress; attribute EventHandler onkeyup; attribute EventHandler onload; attribute EventHandler onloadeddata; attribute EventHandler onloadedmetadata; attribute EventHandler onloadstart; attribute EventHandler onmessage; attribute EventHandler onmousedown; attribute EventHandler onmousemove; attribute EventHandler onmouseout; attribute EventHandler onmouseover; attribute EventHandler onmouseup; attribute EventHandler onmousewheel; attribute EventHandler onoffline; attribute EventHandler ononline; attribute EventHandler onpause; attribute EventHandler onplay; attribute EventHandler onplaying; attribute EventHandler onpagehide; attribute EventHandler onpageshow; attribute EventHandler onpopstate; attribute EventHandler onprogress; attribute EventHandler onratechange; attribute EventHandler onreset; attribute EventHandler onresize; attribute EventHandler onscroll; attribute EventHandler onseeked; attribute EventHandler onseeking; attribute EventHandler onselect; attribute EventHandler onshow; attribute EventHandler onstalled; attribute EventHandler onstorage; attribute EventHandler onsubmit; attribute EventHandler onsuspend; attribute EventHandler ontimeupdate; attribute EventHandler onunload; attribute EventHandler onvolumechange; attribute EventHandler onwaiting; };
window
frames
self
These attributes all return window.
document
Returns the active document.
defaultView
Returns the Window
object of the active document.
open
(
[ url [, target [,
features [, replace ] ] ] ]
)Opens a window to show url (defaults to
about:blank
),
and returns it. The target argument gives the
name of the new window. If a window exists with that name already,
it is reused. The replace attribute, if true,
means that whatever page is currently open in that window will be
removed from the window's session history. The features argument is ignored.
name
[ = value ]Returns the name of the window.
Can be set, to change the name.
close
()Closes the window.
stop
()Cancels the document load.
length
Returns the number of child browsing contexts.
Returns the indicated child browsing context.
Window
objectReturns the indicated element or collection of elements.
To allow Web pages to integrate with Web browsers, certain Web browser interface elements are exposed in a limited way to scripts in Web pages.
Each interface element is represented by a BarProp
object:
interface BarProp { attribute boolean visible; };
locationbar
.
visible
Returns true if the location bar is visible; otherwise, returns false.
menubar
.
visible
Returns true if the menu bar is visible; otherwise, returns false.
personalbar
.
visible
Returns true if the personal bar is visible; otherwise, returns false.
scrollbars
.
visible
Returns true if the scroll bars are visible; otherwise, returns false.
statusbar
.
visible
Returns true if the status bar is visible; otherwise, returns false.
toolbar
.
visible
Returns true if the toolbar is visible; otherwise, returns false.
The origin of a resource and the effective script origin of a resource are both either opaque identifiers or tuples consisting of a scheme component, a host component, a port component, and optionally extra data.
The extra data could include the certificate of the site when using encrypted connections, to ensure that if the site's secure certificate changes, the origin is considered to change as well.
domain
[ = domain ]Returns the current domain used for security checks.
Can be set to a value that removes subdomains, to change the effective script origin to allow pages on other subdomains of the same domain (if they do the same thing) to access each other.
The
domain
attribute is used to enable pages on different
hosts of a domain to access each others' DOMs.
Do not use the
document.domain
attribute when using shared hosting. If
an untrusted third party is able to host an HTTP server at the same
IP address but on a different port, then the same-origin protection
that normally protects two different sites on the same host will
fail, as the ports are ignored when comparing origins after the
document.domain
attribute has been used.
A sandboxing flag set is a set of zero or more of the following flags, which are used to restrict the abilities that potentially untrusted resources have:
This flag prevents content from navigating browsing contexts other than the sandboxed browsing context itself (or browsing contexts further nested inside it), auxiliary browsing contexts (which are protected by the sandboxed auxiliary navigation browsing context flag defined next), and the top-level browsing context (which is protected by the sandboxed top-level navigation browsing context flag defined below).
If the sandboxed auxiliary navigation browsing context flag is not set, then in certain cases the restrictions nonetheless allow popups (new top-level browsing contexts) to be opened. These browsing contexts always have one permitted sandboxed navigator, set when the browsing context is created, which allows the browsing context that created them to actually navigate them. (Otherwise, the sandboxed navigation browsing context flag would prevent them from being navigated even if they were opened.)
This flag prevents
content from creating new auxiliary browsing contexts, e.g.
using the target
attribute, the window.open()
method, or the
showModalDialog()
method.
This flag prevents content from navigating their top-level browsing context.
When the allow-top-navigation
is set,
content can navigate its top-level browsing context,
but other browsing
contexts are still protected by the sandboxed
navigation browsing context flag and possibly the sandboxed
auxiliary navigation browsing context flag.
This flag prevents content from instantiating plugins, whether using the
embed
element,
the object
element,
the applet
element, or through
navigation of a nested browsing context, unless
those plugins can be secured.
This flag prevents content from using the seamless
attribute on descendant
iframe
elements.
This prevents a page inserted using the
allow-same-origin
keyword from
using a CSS-selector-based method of probing the DOM of other pages
on the same site (in particular, pages that contain user-sensitive
information).
This flag forces content into a unique origin, thus preventing it from accessing other content from the same origin.
This flag also prevents
script from reading from or writing to the document.cookie
IDL attribute, and
blocks access to localStorage
. [WEBSTORAGE]
This flag blocks form submission.
This flag blocks script execution.
This flag blocks features that trigger automatically, such as automatically playing a video or automatically focusing a form control.
When the user agent is to parse a sandboxing directive, given a string input and a sandboxing flag set output, it must run the following steps:
Split input on spaces, to obtain tokens.
Let output be empty.
Add the following flags to output:
The sandboxed
auxiliary navigation browsing context flag, unless tokens contains the allow-popups
keyword
The sandboxed
top-level navigation browsing context flag, unless tokens contains the allow-top-navigation
keyword
The sandboxed origin
browsing context flag, unless the tokens
contains the allow-same-origin
keyword
The allow-same-origin
keyword is
intended for two cases.
First, it can be used to allow content from the same site to be sandboxed to disable scripting, while still allowing access to the DOM of the sandboxed content.
Second, it can be used to embed content from a third-party site, sandboxed to prevent that site from opening popup windows, etc, without preventing the embedded page from communicating back to its originating site, using the database APIs to store data, etc.
The sandboxed forms
browsing context flag, unless tokens
contains the allow-forms
keyword
The sandboxed scripts
browsing context flag, unless tokens
contains the allow-scripts
keyword
The sandboxed
automatic features browsing context flag, unless tokens contains the allow-scripts
keyword (defined
above)
This flag is relaxed by the same keyword as scripts, because when scripts are enabled these features are trivially possible anyway, and it would be unfortunate to force authors to use script to do them when sandboxed rather than allowing them to use the declarative features.
Every top-level browsing context has a popup sandboxing flag set, which is a sandboxing flag set. When a browsing context is created, its popup sandboxing flag set must be empty. It is populated by the rules for choosing a browsing context given a browsing context name.
Every nested browsing context has an
iframe
sandboxing
flag set, which is a sandboxing flag set. Which flags in
a nested browsing context's
iframe
sandboxing
flag set are set at any particular time is determined by the
iframe
element's sandbox
attribute.
Every Document
has an active sandboxing flag set,
which is a sandboxing flag set. When the
Document
is created, its active sandboxing flag set
must be empty. It is populated by the navigation algorithm.