From 6b7810061b297603fae00eea95f65055b9afdd78 Mon Sep 17 00:00:00 2001 From: Antonio Sartori Date: Wed, 17 Mar 2021 08:59:05 +0100 Subject: [PATCH] Add CSPs and fix some stuff --- source | 218 +++++++++++++++++++++++++++++++++------------------------ 1 file changed, 127 insertions(+), 91 deletions(-) diff --git a/source b/source index ac5385f263e..a323172134f 100644 --- a/source +++ b/source @@ -2470,7 +2470,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • ABNF
  • about:blank
  • An HTTP(S) scheme
  • -
  • A local URL
  • +
  • A URL which is local
  • A local scheme
  • A fetch scheme
  • CORS protocol
  • @@ -2505,7 +2505,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • header list
  • body
  • internal response
  • -
  • CSP list
  • location URL
  • timing info
  • @@ -3861,7 +3860,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • The Content Security Policy syntax
  • enforce the policy
  • The parse a serialized Content Security Policy algorithm
  • -
  • The Initialize a global object's CSP list algorithm
  • The Initialize a Document's CSP list algorithm
  • The Should element's inline behavior be blocked by Content Security Policy? algorithm
  • The Should navigation request of type be blocked by Content Security Policy? algorithm
  • @@ -3872,6 +3870,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • The frame-ancestors directive
  • The sandbox directive
  • The contains a header-delivered Content Security Policy property.
  • +
  • The Parse a response's Content Security Policies algorithm.
  • @@ -6844,8 +6843,8 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
    1. Let CSP list be element's shadow-including root's CSP - list.

    2. + root">shadow-including root's policy + container's CSP list.

    3. If CSP list contains a header-delivered Content Security Policy, and @@ -6869,11 +6868,13 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute

    -

    As each Document's CSP - list is append-only, user agents can optimize away the contains a header-delivered - Content Security Policy check by, for example, holding a flag on the Document, - set during Document - creation and initialization.

    +

    As each Document's policy container's CSP list is append-only, user agents can optimize away + the contains a header-delivered Content Security Policy check by, for example, + holding a flag on the CSP list, set when creating the policy container from the + fetch response.

    The cloning steps for elements that include HTMLOrSVGElement must set the @@ -9178,11 +9179,6 @@ partial interface Document {

    The Document has an embedder policy (an embedder policy).

    -

    The Document has a CSP list, which is a CSP list - containing all of the Content Security Policy objects active for the document. The - list is empty unless otherwise specified.

    -

    The Document has a permissions policy, which is a permissions policy, which is initially @@ -30325,12 +30321,9 @@ interface HTMLIFrameElement : HTMLElement { data-x="concept-response">response whose url list consists of about:srcdoc, header list consists of `Content-Type`/`text/html`, Content-Type`/`text/html`, and body is the value of element's srcdoc attribute, and CSP list is a clone - of element's node document's CSP list.

    + data-x="attr-iframe-srcdoc">srcdoc attribute.

    The resulting Document must be considered an iframe srcdoc document.

    @@ -77919,8 +77912,10 @@ popup4.close(); embedder policy to creator's embedder policy.

    -
  • If creator is non-null, then set document's policy - container to a clone of creator's policy container.

  • +
  • If creator is non-null, then set document's policy container to a clone of creator's policy container.

  • Append a new session history entry to browsingContext's session history whose URL is about:blank @@ -82853,12 +82848,17 @@ interface BarProp {

    Policy container

    A policy container is a struct containing policies that apply to a - document. It has the following items:

    + Document or global object. It has the following items:

    -
    -

    There are no items at the moment. Each item has to define a default value for creating a new - policy container.

    -
    + + +

    Each item has to define a default value for creating a new policy container.

    + +

    Move other policies into the policy container.

    To clone a policy container from a given policy container policy container:

    @@ -82866,16 +82866,36 @@ interface BarProp {
    1. Let clone be a new policy container.

    2. -
    3. For each item of policy container, set the - corresponding item of clone to an equal - value.

    4. +
    5. For each policy in policy container's CSP list, insert a copy of policy into + clone's CSP list.

    6. Return clone.

    -

    To create a policy container for - a fetch response from a given URL response URL and header list header list:

    +

    To determine whether a URL URL requires storing the policy + container in history:

    + +
      +
    1. If URL's scheme is "blob", return false.

    2. + + +
    3. If URL is "about:srcdoc", return false.

    4. + +
    5. If URL is local, return true.

    6. + +
    7. Return false.

    8. +
    + +

    To create a policy container + from a fetch response from a given response + response:

    1. If response URL's scheme is "BarProp { data-x="blob-url-entry-environment">environment's policy container.

    2. -
    3. Let result be a new policy container.

    4. +
    5. Otherwise, let result be a new policy container.

    6. -
    7. For each item of result, set item to be the result of parsing header list into item.

    8. +
    9. Set result's CSP list to the + result of parsing a response's Content Security Policies + given response.

    10. Return result.

    To determine navigationParams - policy container from a given URL response url and four optional + policy container from a given URL response URL and four optional policy containers history policy container, - initiator policy container, parent policy container and response policy - container:

    + initiator policy container, parent policy container, and response + policy container:

      -
    1. If history policy container is not null, then assert that response - url is local and return a clone of history policy container.

    2. +
    3. +

      If history policy container is not null, then:

      + +
        +
      1. Assert: response URL requires storing the policy container in + history.

