Skip to content

Commit

Permalink
Address Domenic's comments
Browse files Browse the repository at this point in the history
  • Loading branch information
antosart committed Apr 26, 2021
1 parent 969628d commit 8feded9
Showing 1 changed file with 39 additions and 38 deletions.
77 changes: 39 additions & 38 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -3860,7 +3860,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#grammardef-serialized-policy">Content Security Policy syntax</dfn></li>
<li><dfn data-x-href="https://w3c.github.io/webappsec-csp/#enforced">enforce the policy</dfn></li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#parse-serialized-policy">parse a serialized Content Security Policy</dfn> algorithm</li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#initialize-document-csp">Initialize a Document's CSP list</dfn> algorithm</li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#run-document-csp-initialization">Run CSP initialization for a Document</dfn> algorithm</li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#should-block-inline">Should element's inline behavior be blocked by Content Security Policy?</dfn> algorithm</li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#should-block-navigation-request">Should navigation request of type be blocked by Content Security Policy?</dfn> algorithm</li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#should-block-navigation-response">Should navigation response to navigation request of type in target be blocked by Content Security Policy?</dfn> algorithm</li>
Expand Down Expand Up @@ -82837,23 +82837,23 @@ interface <dfn>BarProp</dfn> {
<span>"<code>coep</code>" report type</span> for <var>endpoint</var> on <var>settings</var>.
</ol>

<h3 id="policy-container">Policy container</h3>
<h3 id="policy-containers">Policy containers</h3>

<p>A <dfn export>policy container</dfn> is a <span>struct</span> containing policies that apply to
a <code>Document</code>, a <code>WorkerGlobalScope</code>, or a <code>WorkletGlobalScope</code>.
It has the following <span data-x="struct item">items</span>:</p>

<!-- Note: each item has to define a default value for creating a new policy container. -->

<ul>
<li><p>A <dfn data-x="policy-container-csp-list">CSP list</dfn>, which is a <span
data-x="concept-csp-list">CSP list</span>. It is initially empty.</p></li>
</ul>

<p class="note">Each item has to define a default value for creating a new policy container.</p>

<p class="XXX">Move other policies into the policy container.</p>

<p>To <dfn data-x="clone a policy container">clone a policy container</dfn> from a given
<span>policy container</span> <var>policyContainer</var>:</p>
<p>To <dfn data-x="clone a policy container">clone a policy container</dfn> given a <span>policy
container</span> <var>policyContainer</var>:</p>

<ol>
<li><p>Let <var>clone</var> be a new <span>policy container</span>.</p></li>
Expand All @@ -82878,15 +82878,15 @@ interface <dfn>BarProp</dfn> {
must have been deleted, too. We might want to store the policy container alongside the blob URL
entry directly (https://github.com/w3c/FileAPI/issues/142), and then reconsider this. -->

<li><p>If <var>url</var> is "<code data-x="">about:srcdoc</code>", then return false.</p></li>
<li><p>If <var>url</var> is <code>about:srcdoc</code>, then return false.</p></li>

<li><p>If <var>url</var> <span data-x="is-local">is local</span>, then return true.</p></li>

<li><p>Return false.</p></li>
</ol>

<p>To <dfn data-x="creating a policy container from a fetch response">create a policy container
from a fetch response</dfn> from a given <span data-x="concept-response">response</span>
from a fetch response</dfn> given a <span data-x="concept-response">response</span>
<var>response</var>:</p>

<ol>
Expand All @@ -82907,8 +82907,8 @@ interface <dfn>BarProp</dfn> {
</ol>

<p>To <dfn data-x="determining navigation params policy container">determine navigation params
policy container</dfn> from a given <span>URL</span> <var>responseURL</var> and four optional
<span data-x="policy container">policy containers</span> <var>historyPolicyContainer</var>,
policy container</dfn> given a <span>URL</span> <var>responseURL</var> and four <span
data-x="policy container">policy container</span>-or-nulls <var>historyPolicyContainer</var>,
<var>initiatorPolicyContainer</var>, <var>parentPolicyContainer</var>, and
<var>responsePolicyContainer</var>:</p>

