more

w3c · Nov 7, 2017 · d7ebe44 · d7ebe44
1 parent 70998db
commit d7ebe44
Show file tree

Hide file tree

Showing 2 changed files with 65 additions and 18 deletions.
diff --git a/index.html b/index.html
@@ -1178,7 +1178,7 @@
 </style>
   <meta content="Bikeshed version 67155cabad72a8ab669a7d4421c90e2999a29b68" name="generator">
   <link href="https://www.w3.org/TR/COWL/" rel="canonical">
-  <meta content="0cfaf079a7f5b907fa76bcf2f73daa6bc9fc120a" name="document-revision">
+  <meta content="70998db4c03f40588a47d81de58c5cc94c9192b9" name="document-revision">
 <style>/* style-md-lists */
 
 /* This is a weird hack for me not yet following the commonmark spec
@@ -2665,6 +2665,7 @@ <h4 class="heading settled" data-level="3.4.2" id="labeledobject-attributes"><sp
       <dd> On getting, the user agent MUST return the <a class="idl-code" data-link-type="interface" href="#labeledobject" id="ref-for-labeledobject①②">LabeledObject</a>’s integrity label. 
       <dt><dfn class="dfn-paneled idl-code" data-dfn-for="LabeledObject" data-dfn-type="attribute" data-export="" id="dom-labeledobject-protectedobject" title="LabeledObject/protectedObject"><code>protectedObject</code></dfn>, <span> of type <a data-link-type="idl-name" href="https://heycam.github.io/webidl/#idl-object" id="ref-for-idl-object②">object</a>, readonly</span>
       <dd>
+       <p class="issue" id="issue-360bc3b9"><a class="self-link" href="#issue-360bc3b9"></a> should protectedObject be a promise? Otherwise we may be a bit too strict.</p>
        <p>On getting, the user agent MUST use an algorithm equivalent to
         the following:</p>
        <ol>
@@ -3257,7 +3258,7 @@ <h4 class="heading settled" data-level="3.7.3" id="modifications-to-html5"><span
       <li data-md="">
        <p>To allow authors to create <a data-link-type="dfn" href="#confined-context" id="ref-for-confined-context⑤">confined contexts</a> this this
   specification extends the <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmliframeelement" id="ref-for-htmliframeelement">HTMLIFrameElement</a> interface with a new <code><a class="idl-code" data-link-type="attribute" href="#dom-htmliframeelement-cowl" id="ref-for-dom-htmliframeelement-cowl">cowl</a></code> attribute:</p>
-<pre class="idl highlight def"><span class="kt">partial</span> <span class="kt">interface</span> <a class="nv idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmliframeelement" id="ref-for-htmliframeelement①">HTMLIFrameElement</a> : <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement" id="ref-for-htmlelement">HTMLElement</a> {
+<pre class="idl highlight def"><span class="kt">partial</span> <span class="kt">interface</span> <a class="nv idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmliframeelement" id="ref-for-htmliframeelement①">HTMLIFrameElement</a> {
   <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean②"><span class="kt">boolean</span></a> <dfn class="nv dfn-paneled idl-code" data-dfn-for="HTMLIFrameElement" data-dfn-type="attribute" data-export="" data-type="boolean" id="dom-htmliframeelement-cowl"><code>cowl</code></dfn>;
 };
 </pre>
@@ -3296,15 +3297,15 @@ <h4 class="heading settled" data-level="3.7.3" id="modifications-to-html5"><span
         <li data-md="">
          <p>The <a data-link-type="dfn" href="https://www.w3.org/TR/html5/browsers.html#sandboxed-top-level-navigation-browsing-context-flag" id="ref-for-sandboxed-top-level-navigation-browsing-context-flag">sandboxed top-level navigation browsing context flag</a>.</p>
        </ul>
-       <p>In addition to these flags, the <a data-link-type="dfn">container policy</a> of the <a data-link-type="dfn">cowl iframe</a> that contains the <a data-link-type="dfn" href="#confined-context" id="ref-for-confined-context⑥">confined context</a> MUST
-  disable the following features:</p>
+       <p>In addition to these flags, the user agent MUST set a <a data-link-type="dfn" href="https://wicg.github.io/feature-policy/#container-policies" id="ref-for-container-policies">container policy</a> of the <a data-link-type="dfn">cowl iframe</a> that contains
+  the <a data-link-type="dfn" href="#confined-context" id="ref-for-confined-context⑥">confined context</a> that disables the following features:</p>
        <ul>
         <li data-md="">
-         <p>Content: <a data-link-type="dfn" href="https://www.w3.org/TR/workers/#infrastructure" id="ref-for-infrastructure">Web Workers</a>, <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#shared-workers" id="ref-for-shared-workers">Shared Workers</a>, <a data-link-type="dfn" href="https://w3c.github.io/ServiceWorker/#dfn-service-worker" id="ref-for-dfn-service-worker">Service Workers</a></p>
