From 7d4c90d804488a855d3a69e6190e15d90a6e8855 Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Mon, 19 Aug 2024 16:13:49 -0400 Subject: [PATCH 01/10] Fix default constructor not instantiating fenced frame config --- spec.bs | 89 ++++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 73 insertions(+), 16 deletions(-) diff --git a/spec.bs b/spec.bs index 4a89afc..2b26db8 100644 --- a/spec.bs +++ b/spec.bs @@ -465,19 +465,18 @@ The config IDL attribute getter Note: This holds because when the element has been removed from the DOM, its removal steps immediately destroy the [=fenced navigable container/fenced navigable=]. - 1. Let |navigation url or urn| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/url=] if - the given {{FencedFrameConfig}}'s [=fencedframeconfig/url=] is not null, and the given - {{FencedFrameConfig}}'s [=fencedframeconfig/urn=] otherwise. + 1. Let |navigationUrn| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/urn=]. - 1. If |navigation url or urn| is failure, then return. + 1. If |navigationUrn| is not a valid [=urn uuid=] (i.e., won't pass the ABNF in Section 3 of + [=urn uuid=]), then return. 1. Let |shared storage context| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/ sharedStorageContext=]. - 1. [=Navigate=] |element|'s [=fenced navigable container/fenced navigable=] to - |navigation url or urn| using |element|'s [=Node/node document=], with [=historyHandling=] set - to "`replace`", [=referrerPolicy=] set to - "`no-referrer`", and |shared storage context|. + 1. [=Navigate=] |element|'s [=fenced navigable container/fenced navigable=] to |navigationUrn| + using |element|'s [=Node/node document=], with [=historyHandling=] set to "`replace`", [=referrerPolicy=] set to "`no-referrer`", and + |shared storage context|. Note: See [[#navigation-changes]] for the <{fencedframe}>-specific changes to the ordinary navigation flow. @@ -578,6 +577,25 @@ follows: 1. Return |urn|. +
+ To store a finalized config in a [=fenced + frame config mapping=] |mapping| given a [=fenced frame config=] |config|, run these steps: + + 1. Let |finalizedMapping| be |mapping|'s [=fenced frame config mapping/pending config mapping=]. + + 1. If the [=map/size=] of |finalizedMapping| + the [=map/size=] of |mapping|'s [=fenced frame + config mapping/pending config mapping=] ≥ |mapping|'s [=fenced frame config mapping/maximum + number of configs=], return failure. + + 1. Let |urn| be a randomly generated [=urn uuid=]. + + 1. [=Assert=]: |urn| does not [=map/exist=] in |finalizedMapping|. + + 1. [=map/Set=] |finalizedMapping|[|urn|] to |config|. + + 1. Return |urn|. +
+
To finalize a pending config in a [=fenced frame config mapping=] |mapping| given a [=urn uuid=] |urn| and [=fenced frame config=] @@ -718,6 +736,17 @@ following [=struct/items=]: An exhaustive set of sandbox flags is a [=sandboxing flag set=]. +The default fenced frame effective sandboxing flags are a +[=sandboxing flag set=] with the following flags: + +* The [=sandboxed downloads browsing context flag=] +* The [=sandboxed modals flag=] +* The [=sandboxed navigation browsing context flag=] +* The [=sandboxed orientation lock browsing context flag=] +* The [=sandboxed pointer lock browsing context flag=] +* The [=sandboxed presentation browsing context flag=] +* The [=sandboxed top-level navigation without user activation browsing context flag=] + A pending event is a [=struct=] with the following [=struct/items=]: @@ -1336,7 +1365,6 @@ maps to an internal [=fenced frame config=] [=struct=]. Each {{FencedFrameConfig}} has: - * A url, a [=URL=], failure, or null, initially null * A urn, a [=urn uuid=] * A sharedStorageContext, a [=string=] * A containerWidth, a {{FencedFrameConfigSize}} or null @@ -1344,15 +1372,48 @@ Each {{FencedFrameConfig}} has: * A contentWidth, a {{FencedFrameConfigSize}} or null * A contentHeight, a {{FencedFrameConfigSize}} or null -Note: A config's [=fencedframeconfig/url=] is only null if a [=fencedframeconfig/urn=] is supplied. -
The FencedFrameConfig(|url|) constructor method steps are: 1. Let |config| be a [=new=] {{FencedFrameConfig}} object. - 1. Set |config|'s [=fencedframeconfig/url=] to the result of running the [=URL parser=] on |url|. + 1. Let |parsedUrl| be the result of running the [=URL parser=] on |url|. + + 1. If |parsedUrl| is not failure: + + 1. Let |global| be [=this=]'s [=relevant global object=]. + + 1. Let |mapping| be |global|'s [=Window/navigable=]'s + [=navigable/traversable navigable=]'s [=traversable navigable/fenced frame config mapping=]. + + 1. Let |configStruct| be a new [=fenced frame config=] with the following [=struct/items=]: + + : [=fenced frame config/mapped url=] + :: a [=struct=] with the following [=struct/items=]: + + : [=mapped url/value=] + :: |parsedUrl| + + : [=mapped url/visibility=] + :: [=visibility/transparent=] + + : [=fenced frame config/effective sandbox flags=] + :: a [=struct=] with the following [=struct/items=]: + + : [=effective sandbox flags/value=] + :: The [=fencedframetype/default fenced frame effective sandboxing flags=]. + + : [=effective sandbox flags/visibility=] + :: [=visibility/opaque=] + + : [=fenced frame config/effective enabled permissions=] + :: null + + 1. Let |urn| be the result of running [=fenced frame config mapping/store a finalized config=] + given |mapping| and |configStruct|. + + 1. Set |config|'s [=fencedframeconfig/urn=] to |urn|. 1. Return |config|.