Expand Down Expand Up @@ -82953,7 +82953,8 @@ interface <dfn>BarProp</dfn> {
<ol>
<li>
<p>If <var>workerGlobalScope</var>'s <span data-x="concept-WorkerGlobalScope-url">url</span>
<span data-x="is-local">is local</span> but not "<code data-x="">blob</code>":</p>
<span data-x="is-local">is local</span> but its <span data-x="concept-url-scheme">scheme</span>
is not "<code data-x="">blob</code>":</p>

<ol>
<li><p>Assert: <var>workerGlobalScope</var>'s <span>owner set</span>'s <span
Expand Down Expand Up @@ -84739,8 +84740,8 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
<dt><dfn data-x="navigation-params-origin">origin</dfn></dt>
<dd>an <span>origin</span> to use for the new <code>Document</code></dd>

<dt><dfn data-x="navigation-params-policy-container">policy container</dfn></dt> <dd>a
<span>policy container</span> to use for the new <code>Document</code></dd>
<dt><dfn data-x="navigation-params-policy-container">policy container</dfn></dt>
<dd>a <span>policy container</span> to use for the new <code>Document</code></dd>

<dt><dfn data-x="navigation-params-sandboxing">final sandboxing flag set</dfn></dt>
<dd>a <span>sandboxing flag set</span> to impose on the new <code>Document</code></dd>
Expand Down Expand Up @@ -84809,10 +84810,10 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
<var>resource</var>, with an optional boolean <dfn id="exceptions-enabled"
export><var>exceptionsEnabled</var></dfn> (default false), an optional <span>history handling
behavior</span> <dfn data-x="navigation-hh"><var>historyHandling</var></dfn> (default "<code
data-x="hh-default">default</code>"), an optional <span>policy container</span>
<var>historyPolicyContainer</var>, and an optional string <dfn
data-x="navigation-navigationtype"><var>navigationType</var></dfn> (default "<code
data-x="">other</code>"):</p>
data-x="hh-default">default</code>"), an optional <span>policy container</span>-or-null <dfn
data-x="navigation-historypolicycontainer">historyPolicyContainer</dfn> (default null) and an
optional string <dfn data-x="navigation-navigationtype"><var>navigationType</var></dfn> (default
"<code data-x="">other</code>"):</p>

<ol>
<li><p>If <var>resource</var> is a <span>URL</span>, then set <var>resource</var> to a new <span
Expand Down Expand Up @@ -84901,7 +84902,7 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
<li><p>Let <var>initiatorPolicyContainer</var> be a <span data-x="clone a policy
container">clone</span> of the <span>source browsing context</span>'s <span>active
document</span>'s <span data-x="concept-document-policy-container">policy
container</span> if there is a <span>source browsing context</span>, or null otherwise.</p></li>
container</span>.</p></li>

<li><p>Cancel any preexisting but not yet <span data-x="concept-navigate-mature">mature</span>
attempt to navigate <var>browsingContext</var>, including canceling any instances of the <span
Expand Down Expand Up @@ -84994,9 +84995,10 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
<li><p>Let <var>policyContainer</var> be the result of <span data-x="determining navigation
params policy container">determining navigation params policy container</span> given
<var>resource</var>'s <span data-x="concept-response-url">url</span>,
<var>historyPolicyContainer</var>, <var>initiatorPolicyContainer</var>, <span>parent browsing
context</span>'s <span>active document</span>'s <span
data-x="concept-document-policy-container">policy container</span>, and null.</p></li>
<var>historyPolicyContainer</var>, <var>initiatorPolicyContainer</var>,
<var>browsingContext</var>'s <span>parent browsing context</span>'s <span>active
document</span>'s <span data-x="concept-document-policy-container">policy container</span>,
and null.</p></li>

