Add a document-access feature policy to prevent access from one

document to another. Add steps in the IsPlatformObjectSameOrigin to force checks if the two documents do not share the same agent and thus cannot share memory because they would be in different agent clusters. Fixes whatwg#4435
dtapuska · May 9, 2019 · d22ada2 · d22ada2
1 parent c04117f
commit d22ada2
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/source b/source
@@ -4395,6 +4395,9 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
     <li>"<dfn data-x="document-domain-feature"><code data-x="">document-domain</code></dfn>", which
     has a <span data-x="concept-default-allowlist">default allowlist</span> of <code
     data-x="">*</code>.</li>
+    <li>"<dfn data-x="document-access"><code data-x="">document-access</code></dfn>", which
+    has a <span data-x="concept-default-allowlist">default allowlist</span> of <code
+    data-x="">*</code>.</li>
   </ul>
 
 
@@ -78127,6 +78130,8 @@ console.assert(iframeWindow.frameElement === null);
   <h5><dfn>IsPlatformObjectSameOrigin</dfn> ( <var>O</var> )</h5>
 
   <ol>
+   <li><p>If the <span>current global object</span> and <var>O</var> are not
+   <span>same-agent Window objects</span> return false.</p></li>
    <li><p>Return true if the <span>current settings object</span>'s <span
    data-x="concept-settings-object-origin">origin</span> is <span>same origin-domain</span> with
    <var>O</var>'s <span>relevant settings object</span>'s <span
@@ -89001,6 +89006,11 @@ import "https://example.com/foo/../module2.mjs";</code></pre>
     improve this situation.</p>
    </li>
 
+   <li><p>If either <var>A</var>'s <span>relevant settings object</span>'s
+   <span>responsible document</span> or <var>B</var>'s <span>relevant settings object</span>'s
+   <span>responsible document</span> are not <span>allowed to use</span> the
+   "<code data-x="document-access">document-access</code>" feature, then return false.</p></li>
+
    <li><p>Let <var>originA</var> be <var>A</var>'s <span>relevant settings object</span>'s <span
    data-x="concept-settings-object-origin">origin</span> and <var>originB</var> be <var>B</var>'s
    <span>relevant settings object</span>'s <span