Skip to content

Commit

Permalink
Define "secure context"
Browse files Browse the repository at this point in the history
  • Loading branch information
domenic committed Jun 24, 2020
1 parent c9fddd7 commit 81b5a62
Showing 1 changed file with 75 additions and 11 deletions.
86 changes: 75 additions & 11 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -3810,7 +3810,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
spec="SECURE-CONTEXTS"></p>

<ul class="brief">
<li><dfn data-x-href="https://w3c.github.io/webappsec-secure-contexts/#settings-object">Is environment settings object a secure context?</dfn></li>
<li><dfn data-x-href="https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url">Is url potentially trustworthy?</dfn></li>
</ul>
</dd>
Expand Down Expand Up @@ -86683,6 +86682,57 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {
steps</span> are run for only a select few environments: the ones that will
never become execution ready because, for example, they failed to load.</p>

<p>An <span>environment</span> <var>environment</var> is a <dfn data-export="" data-lt="secure
context|Is an environment settings object contextually secure?">secure context</dfn> if the
following algorithm returns true:</p>

<ol>
<li>
<p>If <var>environment</var> is an <span>environment settings object</span>, then:</p>

<ol>
<li><p>If <var>environment</var>'s <span>HTTPS state</span> is "<code
data-x="">deprecated</code>", then return false.</p></li>

<li><p>Let <var>global</var> be <var>environment</var>'s <span
data-x="concept-settings-object-global">global object</span>.</p></li>

<li>
<p>If <var>global</var> is a <code>WorkerGlobalScope</code>, then:

<ol>
<li><p><span data-x="list iterate">For each</span> <var>owner</var> in <var>global</var>'s
<span>owner set</span>, if <var>owner</var>'s <span>relevant settings object</span> is a
<span>non-secure context</span>, then return false.</p></li>

<li><p>Return true.</p></li>
</ol>
</li>

<li>
<p>If <var>global</var> is a <code>WorkletGlobalScope</code>, then:</p>

<ol>
<li><p>If <var>global</var>'s <span data-x="concept-worklet-owner-document">owner
document</span>'s <span>relevant settings object</span> is a <span>secure context</span>,
then return true.</p></li>

<li><p>Return false.</p></li>
</ol>
</li>
</ol>
</li>

<li><p>If the result of <span>Is url potentially trustworthy?</span> given
<var>environment</var>'s <span>top-level creation URL</span> is "<code data-x="">Potentially
Trustworthy</code>", then return true.</p></li>

<li><p>Return false.</p></li>
</ol>

<p>An <span>environment</span> is a <dfn data-export="">non-secure context</dfn> if it is not a
<span>secure context</span>.</p>

<p>An <dfn data-export="">environment settings object</dfn> is an <span>environment</span> that
additionally specifies algorithms for:</p>

Expand Down Expand Up @@ -91673,6 +91723,7 @@ interface mixin <dfn>DocumentAndElementEventHandlers</dfn> {

interface mixin <dfn>WindowOrWorkerGlobalScope</dfn> {
[Replaceable] readonly attribute USVString <span data-x="dom-origin">origin</span>;
readonly attribute boolean <span data-x="dom-isSecureContext">isSecureContext</span>;

// base64 utility methods
DOMString <span data-x="dom-btoa">btoa</span>(DOMString data);
Expand All @@ -91695,7 +91746,12 @@ interface mixin <dfn>WindowOrWorkerGlobalScope</dfn> {
<span>WorkerGlobalScope</span> includes <span>WindowOrWorkerGlobalScope</span>;</code></pre>

<dl class="domintro">
<dt><var>origin</var> = self . <code subdfn data-x="dom-origin">origin</code></dt>
<dt>self . <code subdfn data-x="dom-isSecureContext">isSecureContext</code></dt>

<dd><p>Returns whether or not this global object represents a <span>secure context</span>. <ref
spec=SECURE-CONTEXTS></p></dd>

<dt>self . <code subdfn data-x="dom-origin">origin</code></dt>

<dd><p>Returns the global object's <span>origin</span>, serialized as string.</p></dd>
</dl>
Expand All @@ -91717,11 +91773,19 @@ document.body.appendChild(frame)</code></pre>
<p><code data-x="">self.origin</code> is a more reliable security indicator.</p>
</div>

<p>The <dfn data-x="dom-origin"><code>origin</code></dfn> attribute's getter must return this
object's <span>relevant settings object</span>'s <span
<div w-nodev>

<p>The <dfn data-x="dom-isSecureContext"><code>isSecureContext</code></dfn> getter steps are to
return true if <span>this</span>'s <span>relevant settings object</span> is a <span>secure
context</span>, or false otherwise.</p>

<p>The <dfn data-x="dom-origin"><code>origin</code></dfn> getter steps are to return
<span>this</span>'s <span>relevant settings object</span>'s <span
data-x="concept-settings-object-origin">origin</span>, <span data-x="serialization of an
origin">serialized</span>.</p>

</div>


<h3 id="atob">Base64 utility methods</h3>

Expand Down Expand Up @@ -99160,8 +99224,8 @@ interface <dfn>SharedWorker</dfn> : <span>EventTarget</span> {
<li><p>Assign <var>outside port</var> to the <code data-x="dom-SharedWorker-port">port</code>
attribute of <var>worker</var>.</p></li>

<li><p>Let <var>callerIsSecureContext</var> be the result of executing <span>Is environment
settings object a secure context?</span> on <var>outside settings</var>.</p></li>
<li><p>Let <var>callerIsSecureContext</var> be true if <var>outside settings</var> is a
<span>secure context</span>; otherwise, false.</p></li>

<li>
<p><span>Enqueue the following steps</span> to the <span>shared worker manager</span>:</p>
Expand Down Expand Up @@ -99217,8 +99281,8 @@ interface <dfn>SharedWorker</dfn> : <span>EventTarget</span> {
<li><p>Let <var>settings object</var> be the <span>relevant settings object</span> for
<var>worker global scope</var>.</p></li>

<li><p>Let <var>workerIsSecureContext</var> be the result of executing <span>Is environment
settings object a secure context?</span> on <var>settings object</var>.</p></li>
<li><p>Let <var>workerIsSecureContext</var> be true if <var>settings object</var> is a
<span>secure context</span>; otherwise, false.</p></li>

<li><p>If <var>workerIsSecureContext</var> is not <var>callerIsSecureContext</var>, then
<span>queue a task</span> to <span data-x="concept-event-fire">fire an event</span> named
Expand Down Expand Up @@ -106443,9 +106507,9 @@ document.body.appendChild(text);
this element in the <span>stack of open elements</span>.</p>

<p id="parser-appcache">If the <code>Document</code> is being loaded as part of <span
data-x="navigate">navigation</span> of a <span>browsing context</span> and the result of
executing <span>Is environment settings object a secure context?</span> on the
<code>Document</code>'s <span>relevant settings object</span> is true, then:</p>
data-x="navigate">navigation</span> of a <span>browsing context</span> and
<code>Document</code>'s <span>relevant settings object</span> is a <span>secure context</span>,
then:</p>

<ol>
<li><p>If the result of running <span data-x="scope-match-algorithm">match service worker
Expand Down

0 comments on commit 81b5a62

Please sign in to comment.