@@ -1388,8 +1449,6 @@ Note: A config's [=fencedframeconfig/url=] is only null if a [=fencedframeconfig 1. If |forStorage| is true, then throw a {{DataCloneError}} {{DOMException}}. - 1. Set |serialized|.\[[Url]] to |value|'s [=fencedframeconfig/url=]. - 1. Set |serialized|.\[[Urn]] to |value|'s [=fencedframeconfig/urn=]. 1. Set |serialized|.\[[SharedStorageContext]] to |value|'s [=fencedframeconfig/ @@ -1413,8 +1472,6 @@ Note: A config's [=fencedframeconfig/url=] is only null if a [=fencedframeconfig
Their [=deserialization steps=], given |serialized|, |value|, and targetRealm are: - - 1. Initialize |value|'s [=fencedframeconfig/url=] to |serialized|.\[[Url]]. 1. Initialize |value|'s [=fencedframeconfig/urn=] to |serialized|.\[[Urn]]. From bb4343d4b52fbb945345d2d96970dcaf806ce08a Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Tue, 27 Aug 2024 14:41:36 -0400 Subject: [PATCH 02/10] Update spec.bs --- spec.bs | 107 ++++++++++++++++++++++++-------------------------------- 1 file changed, 45 insertions(+), 62 deletions(-) diff --git a/spec.bs b/spec.bs index 2b26db8..29f07ac 100644 --- a/spec.bs +++ b/spec.bs @@ -465,18 +465,19 @@ The config IDL attribute getter Note: This holds because when the element has been removed from the DOM, its removal steps immediately destroy the [=fenced navigable container/fenced navigable=]. - 1. Let |navigationUrn| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/urn=]. + 1. Let |navigation url or urn| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/url=] if + the given {{FencedFrameConfig}}'s [=fencedframeconfig/url=] is not null, and the given + {{FencedFrameConfig}}'s [=fencedframeconfig/urn=] otherwise. - 1. If |navigationUrn| is not a valid [=urn uuid=] (i.e., won't pass the ABNF in Section 3 of - [=urn uuid=]), then return. + 1. If |navigation url or urn| is failure, then return. 1. Let |shared storage context| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/ sharedStorageContext=]. - 1. [=Navigate=] |element|'s [=fenced navigable container/fenced navigable=] to |navigationUrn| - using |element|'s [=Node/node document=], with [=historyHandling=] set to "`replace`", [=referrerPolicy=] set to "`no-referrer`", and - |shared storage context|. + 1. [=Navigate=] |element|'s [=fenced navigable container/fenced navigable=] to + |navigation url or urn| using |element|'s [=Node/node document=], with [=historyHandling=] set + to "`replace`", [=referrerPolicy=] set to + "`no-referrer`", and |shared storage context|. Note: See [[#navigation-changes]] for the <{fencedframe}>-specific changes to the ordinary navigation flow. @@ -577,25 +578,6 @@ follows: 1. Return |urn|.
