HTML General Review: Browsing Contexts and Security

[travisleithead]

Hello TAG！

This issue is part of the TAG's larger effort to review the HTML spec in its entirety--please see the original issue #174 for a summary of all the break-out issues.

The "Sections" are all the sections of the WHATWG HTML spec that should be reviewed as part of this issue. Where the spec section has associated Web Platform Tests, the specific WPT path is noted. While the primary focus of the review is the specification text, it can be helpful to review the related tests to help clarify algorithms or see interoperability conformance issues (or find issues with the tests).

The "Features" are just a sample of what you will encounter as part of this spec section, it's not meant to be exhaustive.

Here are some example suggestions for what to look for during the review, but don't limit to only these suggestions!

• Look for any APIs that could be 'modernized' according to current design practices.
• Look for things that could require permissions that aren't modelled in the permissions API at the moment.
• Look for areas of the platform that contain UA 'magic' (aren't possible for JavaScript programs to emulate due to missing primitives in the platform). These are candidates for future Extensible Web archeology.
• Look for areas of the spec that describe "wishful thinking" (e.g., that describe a feature that is implemented by no one). Such features should at least have implementor commitments, or they might be candidates for removal from the spec.
• Look for cryptic and hard-to-follow algorithms that could be improved with extra explanatory text or improved prose. E.g., sometimes adding a "developer note" (green box) can add the needed clarity to understand the intent/purpose or outcome of a complex concept.
• Look for concepts that are meant to be used together, but where this is not spelled out or explained clearly

Sections	WPT path	Features
4.8.5	html/semantics/embedded-content/the-iframe-element	<iframe>, srcdoc
4.8.6	html/semantics/embedded-content/the-embed-element	<embed>
4.8.7	html/semantics/embedded-content/the-object-element	<object>
7.1	html/browsers/windows	browsing contexts
7.2 to 7.3	html/browsers/the-window-object	cross-realm security model, window, window.open()
7.4	html/browsers/the-windowproxy-exotic-object	window
7.5	html/browsers/origin
7.6	html/browsers/sandboxing	sandbox
8.2	html/webappapis/the-windoworworkerglobalscope-mixin	self.origin

Please provide feedback as (please select one):

• open issues in our Github repo for each point of feedback
• open a single issue in our Github repo for the entire review
• leave review feedback as a comment in this issue and @-notify [github usernames]

[dbaron]

One thing that came up in the past is w3ctag/design-principles#41.

[torgo]

Portals proposal has also been brought up here.

[plinss]

https://discourse.wicg.io/t/proposal-for-promotable-iframe/2375

[hober]

Given that we will be getting annual requests for horizontal review of HTML going forward, I propose that we forward-dupe this to #451 & #452 and close.