+         <p>Workers: <a data-link-type="dfn" href="https://www.w3.org/TR/workers/#infrastructure" id="ref-for-infrastructure">Web Workers</a>, <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#shared-workers" id="ref-for-shared-workers">Shared Workers</a>, <a data-link-type="dfn" href="https://w3c.github.io/ServiceWorker/#dfn-service-worker" id="ref-for-dfn-service-worker">Service Workers</a></p>
         <li data-md="">
-         <p>Networking: <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/web-sockets.html#network" id="ref-for-network">Web Sockets</a>, <a data-link-type="dfn">Server-Sent APIs</a>, <a data-link-type="dfn">WebRTC</a></p>
+         <p>Communication: <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/web-sockets.html#network" id="ref-for-network">Web Sockets</a>, <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/comms.html#server-sent-events" id="ref-for-server-sent-events">Server-sent events</a>, <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/web-messaging.html#channel-messaging" id="ref-for-channel-messaging">channel messaging</a>, <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/web-messaging.html#broadcasting-to-other-browsing-contexts" id="ref-for-broadcasting-to-other-browsing-contexts">broadcast channels</a> and <a data-link-type="dfn">Web RTC</a></p>
         <li data-md="">
-         <p>Storage: <a data-link-type="dfn">document.cookie</a>, <a data-link-type="dfn">localStorage</a>, <a data-link-type="dfn">indexDB</a></p>
+         <p>Storage: <a data-link-type="dfn">document.cookie</a>, <a class="idl-code" data-link-type="attribute" href="https://www.w3.org/TR/webstorage/#the-localstorage-attribute" id="ref-for-the-localstorage-attribute">localStorage</a>, <a data-link-type="dfn" href="https://www.w3.org/TR/IndexedDB-2/#indexeddb" id="ref-for-indexeddb">IndexedDB</a></p>
        </ul>
      </ol>
     </section>
@@ -4105,6 +4106,11 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
     <ul>
      <li><a href="https://encoding.spec.whatwg.org/#utf-8-decode">utf-8 decode</a>
     </ul>
+   <li>
+    <a data-link-type="biblio">[FEATURE-POLICY]</a> defines the following terms:
+    <ul>
+     <li><a href="https://wicg.github.io/feature-policy/#container-policies">container policy</a>
+    </ul>
    <li>
     <a data-link-type="biblio">[FETCH]</a> defines the following terms:
     <ul>
@@ -4123,11 +4129,15 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
    <li>
     <a data-link-type="biblio">[HTML]</a> defines the following terms:
     <ul>
-     <li><a href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement">HTMLElement</a>
      <li><a href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmliframeelement">HTMLIFrameElement</a>
      <li><a href="https://html.spec.whatwg.org/multipage/workers.html#shared-workers">shared worker</a>
      <li><a href="https://html.spec.whatwg.org/multipage/web-sockets.html#network">web sockets</a>
     </ul>
+   <li>
+    <a data-link-type="biblio">[html-comms]</a> defines the following terms:
+    <ul>
+     <li><a href="https://html.spec.whatwg.org/multipage/comms.html#server-sent-events">server-sent events</a>
+    </ul>
    <li>
     <a data-link-type="biblio">[HTML5]</a> defines the following terms:
     <ul>
@@ -4159,6 +4169,11 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><a href="https://www.w3.org/TR/html5/infrastructure.html#structured-clone">structurally cloned</a>
      <li><a href="https://www.w3.org/TR/html5/infrastructure.html#structured-clone">structured clone</a>
     </ul>
+   <li>
+    <a data-link-type="biblio">[IndexedDB]</a> defines the following terms:
+    <ul>
+     <li><a href="https://www.w3.org/TR/IndexedDB-2/#indexeddb">indexeddb</a>
+    </ul>
    <li>
     <a data-link-type="biblio">[JSON]</a> defines the following terms:
     <ul>
@@ -4222,6 +4237,17 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><a href="https://www.w3.org/TR/webmessaging/#dom-window-postmessage">postMessage()</a>
      <li><a href="https://www.w3.org/TR/webmessaging/#posting-messages">posting messages</a>
     </ul>
+   <li>
+    <a data-link-type="biblio">[WEBSTORAGE]</a> defines the following terms:
+    <ul>
+     <li><a href="https://www.w3.org/TR/webstorage/#the-localstorage-attribute">localStorage</a>
+    </ul>
+   <li>
+    <a data-link-type="biblio">[whatwg-messaging]</a> defines the following terms:
+    <ul>
+     <li><a href="https://html.spec.whatwg.org/multipage/web-messaging.html#broadcasting-to-other-browsing-contexts">broadcast channels</a>
+     <li><a href="https://html.spec.whatwg.org/multipage/web-messaging.html#channel-messaging">channel messaging</a>
+    </ul>
    <li>
     <a data-link-type="biblio">[workers]</a> defines the following terms:
     <ul>
@@ -4256,12 +4282,16 @@ <h3 class="no-num no-ref heading settled" id="normative"><span class="content">N