-
- To store a finalized config in a [=fenced - frame config mapping=] |mapping| given a [=fenced frame config=] |config|, run these steps: - - 1. Let |finalizedMapping| be |mapping|'s [=fenced frame config mapping/pending config mapping=]. - - 1. If the [=map/size=] of |finalizedMapping| + the [=map/size=] of |mapping|'s [=fenced frame - config mapping/pending config mapping=] ≥ |mapping|'s [=fenced frame config mapping/maximum - number of configs=], return failure. - - 1. Let |urn| be a randomly generated [=urn uuid=]. - - 1. [=Assert=]: |urn| does not [=map/exist=] in |finalizedMapping|. - - 1. [=map/Set=] |finalizedMapping|[|urn|] to |config|. - - 1. Return |urn|. -
-
To finalize a pending config in a [=fenced frame config mapping=] |mapping| given a [=urn uuid=] |urn| and [=fenced frame config=] @@ -1365,6 +1347,7 @@ maps to an internal [=fenced frame config=] [=struct=]. Each {{FencedFrameConfig}} has: + * A url, a [=URL=], failure, or null, initially null * A urn, a [=urn uuid=] * A sharedStorageContext, a [=string=] * A containerWidth, a {{FencedFrameConfigSize}} or null @@ -1372,48 +1355,15 @@ Each {{FencedFrameConfig}} has: * A contentWidth, a {{FencedFrameConfigSize}} or null * A contentHeight, a {{FencedFrameConfigSize}} or null +Note: A config's [=fencedframeconfig/url=] is only null if a [=fencedframeconfig/urn=] is supplied. +
The FencedFrameConfig(|url|) constructor method steps are: 1. Let |config| be a [=new=] {{FencedFrameConfig}} object. - 1. Let |parsedUrl| be the result of running the [=URL parser=] on |url|. - - 1. If |parsedUrl| is not failure: - - 1. Let |global| be [=this=]'s [=relevant global object=]. - - 1. Let |mapping| be |global|'s [=Window/navigable=]'s - [=navigable/traversable navigable=]'s [=traversable navigable/fenced frame config mapping=]. - - 1. Let |configStruct| be a new [=fenced frame config=] with the following [=struct/items=]: - - : [=fenced frame config/mapped url=] - :: a [=struct=] with the following [=struct/items=]: - - : [=mapped url/value=] - :: |parsedUrl| - - : [=mapped url/visibility=] - :: [=visibility/transparent=] - - : [=fenced frame config/effective sandbox flags=] - :: a [=struct=] with the following [=struct/items=]: - - : [=effective sandbox flags/value=] - :: The [=fencedframetype/default fenced frame effective sandboxing flags=]. - - : [=effective sandbox flags/visibility=] - :: [=visibility/opaque=] - - : [=fenced frame config/effective enabled permissions=] - :: null - - 1. Let |urn| be the result of running [=fenced frame config mapping/store a finalized config=] - given |mapping| and |configStruct|. - - 1. Set |config|'s [=fencedframeconfig/urn=] to |urn|. + 1. Set |config|'s [=fencedframeconfig/url=] to the result of running the [=URL parser=] on |url|. 1. Return |config|.
@@ -1448,6 +1398,8 @@ Each {{FencedFrameConfig}} has: |value|, |serialized|, and |forStorage| are: 1. If |forStorage| is true, then throw a {{DataCloneError}} {{DOMException}}. + + 1. Set |serialized|.\[[Url]] to |value|'s [=fencedframeconfig/url=]. 1. Set |serialized|.\[[Urn]] to |value|'s [=fencedframeconfig/urn=]. @@ -1473,6 +1425,8 @@ Each {{FencedFrameConfig}} has: Their [=deserialization steps=], given |serialized|, |value|, and targetRealm are: + 1. Initialize |value|'s [=fencedframeconfig/url=] to |serialized|.\[[Url]]. + 1. Initialize |value|'s [=fencedframeconfig/urn=] to |serialized|.\[[Urn]]. 1. Initialize |value|'s [=fencedframeconfig/sharedStorageContext=] to @@ -2878,6 +2832,35 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le 1. Set |url| to |config|'s [=fenced frame config/mapped url=]'s [=mapped url/value=]. 1. Run steps in |config|'s [=fenced frame config/on navigate callback=]. + + 1. If |url| is a [=url=], |navigable| is a [=fenced navigable container/fenced navigable=], and + sourceDocument's [=node navigable=] is not |navigable|: + + 1. Let |config| be a new [=fenced frame config=] with the following [=struct/items=]: + + : [=fenced frame config/mapped url=] + :: a [=struct=] with the following [=struct/items=]: + + : [=mapped url/value=] + :: |url| + + : [=mapped url/visibility=] + :: [=visibility/transparent=] + + : [=fenced frame config/effective sandbox flags=] + :: a [=struct=] with the following [=struct/items=]: + + : [=effective sandbox flags/value=] + :: The [=fencedframetype/default fenced frame effective sandboxing flags=]. + + : [=effective sandbox flags/visibility=] + :: [=visibility/opaque=] + + : [=fenced