Skip to content

Commit

Permalink
Change "scripting is disabled" to be per-global
Browse files Browse the repository at this point in the history
Previously it was per-browsing context. This caused a number of
problems when used from workers; it went through the "responsible
document" indirection which did not exist for service workers and was
racy in other cases.

In theory this might be cleaner if it were per agent, i.e. if agents
maintained internal consistency about disabling or enabling scripting.
In practice user agents seem to have a single user-agent-wide switch,
and at least some of them wire that to a per-global boolean, so we just
use per-global as it fits most cleanly into existing architecture and
matches at least some implementation internals.

Closes #1580. Helps with #5422.
  • Loading branch information
domenic committed Apr 6, 2020
1 parent 4b3c4ff commit f97b989
Showing 1 changed file with 50 additions and 42 deletions.
92 changes: 50 additions & 42 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -27277,17 +27277,24 @@ was an English &lt;a href="/wiki/Music_hall">music hall&lt;/a> singer, ...</code

<h6>When to obtain images</h6>

<p>In a <span>browsing context</span> where <span data-x="concept-bc-noscript">scripting is
disabled</span>, user agents may obtain images immediately or on demand. In a <span>browsing
context</span> where <span data-x="concept-bc-noscript">scripting is enabled</span>, user agents
must obtain images immediately.</p>

<p>A user agent that obtains images immediately must synchronously
<span>update the image data</span> of an <code>img</code> element,
with the <i>restart animation</i> flag set if so stated,
whenever that element is created or has experienced <span>relevant mutations</span>.</p>

<p>A user agent that obtains images on demand must <span>update the image data</span> of an
<p>For <code>img</code> elements whose <span>relevant settings object</span> has <span
data-x="concept-g-noscript">scripting disabled</span>, user agents may obtain the image
immediately or on demand. For <code>img</code> elements whose <span>relevant settings
object</span> has <span data-x="concept-g-script">scripting enabled</span>, user agents must
obtain the image immediately.</p>

<p class="note">These requirements are phrased in terms of <span
data-x="concept-g-script">scripting being enabled</span> for the <span>relevant settings
object</span>, instead of in terms of <span data-x="concept-n-script">scripting being
enabled</span> for the <code>img</code> element itself, because it is important that images be
obtained immediately even when their <span>node document</span>'s <span
data-x="concept-document-bc">browsing context</span> is null.</p>

<p>When obtaining images immediately, the user agent must synchronously <span>update the image
data</span> of the <code>img</code> element, with the <i>restart animation</i> flag set if so
stated, whenever that element is created or has experienced <span>relevant mutations</span>.</p>

<p>When obtaining images on demand, the user agent must <span>update the image data</span> of an
<code>img</code> element whenever it needs the image data (i.e., on demand), but only if the
<code>img</code> element's <span>current request</span>'s <span
data-x="img-req-state">state</span> is <span data-x="img-none">unavailable</span>. When an
Expand Down Expand Up @@ -58082,7 +58089,7 @@ not-slash = %x0000-002E / %x0030-10FFFF
to a <code>Document</code> object with a null <span data-x="concept-document-bc">browsing
context</span>, and, accordingly, any <code>script</code> elements they create need to have their
<span>"already started"</span> flag set in the <span>prepare a script</span> algorithm and never
get executed (<span data-x="concept-bc-noscript">scripting is disabled</span>). Such
get executed (<span data-x="concept-g-noscript">scripting is disabled</span>). Such
<code>script</code> elements still need to have their <span>parser document</span> set, though,
such that their <code data-x="dom-script-async">async</code> IDL attribute will return false in
the absence of an <code data-x="attr-script-async">async</code> content attribute.</p></li>
Expand Down Expand Up @@ -85837,39 +85844,43 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {

<h4>Enabling and disabling scripting</h4>

<p><dfn data-x="concept-bc-script">Scripting is enabled</dfn> in a <em><span>browsing
context</span></em> when all of the following conditions are true:</p>
<p id="concept-bc-script"><dfn data-x="concept-g-script">Scripting is enabled</dfn> for an <span>environment settings object</span>
<var>settings</var> when all of the following conditions are true:</p>

<ul>

<li>The user agent supports scripting.</li>

<li>
<!--INSERT TRACKING-->
The user has not disabled scripting for this <span>browsing context</span> at this time. (User
agents may provide users with the option to disable scripting globally, or in a finer-grained
manner, e.g., on a per-origin basis.)</li>

