Reduce CookieListItem to only expose name and value

We never had agreement to expose more than information than document.cookie, so make the standard reflect that.

Tests: web-platform-tests/wpt#54129.

Fixes #238 and closes #241.

Author: annevk

index.bs

@@ -398,20 +398,13 @@ A <dfn>cookie</dfn> is normatively defined for user agents by [[RFC6265BIS-14#na
 Per [[RFC6265BIS-14#name-storage-model|Cookies § Storage Model]], a [=cookie=] has the following fields:
 <dfn>name</dfn>,
 <dfn>value</dfn>,
-<dfn>expiry-time</dfn>,
 <dfn>domain</dfn>,
 <dfn>path</dfn>,
-<dfn>creation-time</dfn>,
-<dfn>last-access-time</dfn>,
-<dfn>persistent-flag</dfn>,
-<dfn>host-only-flag</dfn>,
-<dfn>secure-only-flag</dfn>,
-<dfn>http-only-flag</dfn>,
-<dfn>same-site-flag</dfn>.
+<dfn>http-only-flag</dfn>.
 
 </div>
 
-A cookie is <dfn>script-visible</dfn> when it is in-scope and does not have the `HttpOnly` cookie flag. This is more formally enforced in the processing model, which consults [[RFC6265BIS-14#name-retrieval-model|Cookies § Retrieval Model]] at appropriate points.
+A cookie is <dfn>script-visible</dfn> when it is in-scope and its [=cookie/http-only-flag=] is unset. This is more formally enforced in the processing model, which consults [[RFC6265BIS-14#name-retrieval-model|Cookies § Retrieval Model]] at appropriate points.
 
 A cookie is also subject to certain size limits. Per [[RFC6265BIS-14#name-storage-model|Cookies § Storage Model]]:
 * The combined lengths of the name and value fields must not be greater than 4096 [=bytes=] (the <dfn for=cookie>maximum name/value pair size</dfn>).
@@ -499,12 +492,6 @@ dictionary CookieStoreDeleteOptions {
 dictionary CookieListItem {
   USVString name;
   USVString value;
-  USVString? domain;
-  USVString path;
-  DOMHighResTimeStamp? expires;
-  boolean secure;
-  CookieSameSite sameSite;
-  boolean partitioned;
 };
 
 typedef sequence<CookieListItem> CookieList;
@@ -1046,42 +1033,13 @@ run the following steps:
 
 <div algorithm>
 
-To <dfn>create a {{CookieListItem}}</dfn> from |cookie|, run the following steps.
+To <dfn>create a {{CookieListItem}}</dfn> from a [=/cookie=] |cookie|:
 
 1. Let |name| be the result of running [=UTF-8 decode without BOM=] on |cookie|'s [=cookie/name=].
 1. Let |value| be the result of running [=UTF-8 decode without BOM=] on |cookie|'s [=cookie/value=].
-1. Let |domain| be the result of running [=UTF-8 decode without BOM=] on |cookie|'s [=cookie/domain=].
-1. Let |path| be the result of running [=UTF-8 decode without BOM=] on |cookie|'s [=cookie/path=].
-1. Let |expires| be |cookie|'s [=cookie/expiry-time=] ([=as a timestamp=]).
-1. Let |secure| be |cookie|'s [=cookie/secure-only-flag=].
-1. Switch on |cookie|'s [=cookie/same-site-flag=]:
-    <dl class=switch>
-        : \``None`\`
-        :: Let |sameSite| be "{{CookieSameSite/none}}".
-        : \``Strict`\`
-        :: Let |sameSite| be "{{CookieSameSite/strict}}".
-        : \``Lax`\`
-        :: Let |sameSite| be "{{CookieSameSite/lax}}".
-    </dl>
-1. Let |partitioned| be a boolean indicating that the user agent supports [cookie partitioning](https://github.com/privacycg/CHIPS) and that that |cookie| has a partition key.
-1. Return «[
-    "name" → |name|,
-    "value" → |value|,
-    "domain" → |domain|,
-    "path" → |path|,
-    "expires" → |expires|,
-    "secure" → |secure|,
-    "sameSite" → |sameSite|,
-    "partitioned" → |partitioned|
-    ]»
-
-Note: The |cookie|'s
-[=cookie/creation-time=],
-[=cookie/last-access-time=],
-[=cookie/persistent-flag=],
-[=cookie/host-only-flag=], and
-[=cookie/http-only-flag=]
-attributes are not exposed to script.
+1. Return «[ "{{CookieListItem/name}}" → |name|, "{{CookieListItem/value}}" → |value| ]».
+
+Note: One implementation is known to expose information beyond _name_ and _value_.
 
 </div>