Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean up CSP list initialization. #210

Closed
wants to merge 1 commit into from
Closed

Clean up CSP list initialization. #210

wants to merge 1 commit into from

Conversation

mikewest
Copy link
Member

@mikewest mikewest commented Apr 27, 2017
edited by pr-preview bot

As discussed in #209, we haven't done a good job keeping these algorithms
up to date. This patch cleans them up, and a subsequent patch will adjust
HTML accordingly.

Preview | Diff

@mikewest
Clean up CSP list initialization.
218124c 
As discussed in #209, we haven't done a good job keeping these algorithms
up to date. This patch cleans them up, and a subsequent patch will adjust
HTML accordingly.
@mikewest
Copy link
Member Author

@bzbarsky, @annevk: WDYT?

mikewest added a commit to whatwg/html that referenced this pull request Apr 27, 2017
@mikewest
Delegate srcdoc's CSP list initialization to CSP.
80f6608 
Following up on w3c/webappsec-csp#210, this patch simplifies
the integration point between HTML and CSP, delegating the functionality entirely to
the latter.
@mikewest mikewest mentioned this pull request Apr 27, 2017
Closed
annevk
annevk reviewed Apr 27, 2017
View reviewed changes
index.src.html
2. If |document| has an <a>embedding document</a> (|embedding|), then add
|embedding| to |documents|.
2. If |document| has an [=embedding document=] (|embedding|), then add |embedding| to
|ancestors|.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/add/append/

index.src.html
2. Add each of |global|'s
<a lt="the worker's documents">document</a>s to |documents|.
2. If |owner| is a {{Window}}, set |policies| to |owner|'s [=associated Document=]'s
[=Document/CSP list=].
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An environment settings object cannot be a Window object.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, where is this invoked from? Can't you use the WorkerGlobalScope's owner set?

@bzbarsky
Copy link

Going to defer to Anne on this one, especially given #211 (which makes it hard to tell what we really want to be doing here) and lack of diff-applied view that would make reviewing this not take up more time than I can spare right now. :(

@ghost ghost mentioned this pull request Oct 20, 2017
Closed
@andypaicu
Copy link
Collaborator

Closing in favor of #358

@andypaicu andypaicu closed this Nov 7, 2018
@sideshowbarker sideshowbarker deleted the fix-209 branch February 18, 2021 03:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@annevk annevk annevk left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mikewest @bzbarsky @andypaicu @annevk