From 9e6bf1184cdc68ed795d5b0a635d847c8cdbbc15 Mon Sep 17 00:00:00 2001
From: Domenic Denicola <d@domenic.me>
Date: Fri, 19 Jun 2020 14:53:25 -0400
Subject: [PATCH] Define "secure context"

This supersedes the definition in
https://w3c.github.io/webappsec-secure-contexts/, and fixes several bugs
while doing so.

Closes #5558. Closes w3c/webappsec-secure-contexts#56. Closes
w3c/webappsec-secure-contexts#57. Closes
w3c/webappsec-secure-contexts#74. Closes
w3c/webappsec-secure-contexts#75.
---
 source | 73 +++++++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 62 insertions(+), 11 deletions(-)

diff --git a/source b/source
index 28388475fe0..15c77ac9c99 100644
--- a/source
+++ b/source
@@ -3801,7 +3801,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
     spec="SECURE-CONTEXTS"></p>
 
     <ul class="brief">
-     <li><dfn data-x-href="https://w3c.github.io/webappsec-secure-contexts/#settings-object">Is environment settings object a secure context?</dfn></li>
+     <li><dfn data-x-href="https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url">Is url potentially trustworthy?</dfn></li>
     </ul>
    </dd>
 
@@ -86309,6 +86309,43 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {
   steps</span> are run for only a select few environments: the ones that will
   never become execution ready because, for example, they failed to load.</p>
 
+  <p>An <span>environment</span> <var>environment</var> is a <dfn data-export="" data-lt="secure
+  context|Is an environment settings object contextually secure?">secure context</dfn> if the
+  following algorithm returns true:</p>
+
+  <ol>
+   <li>
+    <p>If <var>environment</var> is an <span>environment settings object</span>, and its <span
+    data-x="concept-settings-object-global">global object</span> is a
+    <code>WorkerGlobalScope</code>, then:</p>
+
+    <ol>
+     <li><p><span data-x="list iterate">For each</span> <var>owner</var> in <var>environment</var>'s
+     <span data-x="concept-settings-object-global">global object</span>'s <span>owner set</span>, if
+     <var>owner</var>'s <span>relevant settings object</span> is a <span>non-secure context</span>,
+     then return false.</p></li>
+
+     <li><p>Return true.</p></li>
+    </ol>
+   </li>
+
+   <li><p>If <var>environment</var> is <var>environment</var> is an <span>environment settings
+   object</span>, and its <span data-x="concept-settings-object-global">global object</span> is a
+   <code>WorkletGlobalScope</code>, then return true if <var>environment</var>'s <span
+   data-x="concept-settings-object-global">global object</span>'s <span
+   data-x="concept-worklet-owner-document">owner document</span>'s <span>relevant settings
+   object</span> is a <span>secure context</span>; otherwise, return false.</p></li>
+
+   <li><p>If the result of <span>Is url potentially trustworthy?</span> given
+   <var>environment</var>'s <span>top-level creation URL</span> is "<code data-x="">Potentially
+   Trustworthy</code>", then return true.</p></li>
+
+   <li><p>Return false.</p></li>
+  </ol>
+
+  <p>An <span>environment</span> is a <dfn data-export="">non-secure context</dfn> if it is not a
+  <span>secure context</span>.</p>
+
   <p>An <dfn data-export="">environment settings object</dfn> is an <span>environment</span> that
   additionally specifies algorithms for:</p>
 
@@ -91299,6 +91336,7 @@ interface mixin <dfn>DocumentAndElementEventHandlers</dfn> {
 
 interface mixin <dfn>WindowOrWorkerGlobalScope</dfn> {
   [Replaceable] readonly attribute USVString <span data-x="dom-origin">origin</span>;
+  readonly attribute boolean <span data-x="dom-isSecureContext">isSecureContext</span>;
 
   // base64 utility methods
   DOMString <span data-x="dom-btoa">btoa</span>(DOMString data);
@@ -91321,7 +91359,12 @@ interface mixin <dfn>WindowOrWorkerGlobalScope</dfn> {
 <span>WorkerGlobalScope</span> includes <span>WindowOrWorkerGlobalScope</span>;</code></pre>
 
   <dl class="domintro">
-   <dt><var>origin</var> = self . <code subdfn data-x="dom-origin">origin</code></dt>
+   <dt>self . <code subdfn data-x="dom-isSecureContext">isSecureContext</code></dt>
+
+   <dd><p>Returns whether or not this global object represents a <span>secure context</span>. <ref
+   spec=SECURE-CONTEXTS></p></dd>
+
+   <dt>self . <code subdfn data-x="dom-origin">origin</code></dt>
 
    <dd><p>Returns the global object's <span>origin</span>, serialized as string.</p></dd>
   </dl>
@@ -91343,11 +91386,19 @@ document.body.appendChild(frame)</code></pre>
    <p><code data-x="">self.origin</code> is a more reliable security indicator.</p>
   </div>
 
-  <p>The <dfn data-x="dom-origin"><code>origin</code></dfn> attribute's getter must return this
-  object's <span>relevant settings object</span>'s <span
+  <div w-nodev>
+
+  <p>The <dfn data-x="dom-isSecureContext"><code>isSecureContext</code></dfn> getter steps are to
+  return true if <span>this</span>'s <span>relevant settings object</span> is a <span>secure
+  context</span>, or false otherwise.</p>
+
+  <p>The <dfn data-x="dom-origin"><code>origin</code></dfn> getter steps are to return
+  <span>this</span>'s <span>relevant settings object</span>'s <span
   data-x="concept-settings-object-origin">origin</span>, <span data-x="serialization of an
   origin">serialized</span>.</p>
 
+  </div>
+
 
   <h3 id="atob">Base64 utility methods</h3>
 
@@ -98786,8 +98837,8 @@ interface <dfn>SharedWorker</dfn> : <span>EventTarget</span> {
    <li><p>Assign <var>outside port</var> to the <code data-x="dom-SharedWorker-port">port</code>
    attribute of <var>worker</var>.</p></li>
 
-   <li><p>Let <var>callerIsSecureContext</var> be the result of executing <span>Is environment
-   settings object a secure context?</span> on <var>outside settings</var>.</p></li>
+   <li><p>Let <var>callerIsSecureContext</var> be true if <var>outside settings</var> is a
+   <span>secure context</span>; otherwise, false.</p></li>
 
    <li>
     <p><span>Enqueue the following steps</span> to the <span>shared worker manager</span>:</p>
@@ -98843,8 +98894,8 @@ interface <dfn>SharedWorker</dfn> : <span>EventTarget</span> {
        <li><p>Let <var>settings object</var> be the <span>relevant settings object</span> for
        <var>worker global scope</var>.</p></li>
 
-       <li><p>Let <var>workerIsSecureContext</var> be the result of executing <span>Is environment
-       settings object a secure context?</span> on <var>settings object</var>.</p></li>
+       <li><p>Let <var>workerIsSecureContext</var> be true if <var>settings object</var> is a
+       <span>secure context</span>; otherwise, false.</p></li>
 
        <li><p>If <var>workerIsSecureContext</var> is not <var>callerIsSecureContext</var>, then
        <span>queue a task</span> to <span data-x="concept-event-fire">fire an event</span> named
@@ -106069,9 +106120,9 @@ document.body.appendChild(text);
     this element in the <span>stack of open elements</span>.</p>
 
     <p id="parser-appcache">If the <code>Document</code> is being loaded as part of <span
-    data-x="navigate">navigation</span> of a <span>browsing context</span> and the result of
-    executing <span>Is environment settings object a secure context?</span> on the
-    <code>Document</code>'s <span>relevant settings object</span> is true, then:</p>
+    data-x="navigate">navigation</span> of a <span>browsing context</span> and
+    <code>Document</code>'s <span>relevant settings object</span> is a <span>secure context</span>,
+    then:</p>
 
     <ol>
      <li><p>If the result of running <span data-x="scope-match-algorithm">match service worker