Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorporate most IsolatedContext review feedback #43

Merged
merged 5 commits into from
Aug 10, 2024
Merged

Incorporate most IsolatedContext review feedback #43

Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5b0bc5f
Incorporate feedback from IsolatedContext spec review
robbiemc Jul 25, 2024
e7194b0
Remove BCG from ESO algorithm
robbiemc Jul 25, 2024
8e56d70
Address Reillys comments
robbiemc Jul 25, 2024
06ee3e6
Link cleanups
robbiemc Jul 25, 2024
615c4b5
Remove unused link-default
robbiemc Jul 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 50 additions & 30 deletions isolated-contexts.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ spec:fetch; type:dfn; text:fetch params
spec:fetch; type:dfn; for:fetch params; text:request
spec:fetch; type:dfn; text:main fetch
spec:html; type:dfn; for:environment settings object; text:cross-origin isolated capability
spec:html; type:dfn; for:environment settings object; text:global object
robbiemc marked this conversation as resolved.
Show resolved Hide resolved
spec:html; type:dfn; text:browsing context group
spec:html; type:dfn; text:concrete
spec:html; type:dfn; for:/; text:origin
Expand All @@ -38,6 +39,9 @@ spec:webidl; type:dfn; text:namespace
urlPrefix: https://w3c.github.io/webappsec-csp/; spec:CSP3
type: abstract-op
text: Get fetch directive fallback list; url: #directive-fallback-list
urlPrefix: https://w3c.github.io/trusted-types/dist/spec/; spec:trusted-types
type: dfn
text: require-trusted-types-for-directive
</pre>
<pre class=biblio>
{
Expand Down Expand Up @@ -124,7 +128,8 @@ is the core entry point CSP will expose to HTML.
A [=CSP list=] |policies| is said to
<dfn for="CSP list" export local-lt="mitigate-injection">meaningfully
mitigate injection attacks</dfn> if the following algorithm returns
"`Meaningful`":
"`Meaningful`". Possible return values are "`Meaningful`" and
"`Not meaningful enough`".

<ol class="algorithm">
1. Let |meets object requirements|, |meets base requirements|,
Expand Down Expand Up @@ -190,7 +195,8 @@ the active directive</dfn> given a [=policy=] |policy| and a |directive name|:

<div algorithm="object requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently mitigates plugins</dfn> if
the following algorithm returns "`Sufficient`":
the following algorithm returns "`Sufficient`". Possible return values are
"`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. <a abstract-op lt="obtain-directive">Obtain</a> |active directive| from
Expand All @@ -201,7 +207,8 @@ the following algorithm returns "`Sufficient`":
* |active directive| is not null
* |active directive|'s [=directive/value=]'s [=set/size=] is 1
* |active directive|'s [=directive/value=][0] is an
[=ASCII case-insensitive=] match for the string "`'none'`".
[=ASCII case-insensitive=] match for the string
"<a grammar>`'none'`</a>".

1. Return "`Not sufficient`".
</ol>
Expand All @@ -211,7 +218,8 @@ the following algorithm returns "`Sufficient`":

<div algorithm="base requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently mitigates relative URL
manipulation</dfn> if the following algorithm returns "`Sufficient`":
manipulation</dfn> if the following algorithm returns "`Sufficient`".
Possible return values are "`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. [=For each=] |directive| in |policy|'s [=policy/directive set=]:
Expand All @@ -222,7 +230,7 @@ manipulation</dfn> if the following algorithm returns "`Sufficient`":
* |directive|'s [=directive/value=]'s [=set/size=] is 1
* |directive|'s [=directive/value=][0] is an
[=ASCII case-insensitive=] match for either the string
"`'none'`" or the string "`'self'`".
"<a grammar>`'none'`</a>" or the string "<a grammar>`'self'`</a>".

1. Return "`Not sufficient`".
</ol>
Expand All @@ -232,7 +240,8 @@ manipulation</dfn> if the following algorithm returns "`Sufficient`":

<div algorithm="script requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently mitigates script execution</dfn>
if the following algorithm returns "`Sufficient`":
if the following algorithm returns "`Sufficient`".
Possible return values are "`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. <a abstract-op lt="obtain-directive">Obtain</a> |active directive| from
Expand All @@ -242,8 +251,9 @@ if the following algorithm returns "`Sufficient`":

* |active directive| is not null
* All [=source expressions=] in |active directive| are an
[=ASCII case-insensitive=] match for the strings "`'none'`",
"`'self'`", or "`'wasm-unsafe-eval'`".
[=ASCII case-insensitive=] match for the strings
"<a grammar>`'none'`</a>", "<a grammar>`'self'`</a>", or
"<a grammar>`'wasm-unsafe-eval'`</a>".

1. Return "`Not sufficient`".
</ol>
Expand All @@ -253,7 +263,8 @@ if the following algorithm returns "`Sufficient`":

<div algorithm="style requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently mitigates style evaluation</dfn> if
the following algorithm returns "`Sufficient`":
the following algorithm returns "`Sufficient`".
Possible return values are "`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. [=For each=] |directive| in |policy|'s [=policy/directive set=]:
Expand All @@ -264,8 +275,9 @@ the following algorithm returns "`Sufficient`":

* |directive|'s [=directive/name=] is "`style-src`".
* All [=source expressions=] in |active directive| are an
[=ASCII case-insensitive=] match for the strings "`'none'`",
"`'self'`", or "`'unsafe-inline'`".
[=ASCII case-insensitive=] match for the strings
"<a grammar>`'none'`</a>", "<a grammar>`'self'`</a>", or
"<a grammar>`'unsafe-inline'`</a>".