    <dd><a href="https://tc39.github.io/ecma262/">ECMAScript Language Specification</a>. URL: <a href="https://tc39.github.io/ecma262/">https://tc39.github.io/ecma262/</a>
    <dt id="biblio-encoding">[ENCODING]
    <dd>Anne van Kesteren. <a href="https://encoding.spec.whatwg.org/">Encoding Standard</a>. Living Standard. URL: <a href="https://encoding.spec.whatwg.org/">https://encoding.spec.whatwg.org/</a>
+   <dt id="biblio-feature-policy">[FEATURE-POLICY]
+   <dd><a href="https://wicg.github.io/feature-policy/">Feature Policy</a>. Living Standard. URL: <a href="https://wicg.github.io/feature-policy/">https://wicg.github.io/feature-policy/</a>
    <dt id="biblio-fetch">[FETCH]
    <dd>Anne van Kesteren. <a href="https://fetch.spec.whatwg.org/">Fetch Standard</a>. Living Standard. URL: <a href="https://fetch.spec.whatwg.org/">https://fetch.spec.whatwg.org/</a>
    <dt id="biblio-html">[HTML]
    <dd>Anne van Kesteren; et al. <a href="https://html.spec.whatwg.org/multipage/">HTML Standard</a>. Living Standard. URL: <a href="https://html.spec.whatwg.org/multipage/">https://html.spec.whatwg.org/multipage/</a>
    <dt id="biblio-html5">[HTML5]
    <dd>Ian Hickson; et al. <a href="https://www.w3.org/TR/html5/">HTML5</a>. 28 October 2014. REC. URL: <a href="https://www.w3.org/TR/html5/">https://www.w3.org/TR/html5/</a>
+   <dt id="biblio-indexeddb">[IndexedDB]
+   <dd>Nikunj Mehta; et al. <a href="https://www.w3.org/TR/IndexedDB/">Indexed Database API</a>. 8 January 2015. REC. URL: <a href="https://www.w3.org/TR/IndexedDB/">https://www.w3.org/TR/IndexedDB/</a>
    <dt id="biblio-json">[JSON]
    <dd>T. Bray, Ed.. <a href="https://tools.ietf.org/html/rfc7159">The JavaScript Object Notation (JSON) Data Interchange Format</a>. March 2014. Proposed Standard. URL: <a href="https://tools.ietf.org/html/rfc7159">https://tools.ietf.org/html/rfc7159</a>
    <dt id="biblio-referrer-policy">[REFERRER-POLICY]
@@ -4288,6 +4318,8 @@ <h3 class="no-num no-ref heading settled" id="normative"><span class="content">N
    <dd>Cameron McCormack; Boris Zbarsky. <a href="https://heycam.github.io/webidl/">Web IDL (Second Edition)</a>. ED. URL: <a href="https://heycam.github.io/webidl/">https://heycam.github.io/webidl/</a>
    <dt id="biblio-webmessaging">[WEBMESSAGING]
    <dd>Ian Hickson. <a href="https://www.w3.org/TR/webmessaging/">HTML5 Web Messaging</a>. 19 May 2015. REC. URL: <a href="https://www.w3.org/TR/webmessaging/">https://www.w3.org/TR/webmessaging/</a>
+   <dt id="biblio-webstorage">[WEBSTORAGE]
+   <dd>Ian Hickson. <a href="https://www.w3.org/TR/webstorage/">Web Storage (Second Edition)</a>. 19 April 2016. REC. URL: <a href="https://www.w3.org/TR/webstorage/">https://www.w3.org/TR/webstorage/</a>
    <dt id="biblio-workers">[WORKERS]
    <dd>Ian Hickson. <a href="https://www.w3.org/TR/workers/">Web Workers</a>. 24 September 2015. WD. URL: <a href="https://www.w3.org/TR/workers/">https://www.w3.org/TR/workers/</a>
    <dt id="biblio-xhr">[XHR]
@@ -4301,8 +4333,6 @@ <h3 class="no-num no-ref heading settled" id="informative"><span class="content"
    <dd>Deian Stefan; et al. <a href="http://www.scs.stanford.edu/~deian/pubs/stefan:2011:dclabels.pdf">Disjunction Category Labels</a>. URL: <a href="http://www.scs.stanford.edu/~deian/pubs/stefan:2011:dclabels.pdf">http://www.scs.stanford.edu/~deian/pubs/stefan:2011:dclabels.pdf</a>
    <dt id="biblio-dom-parsing">[DOM-Parsing]
    <dd>Travis Leithead. <a href="https://www.w3.org/TR/DOM-Parsing/">DOM Parsing and Serialization</a>. 17 May 2016. WD. URL: <a href="https://www.w3.org/TR/DOM-Parsing/">https://www.w3.org/TR/DOM-Parsing/</a>
-   <dt id="biblio-webstorage">[WEBSTORAGE]
-   <dd>Ian Hickson. <a href="https://www.w3.org/TR/webstorage/">Web Storage (Second Edition)</a>. 19 April 2016. REC. URL: <a href="https://www.w3.org/TR/webstorage/">https://www.w3.org/TR/webstorage/</a>
   </dl>
   <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">IDL Index</span><a class="self-link" href="#idl-index"></a></h2>
 <pre class="idl highlight def">[<a class="nv idl-code" data-link-type="constructor" href="#dom-label-label" id="ref-for-dom-label-label①②">Constructor</a>, <a class="nv idl-code" data-link-type="constructor" href="#dom-label-label-principal" id="ref-for-dom-label-label-principal①">Constructor</a>(<a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString③"><span class="kt">DOMString</span></a> <a class="nv" href="#dom-label-label-principal-principal"><code>principal</code></a>), <a class="nv idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed③">Exposed</a>=(<span class="n">Window</span>, <span class="n">Worker</span>)]
@@ -4356,13 +4386,14 @@ <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">I
   <a class="s" href="#dom-xmlhttprequestresponsetype-labeled-json"><code>"labeled-json"</code></a>
 };
 