      2. + +
      3. Return a clone of history policy + container.

      4. +
      +
    4. -
    5. If response url is about:srcdoc, then assert that parent - policy container is not null and return a clone of parent policy container.

    6. +
    7. +

      If response URL is about:srcdoc, then:

      + +
        +
      1. Assert: parent policy container is not null.

      2. + +
      3. Return a clone of parent policy + container.

      4. +
      +
    8. -
    9. If response url is local and initiator +

    10. If response URL is local and initiator policy container is not null, then return a clone of initiator policy container.

    11. @@ -82919,13 +82954,30 @@ interface BarProp {
    12. Otherwise, return a new policy container.

    -

    To determine a worker's policy - container from a given URL response url, a set of - Document and WorkerGlobalScope objects worker owner set and a - header list header list:

    +

    To initialize a worker global scope's policy + container given a WorkerGlobalScope worker global scope and a response response:

      -
    1. TODO: FILL.

    2. +
    3. +

      If worker global scope's url + is local but not "blob":

      + +
        +
      1. Assert that worker global scope's owner set contains exactly one + element.

      2. + +
      3. Set worker global scope's policy container to a clone of worker global scope's owner + set's unique element's relevant settings object's policy container.

      4. +
      +
    4. + +
    5. Otherwise, set worker global scope's policy container to the result of + creating a policy container from a fetch response given response.

    Session history and navigation

    @@ -84854,7 +84906,8 @@ interface Location { // but see also navigation.

  • Let initiatorPolicyContainer be a clone of the source browsing - context's active document's policy container, if any.

  • + context's active document's policy container, if any.

  • Cancel any preexisting but not yet mature attempt to navigate browsingContext, including canceling any instances of the Location { // but see also determining navigationParams policy container given resource's url, historyPolicyContainer, initiatorPolicyContainer, parent browsing - context's active document's current policy container (if - any) and null.

  • + context's active document's policy container and null.

  • Let navigationParams be a new navigation params whose request is null, Location { // but see also URL and response's header list.

  • + container from a fetch response response.

  • If browsingContext is a top-level browsing context, then:

    @@ -85814,9 +85865,7 @@ interface Location { // but see also
    unsafe-none
    ".

  • Initialize a Document's CSP list given - document, navigationParams's response, and navigationParams's request.

    + document.

  • If navigationParams's request is @@ -86013,10 +86062,10 @@ new PaymentRequest(…); // Allowed to use more discussion on this.

  • -
  • If newDocument's URL is local, let newEntry's policy container be navigationParams's policy container.

  • +
  • If newDocument's URL + requires storing the policy container in history, let newEntry's + policy container be navigationParams's + policy container.

  • Insert newEntry into sessionHistory after its current entry.

  • @@ -86044,10 +86093,10 @@ new PaymentRequest(…); // Allowed to use data-x="concept-document-url">URL and document is newDocument.

    -
  • If newDocument's URL is local, let newEntry's policy container be navigationParams's policy container.

  • +
  • If newDocument's URL + requires storing the policy container in history, let newEntry's + policy container be navigationParams's + policy container.

  • Append newEntry to sessionHistory.

  • @@ -87332,8 +87381,8 @@ interface BeforeUnloadEvent : Event {

    To check a navigation response's adherence to `X-Frame-Options`, given - a response response, a browsing - context browsingContext, and an origin + navigationParams navigationParams, a + browsing context browsingContext, and an origin destinationOrigin:

      @@ -87341,8 +87390,9 @@ interface BeforeUnloadEvent : Event { true.

    1. -

      For each policy of response's CSP list:

      +

      For each policy of navigationParams' + policy container's CSP list:

      1. If policy's disposition is not "BeforeUnloadEvent : Event {

      2. Let rawXFrameOptions be the result of getting, decoding, and splitting - `X-Frame-Options` from response's X-Frame-Options` from navigationParams's response's header list.

      3. Let xFrameOptions be a new set.

      4. @@ -99314,11 +99365,6 @@ interface WorkerGlobalScope : EventTarget { data-x="concept-WorkerGlobalScope-embedder-policy">embedder policy (an embedder policy).

        -

        A WorkerGlobalScope object has an associated CSP list, which is a CSP list containing all of the Content Security - Policy objects active for the worker. It is initially an empty list.

        -

        A WorkerGlobalScope object has an associated module map. It is a module map, initially empty.

        @@ -99751,12 +99797,8 @@ interface SharedWorkerGlobalScope : WorkerGlobalScope { data-x="concept-WorkerGlobalScope-url">url to response's url.

        -
      5. Set worker global scope's policy container to the result of - determining a worker's policy - container given url, worker global scope's owner set - and response's header - list.

      6. +
      7. Initialize worker global scope's + policy container given worker global scope, and response.

      8. Set worker global scope's referrer policy to the result of @@ -99821,9 +99863,6 @@ interface SharedWorkerGlobalScope : WorkerGlobalScope { issue #207 for more details.

      9. -
      10. Initialize a global object's CSP list given worker global scope - and response.

      11. -
      12. Asynchronously complete the perform the fetch steps with response.

      @@ -101149,9 +101188,6 @@ interface WorkletGlobalScope {}; settings object">setting up a worklet environment settings object given realmExecutionContext and outsideSettings.

    2. -
    3. Initialize a global object's CSP list given workletGlobalScope. -

    4. -
    5. For each moduleURL of worklet's added modules list: