Skip to content

Commit

Permalink
Fix #313: make disowning a browsing context work
Browse files Browse the repository at this point in the history
This change attempts to make it so that when using rel=noopener, rel=noreferrer, and when setting window.opener to null, the browsing contexts involve can no longer directly reach each other. They end up in their own unit of related browsing contexts. (This is what some in the ECMAScript community refer to as a vat or continent.)

We do this by making directly reachable account for disowning, by making familiar with account for directly reachable, and by changing the rules for choosing a browsing context given a browsing context name to no longer say "related enough", but instead clearly say that the browsing contexts have to be familiar with each other, and by extension, have to be directly reachable.
  • Loading branch information
annevk committed Jan 13, 2016
1 parent 8558f93 commit 2263249
Showing 1 changed file with 28 additions and 23 deletions.
51 changes: 28 additions & 23 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -21023,8 +21023,8 @@ interface <dfn>HTMLHyperlinkElementUtils</dfn> {

<li><p>If <var>subject</var>'s <a href="#linkTypes">link types</a> include the <code
data-x="rel-noreferrer">noreferrer</code> or <code data-x="rel-noopener">noopener</code> keyword,
and <var>replace</var> is true, then <span data-x="disowned its opener">disown
<var>target</var>'s opener</span>.</p></li>
and <var>replace</var> is true, then <span data-x="disowned">disown</span>
<var>target</var>.</p></li>

<li><p><span data-x="resolve a url">Resolve</span> the <span>URL</span> given by
<var>subject</var>'s <code data-x="attr-hyperlink-href">href</code> attribute, relative to
Expand Down Expand Up @@ -21521,14 +21521,17 @@ interface <dfn>HTMLHyperlinkElementUtils</dfn> {
<td><code data-x="rel-noreferrer">noreferrer</code></td>
<td><em>not allowed</em></td>
<td><span data-x="hyperlink annotation">Annotation</span></td>
<td>Requires that the user agent not send an HTTP `<code data-x="http-referer">Referer</code>` (sic) header if the user follows the hyperlink.</td>
<td>Indicates that any <span>browsing context</span> created by following the hyperlink is
<span>disowned</span> and that the user agent will not send an HTTP `<code
data-x="http-referer">Referer</code>` (sic) header if the user follows the hyperlink.</td>
</tr>

<tr>
<td><code data-x="rel-noopener">noopener</code></td>
<td><em>not allowed</em></td>
<td><span data-x="hyperlink annotation">Annotation</span></td>
<td>Requires that any <span>browsing context</span> created by following the hyperlink must not have an <span>opener browsing context</span>.</td>
<td>Indicates that any <span>browsing context</span> created by following the hyperlink is
<span>disowned</span>.</td>
</tr>

<tr>
Expand Down Expand Up @@ -77824,17 +77827,18 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
the <span>browsing context</span> from which the <span>auxiliary browsing context</span> was
created.</p>

<p>An <span>auxiliary browsing context</span> can be <dfn id="disowned-its-opener">disowned</dfn>.
This means it is no longer <span data-x="directly reachable browsing contexts">directly
reachable</span>.</p>

<h5>Navigating auxiliary browsing contexts in the DOM</h5>

<p>The <dfn><code data-x="dom-opener">opener</code></dfn> IDL attribute on the <code>Window</code>
object, on getting, must return the <code>WindowProxy</code> object of the <span>browsing
context</span> from which the current <span>browsing context</span> was created (its <span>opener
browsing context</span>), if there is one, if it is still available, and if the current
<span>browsing context</span> has not <i data-x="disowned its opener">disowned its opener</i>;
otherwise, it must return null. On setting, if the new value is null then the current
<span>browsing context</span> must <dfn data-x="disowned its opener">disown its opener</dfn>; if
the new value is anything else then the user agent must
object, on getting, must return the <code>WindowProxy</code> object of the current <span>browsing
context</span>'s <span>opener browsing context</span>, if there is one and it is not
<span>disowned</span>; otherwise, it must return null. On setting, if the new value is null then
the current <span>browsing context</span> must be <span>disowned</span>; if the new value is
anything else then the user agent must

<!-- dark magic incantation begins -->
call the [[DefineOwnProperty]] internal method of the <code>Window</code> object, passing the
Expand Down Expand Up @@ -77863,8 +77867,9 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
<h4 id="security-nav">Security</h4>

<p id="security-1">A <span>browsing context</span> <var>A</var> is <dfn>familiar
with</dfn> a second <span>browsing context</span> <var>B</var> if one of the following
conditions is true:</p>
with</dfn> a second <span>browsing context</span> <var>B</var> if <var>A</var> can <span
data-x="directly reachable browsing contexts">directly reach</span> <var>B</var> and one of the
following conditions is true:</p>

<ul>

Expand Down Expand Up @@ -77949,9 +77954,11 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
<li>The <span>browsing context</span>'s <span>parent browsing context</span>.</li>

<li>All the <span data-x="browsing context">browsing contexts</span> that have the <span>browsing
context</span> as their <span>opener browsing context</span>.</li>
context</span> as their <span>opener browsing context</span> as long as neither side is
<span>disowned</span>.</li>

<li>The <span>browsing context</span>'s <span>opener browsing context</span>.</li>
<li>The <span>browsing context</span>'s <span>opener browsing context</span> as long as neither
side is <span>disowned</span>.</li>

</ul>

Expand Down Expand Up @@ -78263,11 +78270,10 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
<p>If the given browsing context name is not <code data-x="">_blank</code> and there exists a
browsing context whose <span data-x="browsing context name">name</span> is the same as the given
browsing context name, and the current browsing context is <span>familiar with</span> that
browsing context, and the user agent determines that the two browsing contexts are related
enough that it is ok if they reach each other, then that browsing context must be the chosen
one. If there are multiple matching browsing contexts, the user agent should select one in some
arbitrary consistent manner, such as the most recently opened, most recently focused, or more
closely related.</p>
browsing context, then that browsing context must be the chosen one. If there are multiple
matching browsing contexts the current browsing context is <span>familiar with</span>, the user
agent should select one in some arbitrary consistent manner, such as the most recently opened,
most recently focused, or more closely related.</p>

<p>If the browsing context is chosen by this step to be the current browsing context, then this
is also an <span>explicit self-navigation override</span>.</p>
Expand Down Expand Up @@ -78739,9 +78745,8 @@ callback <dfn>FrameRequestCallback</dfn> = void (<span>DOMHighResTimeStamp</span
<ol>

<li><p>If the result of <span data-x="split a string on commas">splitting <var>features</var>
on commas</span> contains the token "<code data-x="">noopener</code>", <span data-x="disowned
its opener">disown <var>target browsing context</var>'s opener</span>, and return <code
data-x="">null</code>.</p></li>
on commas</span> contains the token "<code data-x="">noopener</code>", <span
data-x="disowned">disown</span> <var>target browsing context</var>, and return null.</p></li>

<li><p>Otherwise, return the <code>WindowProxy</code> object of <var>target browsing
context</var>.</p></li>
Expand Down

0 comments on commit 2263249

Please sign in to comment.