1. Return "`Not sufficient`".
</ol>
Expand All @@ -275,18 +287,19 @@ the following algorithm returns "`Sufficient`":

<div algorithm="subresource requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently blocks insecure
subresources</dfn> if the following algorithm returns "`Sufficient`":
subresources</dfn> if the following algorithm returns "`Sufficient`".
Possible return values are "`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. [=For each=] |directive name| in the set [`frame-src`, `connect-src`,
`img-src`, `media-src`, `font-src`]:
1. <a abstract-op lt="obtain-directive">Obtain</a> |active directive|
from |policy|, given |directive name|.

1. Return "`not sufficient`" if any [=source expression=] in
1. Return "`Not sufficient`" if any [=source expression=] in
|active directive| is **not** an [=ASCII case-insensitive=] match
for the strings "`'none'`", "`'self'`", "`https:`", "`blob:`",
or "`data:`".
for the strings "<a grammar>`'none'`</a>", "<a grammar>`'self'`</a>",
"`https:`", "`blob:`", or "`data:`".

1. Return "`Sufficient`"
</ol>
Expand All @@ -296,15 +309,17 @@ subresources</dfn> if the following algorithm returns "`Sufficient`":

<div algorithm="trusted type requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently mitigates DOM sinks</dfn>
if the following algorithm returns "`Sufficient`":
if the following algorithm returns "`Sufficient`".
Possible return values are "`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. [=For each=] |directive| in |policy|'s [=policy/directive set=]:

1. Return "`Sufficient`" if all of the following are true:

* |directive|'s [=directive/name=] is
"`require-trusted-types-for`". [[!TRUSTED-TYPES]]
"<code>[=require-trusted-types-for-directive|require-trusted-types-for=]</code>".
[[!TRUSTED-TYPES]]
* |directive|'s [=directive/value=] [=set/contains=][0] an
[=ASCII case-insensitive=] match for the string "`'script'`".

Expand Down Expand Up @@ -338,7 +353,8 @@ require-trusted-types-for 'script';
A [=CSP list=] |policies| is said to
<dfn for="CSP list" export local-lt="mitigate-ui-redressing">meaningfully
mitigate UI Redressing attacks</dfn> [[UISECURITY]] if the following algorithm
returns "`Meaningful`":
returns "`Meaningful`".
Possible return values are "`Meaningful`" and "`Not meaningful enough`".

<ol class="algorithm">
1. [=For each=] |policy| in |policies|:
Expand All @@ -355,7 +371,7 @@ returns "`Meaningful`":
* |directive|'s [=directive/value=]'s [=set/size=] is 1
* |directive|'s [=directive/value=][0] is an
[=ASCII case-insensitive=] match for either the string
"`'none'`" or the string "`'self'`".
"<a grammar>`'none'`</a>" or the string "<a grammar>`'self'`</a>".

1. Return "`Not meaningful enough`".
</ol>
Expand All @@ -377,10 +393,11 @@ A [=browsing context group=] has an <dfn for="browsing context group" export>
integrity origin</dfn>, which is an [=origin=] or `null`.

A [=browsing context group=] has an <dfn for="browsing context group" export>
integrity verification algorithm</dfn>, which is `null` or a [=user agent=]
defined algorithm that accepts a [=request=] and a [=response=], and returns a
[=boolean=]. A [=browsing context group=]'s [=integrity verification algorithm=]
MUST be non-null if its [=integrity origin=] is non-null.
integrity verification algorithm</dfn>, which is `null` or an
[=implementation-defined=] algorithm that accepts a [=request=] and a
[=response=], and returns a [=boolean=]. A [=browsing context group=]'s
[=integrity verification algorithm=] MUST be non-null if its
[=integrity origin=] is non-null.

Note: A typical [=integrity verification algorithm=] might verify that a
response body hashes to an expected value, or that it originated from a known
Expand Down Expand Up @@ -415,14 +432,16 @@ An [=environment settings object=] |environment| is an
|environment| belongs to.
1. If |environment| does not [=environment settings object/meaningfully
mitigate injection attacks=], return `false`.
1. If |browsing context group|'s [=cross-origin isolated capability=] is
not [=concrete=], return `false`.
1. If |environment|'s [=cross-origin isolated capability=] is not
[=concrete=], return `false`.
1. If |environment| does not [=environment settings object/mitigate UI
Redressing attacks=], return `false`.
1. If |browsing context group|'s [=browsing context group/integrity
origin=] is null, return `false`.
1. If |environment|'s [=origin=] is not equal to [=browsing context group/
integrity origin=], return `false`.
1. Let |integrity origin| be |browsing context group|'s
[=browsing context group/integrity origin=].
1. If |environment|'s [=origin=] is not [=same origin=] with |integrity
origin|, return `false`.
1. Return `true`.
</div>

Expand All @@ -435,7 +454,8 @@ In Fetch, we'll use the [=integrity verification algorithm=] defined in
### Verify the integrity of a response ### {#fetch-verify-response}
<div algorithm>
To <dfn>verify the integrity of a response</dfn> given a [=request=] |request|
and a [=response=] |response|:
and a [=response=] |response|, run these steps. Possible return values are
"`not applicable`", "`invalid`", or "`valid`".

<ol>
<li>Let |client| be |request|'s [=request/client=].</li>
Expand All @@ -456,8 +476,8 @@ and a [=response=] |response|:
return "`not applicable`".
</li>
<li>
If |request|'s [=request/origin=] is not equal to |integrity origin|,
return "`not applicable`".
If |request|'s [=request/origin=] is not [=same origin=] with |integrity
origin|, return "`not applicable`".
</li>
<li>
If |response|'s [=response/body=] is `null`, return "`invalid`".
Expand Down
Loading