frame config/effective enabled permissions=] + :: null + + 1. Set sourceSnapshotParams's [=source snapshot params/target fenced frame + config=] to |config|. /fenced-frame/frame-navigation.https.html From 449a5984eba2861d75907f02fed6f91d62f4e4de Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Tue, 27 Aug 2024 14:44:30 -0400 Subject: [PATCH 03/10] cleanup --- spec.bs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec.bs b/spec.bs index a22cc94..778f86d 100644 --- a/spec.bs +++ b/spec.bs @@ -1454,9 +1454,9 @@ Note: A config's [=fencedframeconfig/url=] is only null if a [=fencedframeconfig |value|, |serialized|, and |forStorage| are: 1. If |forStorage| is true, then throw a {{DataCloneError}} {{DOMException}}. - - 1. Set |serialized|.\[[Url]] to |value|'s [=fencedframeconfig/url=]. + 1. Set |serialized|.\[[Url]] to |value|'s [=fencedframeconfig/url=]. + 1. Set |serialized|.\[[Urn]] to |value|'s [=fencedframeconfig/urn=]. 1. Set |serialized|.\[[SharedStorageContext]] to |value|'s [=fencedframeconfig/ @@ -1480,7 +1480,7 @@ Note: A config's [=fencedframeconfig/url=] is only null if a [=fencedframeconfig
Their [=deserialization steps=], given |serialized|, |value|, and targetRealm are: - + 1. Initialize |value|'s [=fencedframeconfig/url=] to |serialized|.\[[Url]]. 1. Initialize |value|'s [=fencedframeconfig/urn=] to |serialized|.\[[Urn]]. From 832bd5c2cc174e3ebed4b6aed536a7049fdc4420 Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Tue, 27 Aug 2024 14:47:43 -0400 Subject: [PATCH 04/10] fix outdated naming --- spec.bs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec.bs b/spec.bs index 778f86d..9aa2637 100644 --- a/spec.bs +++ b/spec.bs @@ -2903,13 +2903,13 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le : [=mapped url/visibility=] :: [=visibility/transparent=] - : [=fenced frame config/effective sandbox flags=] + : [=fenced frame config/effective sandboxing flags=] :: a [=struct=] with the following [=struct/items=]: - : [=effective sandbox flags/value=] + : [=effective sandboxing flags/value=] :: The [=fencedframetype/default fenced frame effective sandboxing flags=]. - : [=effective sandbox flags/visibility=] + : [=effective sandboxing flags/visibility=] :: [=visibility/opaque=] : [=fenced frame config/effective enabled permissions=] From 6f0eedc27aa2e5aa33300f709692e50801c6ec7c Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Fri, 20 Sep 2024 14:33:56 -0400 Subject: [PATCH 05/10] address review comments --- spec.bs | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/spec.bs b/spec.bs index 9aa2637..055f1a0 100644 --- a/spec.bs +++ b/spec.bs @@ -2879,7 +2879,10 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le 1. Set |config|'s [=fenced frame config/embedder shared storage context=] to |sharedStorageContext|. - 1. Set sourceSnapshotParams's [=source snapshot params/target fenced frame + 1. Assert: |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] is + null. + + 1. Set |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] to |config|. 1. [=Assert=] |config|'s [=fenced frame config/mapped url=]'s [=mapped url/value=] is a @@ -2889,7 +2892,7 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le 1. Run steps in |config|'s [=fenced frame config/on navigate callback=]. - 1. If |url| is a [=url=], |navigable| is a [=fenced navigable container/fenced navigable=], and + 1. If |navigable| is a [=fenced navigable container/fenced navigable=], and sourceDocument's [=node navigable=] is not |navigable|: 1. Let |config| be a new [=fenced frame config=] with the following [=struct/items=]: @@ -2914,9 +2917,12 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le : [=fenced frame config/effective enabled permissions=] :: null + + 1. Assert: |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] is + null. - 1. Set sourceSnapshotParams's [=source snapshot params/target fenced frame - config=] to |config|. + 1. Set |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] to + |config|. /fenced-frame/frame-navigation.https.html From a2d6656bfd1edf02ce204ed5b245aaf67c48aebf Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Mon, 30 Sep 2024 12:45:29 -0400 Subject: [PATCH 06/10] modify check to check ancestor navigables --- spec.bs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/spec.bs b/spec.bs index 055f1a0..533584c 100644 --- a/spec.bs +++ b/spec.bs @@ -2892,8 +2892,9 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le 1. Run