Reintroduce the dependency on a parent's security. #55
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The patch in 98f2c26 inadvertantly removed the check which ensured that nested browsing contexts would be treated as non-secure in cases where an ancestor was non-secure. This patch reintroduces that check by requiring 'contextual security' for any parent browsing context's active document. Closes #54. Thanks to @bzbarsky for noticing the removal.
|
WDYT, @bzbarsky/@annevk? |
|
LGTM! |
|
This looks good. I did find #56 while looking at the overall algorithm again though. (Might not be a problem per se in implementations. Not sure if anyone supports nested workers yet.) |
|
Also found #57. |
|
Gecko supports nested workers. I'll follow up in #56 on what we implement. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The patch in 98f2c26 inadvertantly removed the check which ensured that nested
browsing contexts would be treated as non-secure in cases where an ancestor was
non-secure. This patch reintroduces that check by requiring 'contextual security'
for any parent browsing context's active document.
Closes #54. Thanks to @bzbarsky for noticing the removal.
Preview | Diff