Fix references to html after navigation and session history rewrite #580

antosart · 2022-11-28T08:12:46Z

This PR fixes broken references to html, which were mostly a result of the navigation and session history rewrite.

In particular, this change:

replaces browsing contexts with navigables (fixes Should we replace browsing contexts with navigables? #579).
drops the sandbox initialization part for documents, since it is now included in html,
rewords the part on plugins, since the html no longer defines plugin documents, but only considers pdfs.

This fixes #576.

antosart · 2022-11-28T08:18:22Z

index.bs

@@ -3467,35 +3474,32 @@ this algorithm returns normally if compilation is allowed, and throws a
  </h5>

  This directive's <a for="directive">initialization</a> algorithm is


Should we actually get rid completely of the initialization hook (and move the worker part to html, too)?

I'm not sure that would make things simpler, but I'm totally willing to believe that it would? Put up a patch to talk through?

That does seem nicer!

Ok, I filed #581. I'll take a stab at it when I have time.

antosart · 2022-11-28T08:19:13Z

index.bs

  former two (also including navigations). This is true even when the data is
  semantically equivalent to content which would otherwise be restricted by
  another directive, such as an <{object}> element with a `text/html` MIME
  type.

-  Note: When a plugin resource is navigated to directly (that is, as a <a>plugin document</a> in the
-  <a>top-level browsing context</a> or a <a>nested browsing context</a>, and not as an embedded
+  Note: When a plugin resource is navigated to directly (that is, as a <a>plugin</a>


The part about plugins should probably be rewritten to take into account that we only have pdf left. I guess we can do it in a follow-up change.

This is generally true, but I think Chromium at least also has weird things NaCL modules in extensions (behind an enterprise policy).

antosart · 2022-11-28T08:19:45Z

cc @domenic

index.bs

annevk · 2022-11-28T08:31:18Z

index.bs

    text: content security policy state; url: attr-meta-http-equiv-content-security-policy
    text: create and initialize a new document object; url: initialise-the-document-object
    text: initializing a new Document object; url: initialise-the-document-object
    text: prepare the script element; url: prepare-the-script-element
+    text: container document; for: navigable; url: nav-container-document
+    text: CSP-derived sandboxing flags; url: csp-derived-sandboxing-flags


These should probably be exported then?

The navigable container document makes sense (whatwg/html#8556). For the CSP-derived sandboxing flags I am not sure. It looks more like an internal html thing, and we reference it here only to recall that html takes care of that. Should the definition be exported in such a case?

Probably not. Those cases are somewhat tricky. You could link those inline using an explicit spec=html attribute I think.

mikewest

This looks pretty reasonable to me, but I'll defer to @domenic since he's the expert on the navigation work.

index.bs

mikewest · 2022-11-28T08:33:14Z

index.bs

@@ -3467,35 +3474,32 @@ this algorithm returns normally if compilation is allowed, and throws a
  </h5>

  This directive's <a for="directive">initialization</a> algorithm is


I'm not sure that would make things simpler, but I'm totally willing to believe that it would? Put up a patch to talk through?

mikewest · 2022-11-28T08:34:24Z

index.bs

  former two (also including navigations). This is true even when the data is
  semantically equivalent to content which would otherwise be restricted by
  another directive, such as an <{object}> element with a `text/html` MIME
  type.

-  Note: When a plugin resource is navigated to directly (that is, as a <a>plugin document</a> in the
-  <a>top-level browsing context</a> or a <a>nested browsing context</a>, and not as an embedded
+  Note: When a plugin resource is navigated to directly (that is, as a <a>plugin</a>


This is generally true, but I think Chromium at least also has weird things NaCL modules in extensions (behind an enterprise policy).

domenic

LGTM modulo the reference stuff being slightly nicer with for=html than via adding to the anchors block.

index.bs

antosart · 2022-12-01T10:00:15Z

Thanks, suggestions implemented!

…580) SHA: 947d892 Reason: push, by antosart Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Follows w3c/webappsec-csp#580.

antosart mentioned this pull request Nov 28, 2022

Pass navigable to CSP navigation response check whatwg/html#8555

Merged

antosart commented Nov 28, 2022

View reviewed changes

antosart requested a review from mikewest November 28, 2022 08:19

annevk reviewed Nov 28, 2022

View reviewed changes

mikewest reviewed Nov 28, 2022

View reviewed changes

antosart force-pushed the fix-html-refs branch 2 times, most recently from 3eeed87 to 1bc6ac4 Compare November 29, 2022 06:46

domenic mentioned this pull request Nov 30, 2022

Export navigable container document whatwg/html#8556

Merged

domenic approved these changes Dec 1, 2022

View reviewed changes

index.bs Outdated Show resolved Hide resolved

Fix references to html after navigation and session history rewrite

5af2e5d

antosart force-pushed the fix-html-refs branch from 1bc6ac4 to 5af2e5d Compare December 1, 2022 09:56

antosart merged commit 947d892 into w3c:main Dec 1, 2022

antosart deleted the fix-html-refs branch December 1, 2022 10:01

domenic pushed a commit to whatwg/html that referenced this pull request Dec 1, 2022

Pass navigable to CSP navigation response check

77d52c7

Follows w3c/webappsec-csp#580.

pmeenan pushed a commit to pmeenan/html that referenced this pull request Dec 2, 2022

Pass navigable to CSP navigation response check

28d9b59

Follows w3c/webappsec-csp#580.

pmeenan pushed a commit to pmeenan/html that referenced this pull request Dec 2, 2022

Pass navigable to CSP navigation response check

a5d8ec9

Follows w3c/webappsec-csp#580.

noamr pushed a commit to noamr/html that referenced this pull request Jan 17, 2023

Pass navigable to CSP navigation response check

efc913f

Follows w3c/webappsec-csp#580.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix references to html after navigation and session history rewrite #580

Fix references to html after navigation and session history rewrite #580

antosart commented Nov 28, 2022 •

edited

Loading

antosart Nov 28, 2022

mikewest Nov 28, 2022

domenic Dec 1, 2022

antosart Dec 1, 2022

antosart Nov 28, 2022

mikewest Nov 28, 2022

antosart commented Nov 28, 2022

annevk Nov 28, 2022

antosart Nov 28, 2022

annevk Nov 28, 2022

mikewest left a comment

mikewest Nov 28, 2022

mikewest Nov 28, 2022

domenic left a comment

antosart commented Dec 1, 2022

		@@ -3467,35 +3474,32 @@ this algorithm returns normally if compilation is allowed, and throws a
		</h5>

		This directive's <a for="directive">initialization</a> algorithm is

Fix references to html after navigation and session history rewrite #580

Fix references to html after navigation and session history rewrite #580

Conversation

antosart commented Nov 28, 2022 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

antosart commented Nov 28, 2022

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

mikewest left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

domenic left a comment

Choose a reason for hiding this comment

antosart commented Dec 1, 2022

antosart commented Nov 28, 2022 •

edited

Loading