<li><p>Let <var>navigationParams</var> be a new <span>navigation params</span> whose <span
data-x="navigation-params-request">request</span> is null, <span
Expand Down Expand Up @@ -85057,11 +85059,10 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
data-x="navigation-params-response">response</span> is <var>response</var>, <span
data-x="navigation-params-origin">origin</span> is <var>activeDocumentNavigationOrigin</var>,
<span data-x="navigation-params-policy-container">policy container</span> is
<var>browsingContext</var>'s <span>active document</span>'s current <span>policy
container</span>, <span data-x="navigation-params-sandboxing">final sandboxing flag
set</span> is <var>finalSandboxFlags</var>, <span
data-x="navigation-params-coop">cross-origin opener policy</span> is
<var>browsingContext</var>'s <span>active document</span>'s <span
<var>browsingContext</var>'s <span>active document</span>'s <span>policy container</span>,
<span data-x="navigation-params-sandboxing">final sandboxing flag set</span> is
<var>finalSandboxFlags</var>, <span data-x="navigation-params-coop">cross-origin opener
policy</span> is <var>browsingContext</var>'s <span>active document</span>'s <span
data-x="concept-document-coop">cross-origin opener policy</span>, <span
data-x="navigation-params-coop-enforcement-result">COOP enforcement result</span> is
<var>coopEnforcementResult</var>, <span
Expand Down Expand Up @@ -85283,9 +85284,6 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
data-x="concept-request-url">url</span>, <var>finalSandboxFlags</var>,
<var>incumbentNavigationOrigin</var>, and <var>activeDocumentNavigationOrigin</var>.</p></li>

<li><p>Set <var>responsePolicyContainer</var> to be the result of <span>creating a policy
container from a fetch response</span> <var>response</var>.</p></li>

<li>
<p>If <var>browsingContext</var> is a <span>top-level browsing context</span>, then:</p>

Expand Down Expand Up @@ -85380,6 +85378,9 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
</ol>
</li>

<li><p>Let <var>responsePolicyContainer</var> to be the result of <span>creating a policy
container from a fetch response</span> <var>response</var>.</p></li>

<li><p>Let <var>resultPolicyContainer</var> be the result of <span>determining navigation params
policy container</span> given <var>response</var>'s <span
data-x="concept-response-url">URL</span>, <var>historyPolicyContainer</var>,
Expand Down Expand Up @@ -85860,7 +85861,7 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
environment</span>. Otherwise, set it to "<code
data-x="coep-unsafe-none">unsafe-none</code>".</p></li>

<li><p><span>Initialize a <code data-x="">Document</code>'s CSP list</span> given
<li><p><span>Run CSP initialization for a <code data-x="">Document</code></span> given
<var>document</var>. <ref spec="CSP"></p>

<li>
Expand Down Expand Up @@ -86630,11 +86631,11 @@ new PaymentRequest(&hellip;); // Allowed to use
<li>
<p><span>Navigate</span><!--DONAV history traversal after eviction--> the <span>browsing
context</span> to <var>request</var> with <var data-x="navigation-hh">historyHandling</var>
set to "<code data-x="hh-entry-update">entry update</code>" and with
<var>historyPolicyContainer</var> set to <var>entry</var>'s <span
data-x="she-policy-container">policy container</span>. The navigation must be done using the
same <span>source browsing context</span> as was used the first time <var>entry</var> was
created.</p>
set to "<code data-x="hh-entry-update">entry update</code>" and with <var
data-x="navigation-historypolicycontainer">historyPolicyContainer</var> set to
<var>entry</var>'s <span data-x="she-policy-container">policy container</span>. The navigation
must be done using the same <span>source browsing context</span> as was used the first time
<var>entry</var> was created.</p>

<p class="note">The "<span>navigate</span>" algorithm reinvokes this "traverse" algorithm to
complete the traversal, at which point <var>entry</var>'s <span
Expand Down Expand Up @@ -87386,9 +87387,9 @@ interface <dfn>BeforeUnloadEvent</dfn> : <span>Event</span> {
true.</p></li>

<li>
<p><span data-x="list iterate">For each</span> <var>policy</var> of <var>navigationParams</var>'
<span data-x="navigation-params-policy-container">policy container</span>'s <span
data-x="policy-container-csp-list">CSP list</span>:</p>
<p><span data-x="list iterate">For each</span> <var>policy</var> of
<var>navigationParams</var>'s <span data-x="navigation-params-policy-container">policy
container</span>'s <span data-x="policy-container-csp-list">CSP list</span>:</p>

<ol>
<li><p>If <var>policy</var>'s <span data-x="csp-disposition">disposition</span> is not "<code
Expand Down

0 comments on commit 8feded9

Please sign in to comment.