-<span class="kt">partial</span> <span class="kt">interface</span> <a class="nv idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmliframeelement" id="ref-for-htmliframeelement①①">HTMLIFrameElement</a> : <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement" id="ref-for-htmlelement①">HTMLElement</a> {
+<span class="kt">partial</span> <span class="kt">interface</span> <a class="nv idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmliframeelement" id="ref-for-htmliframeelement①①">HTMLIFrameElement</a> {
   <span class="kt">attribute</span> <a class="n idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean②①"><span class="kt">boolean</span></a> <a class="nv" data-type="boolean" href="#dom-htmliframeelement-cowl"><code>cowl</code></a>;
 };
 
 </pre>
   <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content">Issues Index</span><a class="self-link" href="#issues-index"></a></h2>
   <div style="counter-reset:issue">
+   <div class="issue"> should protectedObject be a promise? Otherwise we may be a bit too strict.<a href="#issue-360bc3b9"> ↵ </a></div>
    <div class="issue"> should we disable XHR and just force developers to use fetch?<a href="#issue-c73fd143"> ↵ </a></div>
    <div class="issue"> what’s the best way to deal with authors modifying the cowl attribute?<a href="#issue-7a249e2a"> ↵ </a></div>
    <div class="issue"> is there a better way for us to just disallow direct DOM