<li id="sandboxScriptBlocked">The <span>browsing context</span>'s <span>active document</span>'s
<span>active sandboxing flag set</span> does not have its <span>sandboxed scripts browsing
context flag</span> set.</li>

The user has not disabled scripting for <var>settings</var> at this time. (User agents may
provide users with the option to disable scripting globally, or in a finer-grained manner, e.g.,
on a per-origin basis, down to the level of individual <span data-x="environment settings
object">environment settings objects</span>.)</li>

<li id="sandboxScriptBlocked">Either <var>settings</var>'s <span
data-x="concept-settings-object-global">global object</span> is not a <code>Window</code> object,
or <var>settings</var>'s <span data-x="concept-settings-object-global">global object</span>'s
<span data-x="concept-document-window">associated <code>Document</code></span>'s <span>active
sandboxing flag set</span> does not have its <span>sandboxed scripts browsing context flag</span>
set.</li>
</ul>

<p><dfn data-x="concept-bc-noscript">Scripting is disabled</dfn> in a <span>browsing context</span>
when any of the above conditions are false (i.e. when scripting is not <span
data-x="concept-bc-script">enabled</span>).</p>
<p id="concept-bc-noscript"><dfn data-x="concept-g-noscript">Scripting is disabled</dfn> for an
<span>environment settings object</span> when scripting is not <span
data-x="concept-g-script">enabled</span>, i.e. when any of the above conditions are false.</p>

<hr>

<p><dfn data-x="concept-n-script">Scripting is enabled</dfn> for a <em>node</em> if the node's
<span>node document</span>'s <span data-x="concept-document-bc">browsing context</span> is
non-null, and <span data-x="concept-bc-script">scripting is enabled</span> in that <span>browsing
context</span>.</p>
<p><dfn data-x="concept-n-script">Scripting is enabled</dfn> for a node <var>node</var> if
<var>node</var>'s <span>node document</span>'s <span data-x="concept-document-bc">browsing
context</span> is non-null, and <span data-x="concept-g-script">scripting is enabled</span> for
<var>node</var>'s <span>relevant settings object</span>.</p>

<p><dfn data-x="concept-n-noscript">Scripting is disabled</dfn> for a node if there is no such
<span>browsing context</span>, or if <span data-x="concept-bc-noscript">scripting is
disabled</span> in that <span>browsing context</span>.</p>
<p><dfn data-x="concept-n-noscript">Scripting is disabled</dfn> for a node when scripting is not
<span data-x="concept-n-script">enabled</span>, i.e. when its <span>node document</span>'s <span
data-x="concept-document-bc">browsing context</span> is null or when <span
data-x="concept-g-noscript">scripting is disabled</span> for its <span>relevant settings
object</span>.</p>

</div>

Expand Down Expand Up @@ -86991,9 +87002,8 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {
<ol>
<li><p>If <var>muted errors</var> was not provided, let it be false.</p></li>

<li><p>If <span data-x="concept-bc-noscript">scripting is disabled</span> for
<var>settings</var>'s <span>responsible browsing context</span>, then set <var>source</var> to
the empty string.</p></li>
<li><p>If <span data-x="concept-g-noscript">scripting is disabled</span> for
<var>settings</var>, then set <var>source</var> to the empty string.</p></li>

<li><p>Let <var>script</var> be a new <span>classic script</span> that this algorithm will
subsequently initialize.</p></li>
Expand Down Expand Up @@ -87044,9 +87054,8 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {
options</span> <var>options</var>:</p>

<ol>
<li><p>If <span data-x="concept-bc-noscript">scripting is disabled</span> for
<var>settings</var>'s <span>responsible browsing context</span>, then set <var>source</var> to
the empty string.</p></li>
<li><p>If <span data-x="concept-g-noscript">scripting is disabled</span> for <var>settings</var>,
then set <var>source</var> to the empty string.</p></li>

<li><p>Let <var>script</var> be a new <span>module script</span> that this algorithm will
subsequently initialize.</p></li>
Expand Down Expand Up @@ -87268,9 +87277,8 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {
<var>settings</var> is a <code>Window</code> object whose <code>Document</code> object is not
<span>fully active</span>, then return "do not run".</p>

<li><p>If <span data-x="concept-bc-noscript">scripting is disabled</span> for the
<span>responsible browsing context</span> specified by <var>settings</var>, then return "do
not run".</p>
<li><p>If <span data-x="concept-g-noscript">scripting is disabled</span> for <var>settings</var>,
then return "do not run".</p>

<li><p>Return "run".</p></li>
</ol>
Expand Down

0 comments on commit f97b989

Please sign in to comment.