steps in |config|'s [=fenced frame config/on navigate callback=]. - 1. If |navigable| is a [=fenced navigable container/fenced navigable=], and - sourceDocument's [=node navigable=] is not |navigable|: + 1. If |navigable| is a [=fenced navigable container/fenced navigable=] and + sourceDocument's [=node navigable=] is in |navigable|'s + [=navigable/active document=]'s [=Document/ancestor navigables=]: 1. Let |config| be a new [=fenced frame config=] with the following [=struct/items=]: From 076149e91d16af698976263032c2f3abb4d00391 Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Wed, 2 Oct 2024 22:34:23 -0400 Subject: [PATCH 07/10] address comments and add unfenced ancestor patch --- spec.bs | 59 ++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 50 insertions(+), 9 deletions(-) diff --git a/spec.bs b/spec.bs index 533584c..eb57a0f 100644 --- a/spec.bs +++ b/spec.bs @@ -2436,6 +2436,45 @@ in the [[#nested-traversables-intro]]. 1. Return |navigables|.
+
+ Modify the [=Document/inclusive ancestor navigables=] algorithm to take a new optional + [=boolean=] argument unfenced that defaults to + false. + + Further rewrite step 1 of this algorithm to: + + 1. Let navigables be document's [=Document/ancestor + navigables=] with [=an-unfenced|unfenced=] set to + [=inclusive-an-unfenced|unfenced=]. +
+ +
+ Modify the [=Document/ancestor navigables=] algorithm to take a new optional [=boolean=] + argument unfenced that defaults to false, and rewrite the algorithm + like so: + + 1. Let |navigable| be |document|'s [=node navigable=]'s [=navigable/parent=]. + + 1. If |navigable| is null and [=an-unfenced|unfenced=] is true, set |navigable| to |document|'s + [=node navigable=]'s [=navigable/traversable navigable=]'s [=traversable navigable/unfenced + parent=]. + + 1. Let |ancestors| be an empty list. + + 1. While |navigable| is not null: + + 1. [=list/Prepend=] |navigable| to |ancestors|. + + 1. Set |navigable| to |navigable|'s [=navigable/parent=]. + + 1. If |navigable| is null and [=an-unfenced|unfenced=] is true, set |navigable| to + |navigable|'s [=navigable/traversable navigable=]'s [=traversable navigable/unfenced + parent=]. + + 1. Return |ancestors|. + +
+

Modifications to the focusing algorithms

The [[HTML]] standard defines how to handle focusing elements and {{Window}}s, both by user gesture @@ -2863,8 +2902,10 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le Insert these steps immediately after step 20, the step that goes [=in parallel=], so that what follows are the first steps that run [=in parallel=] in the patched algorithm: - 1. If |url| is a [=urn uuid=] and |navigable| is a [=fenced navigable container/fenced - navigable=]: + 1. If |url| is a [=urn uuid=], |navigable| is a [=fenced navigable container/fenced navigable=], + and sourceDocument's [=node navigable=] is in |navigable|'s + [=navigable/active document=]'s [=Document/ancestor navigables=] with [=an-unfenced| + unfenced=] set to true: 1. Let |config| be the result of [=fenced frame config mapping/finding a config=] in sourceDocument's [=node navigable=]'s [=navigable/traversable @@ -2879,8 +2920,8 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le 1. Set |config|'s [=fenced frame config/embedder shared storage context=] to |sharedStorageContext|. - 1. Assert: |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] is - null. + 1. [=Assert=]: |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] + is null. 1. Set |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] to |config|. @@ -2892,9 +2933,9 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le 1. Run steps in |config|'s [=fenced frame config/on navigate callback=]. - 1. If |navigable| is a [=fenced navigable container/fenced navigable=] and - sourceDocument's [=node navigable=] is in |navigable|'s - [=navigable/active document=]'s [=Document/ancestor navigables=]: + 1. If |navigable| is a [=fenced navigable container/fenced navigable=] and sourceDocument's [=node navigable=] is in |navigable|'s [=navigable/active + document=]'s [=Document/ancestor navigables=] with [=an-unfenced|unfenced=] set to true: 1. Let |config| be a new [=fenced frame config=] with the following [=struct/items=]: @@ -2919,8 +2960,8 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le : [=fenced frame config/effective enabled permissions=] :: null - 1. Assert: |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] is - null. + 1. [=Assert=]: |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] + is null. 1. Set |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] to |config|. From a04d199b2c10986fcfece2a411bc613a04862bd3 Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Fri, 4 Oct 2024 12:36:31 -0400 Subject: [PATCH 08/10] revert and add issue link --- spec.bs | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/spec.bs b/spec.bs index eb57a0f..bd709e9 100644 --- a/spec.bs +++ b/spec.bs @@ -2902,10 +2902,15 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le Insert these steps immediately after step 20, the step that goes [=in parallel=], so that what follows are the first steps that run [=in parallel=] in the patched algorithm: - 1. If |url| is a [=urn uuid=], |navigable| is a [=fenced navigable container/fenced navigable=], - and sourceDocument's [=node navigable=] is in |navigable|'s - [=navigable/active document=]'s [=Document/ancestor navigables=] with [=an-unfenced| - unfenced=] set to true: + 1. If |url| is a [=urn uuid=] and |navigable| is a [=fenced navigable container/fenced + navigable=]: + + Issue: If a fenced frame generates a FencedFrameConfig using a config-generating API, and + then correctly guesses the urn:uuid of that config, it can currently navigate itself to that + config, even though this is meant to only allow embedders to navigate fenced frames to + configs. This algorithm should be patched to be able to take in a FencedFrameConfig and use + that as the check to determine if this path is followed. See: + [issue #194](https://github.com/WICG/fenced-frame/issues/194) 1. Let |config| be the result of [=fenced frame config mapping/finding a config=] in sourceDocument's [=node navigable=]'s [=navigable/traversable From 9205b8500445c943a55cf8b3dc592aa5a121bf80 Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Fri, 4 Oct 2024 14:53:24 -0400 Subject: [PATCH 09/10] remove inclusive ancestor navigables patch --- spec.bs | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/spec.bs b/spec.bs index bd709e9..c55a65b 100644 --- a/spec.bs +++ b/spec.bs @@ -2436,18 +2436,6 @@ in the [[#nested-traversables-intro]]. 1. Return |navigables|.
-
- Modify the [=Document/inclusive ancestor navigables=] algorithm to take a new optional - [=boolean=] argument unfenced that defaults to - false. - - Further rewrite step 1 of this algorithm to: - - 1. Let navigables be document's [=Document/ancestor - navigables=] with [=an-unfenced|unfenced=] set to - [=inclusive-an-unfenced|unfenced=]. -
-
Modify the [=Document/ancestor navigables=] algorithm to take a new optional [=boolean=] argument unfenced that defaults to false, and rewrite the algorithm From 3675ec45e823f1dc73045ffe43ea6213d15c34e7 Mon Sep 17 00:00:00 2001 From: Dominic Farolino Date: Sat, 5 Oct 2024 15:50:27 -0400 Subject: [PATCH 10/10] Issue wording --- spec.bs | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/spec.bs b/spec.bs index c55a65b..6f9c874 100644 --- a/spec.bs +++ b/spec.bs @@ -2893,12 +2893,14 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le 1. If |url| is a [=urn uuid=] and |navigable| is a [=fenced navigable container/fenced navigable=]: - Issue: If a fenced frame generates a FencedFrameConfig using a config-generating API, and - then correctly guesses the urn:uuid of that config, it can currently navigate itself to that - config, even though this is meant to only allow embedders to navigate fenced frames to - configs. This algorithm should be patched to be able to take in a FencedFrameConfig and use - that as the check to determine if this path is followed. See: - [issue #194](https://github.com/WICG/fenced-frame/issues/194) + Issue: The above condition is not as tight as it needs to be. For example, if a + <{fencedframe}> generates a {{FencedFrameConfig}} using a config-generating API, and then + correctly guesses the config's [=fencedframeconfig/urn|urn:uuid=], it can theoretically + navigate itself to that config by passing the guessed urn into the navigate algorithm as a + [=URL=], via something like the {{Window/location}} API. This is bad, because the purpose of + a {{FencedFrameConfig}} is to ensure that only an embedder can navigate a <{fencedframe}> to + the resource represented by the config, by using the config object directly. See #194 for thoughts on fixing this. 1. Let |config| be the result of [=fenced frame config mapping/finding a config=] in sourceDocument's [=node navigable=]'s [=navigable/traversable