diff --git a/index.src.html b/index.src.html
@@ -28,6 +28,9 @@ <h1>Confinement with Origin Web Labels</h1>
   type: dfn
     text: CORS
     text: Access-Control-Allow-Origin; url: access-control-allow-origin-response-header
+spec: IndexedDB; urlPrefix: https://www.w3.org/TR/IndexedDB-2/
+  type: dfn
+    text: IndexedDB
 spec: WEBMESSAGING; urlPrefix: https://www.w3.org/TR/webmessaging/
   type: method
     text: postMessage(); url: dom-window-postmessage
@@ -89,6 +92,9 @@ <h1>Confinement with Origin Web Labels</h1>
       text: Window; url: window
     urlPrefix: dom.html
       text: Document; url: the-document-object
+spec: feature-policy; urlPrefix: https://wicg.github.io/feature-policy/
+  type: dfn
+    text: container policy; url: container-policies
 spec: RFC6454; urlPrefix: https://tools.ietf.org/html/rfc6454
   type: dfn
     text: origin; url: section-3.2
@@ -112,6 +118,13 @@ <h1>Confinement with Origin Web Labels</h1>
     text: JSON object; url: section-2.2
     text: JSON array; url: section-2.3
     text: JSON stringification; url: section-2
+spec: html-comms; urlPrefix: https://html.spec.whatwg.org/multipage/comms.html
+  type: dfn
+    text: Server-sent events; url: server-sent-events
+spec: whatwg-messaging; urlPrefix: https://html.spec.whatwg.org/multipage/web-messaging.html
+  type: dfn
+    text: channel messaging; url: channel-messaging
+    text: broadcast channels; url: broadcasting-to-other-browsing-contexts
 spec: XHR; urlPrefix: https://xhr.spec.whatwg.org/
   type: dfn
     text: XMLHttpRequest
@@ -1601,6 +1614,8 @@ <h4 id="labeledobject-attributes">Attributes</h4>
       </dd>
       <dt><dfn attribute title="LabeledObject/protectedObject">protectedObject</dfn></dt>
       <dd>
+
+        ISSUE: should protectedObject be a promise? Otherwise we may be a bit too strict.
 
         On getting, the user agent MUST use an algorithm equivalent to
         the following:
@@ -2376,7 +2391,7 @@ <h4 id="modifications-to-html5">Modifications to HTML5</h4>
               interface with a new <code><a attribute>cowl</a></code> attribute:
 
               <pre class="idl">
-                partial interface HTMLIFrameElement : HTMLElement {
+                partial interface HTMLIFrameElement {
                   attribute boolean cowl;
                 };
               </pre>
@@ -2425,15 +2440,16 @@ <h4 id="modifications-to-html5">Modifications to HTML5</h4>
 
               * The <a>sandboxed top-level navigation browsing context flag</a>.
 
-              In addition to these flags, the <a>container policy</a> of the
-              <a>cowl iframe</a> that contains the <a>confined context</a> MUST
-              disable the following features:
+              In addition to these flags, the user agent MUST set a
+              <a>container policy</a> of the <a>cowl iframe</a> that contains
+              the <a>confined context</a> that disables the following features:
 
-              * Content: <a>Web Workers</a>, <a>Shared Workers</a>, <a>Service Workers</a>
+              * Workers: <a>Web Workers</a>, <a>Shared Workers</a>, <a>Service Workers</a>
 
-              * Networking: <a>Web Sockets</a>, <a>Server-Sent APIs</a>, <a>WebRTC</a>
+              * Communication: <a>Web Sockets</a>, <a>Server-sent events</a>,
+                <a>channel messaging</a>, <a>broadcast channels</a> and <a>Web RTC</a>
 
-              * Storage: <a>document.cookie</a>, <a>localStorage</a>, <a>indexDB</a>
+              * Storage: <a>document.cookie</a>, <a attribute>localStorage</a>, <a>IndexedDB</a>
 
 
     </section>