New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up CSP list initialization. #210
Conversation
As discussed in #209, we haven't done a good job keeping these algorithms up to date. This patch cleans them up, and a subsequent patch will adjust HTML accordingly.
Following up on w3c/webappsec-csp#210, this patch simplifies the integration point between HTML and CSP, delegating the functionality entirely to the latter.
2. If |document| has an <a>embedding document</a> (|embedding|), then add | ||
|embedding| to |documents|. | ||
2. If |document| has an [=embedding document=] (|embedding|), then add |embedding| to | ||
|ancestors|. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/add/append/
2. Add each of |global|'s | ||
<a lt="the worker's documents">document</a>s to |documents|. | ||
2. If |owner| is a {{Window}}, set |policies| to |owner|'s [=associated Document=]'s | ||
[=Document/CSP list=]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An environment settings object cannot be a Window object.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, where is this invoked from? Can't you use the WorkerGlobalScope's owner set?
Going to defer to Anne on this one, especially given #211 (which makes it hard to tell what we really want to be doing here) and lack of diff-applied view that would make reviewing this not take up more time than I can spare right now. :( |
Closing in favor of #358 |
As discussed in #209, we haven't done a good job keeping these algorithms
up to date. This patch cleans them up, and a subsequent patch will adjust
HTML accordingly.
Preview | Diff