Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorporate most IsolatedContext review feedback #43

Merged
merged 5 commits into from
Aug 10, 2024
Merged
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 59 additions & 31 deletions isolated-contexts.bs
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ spec:fetch; type:dfn; text:fetch params
spec:fetch; type:dfn; for:fetch params; text:request
spec:fetch; type:dfn; text:main fetch
spec:html; type:dfn; for:environment settings object; text:cross-origin isolated capability
spec:html; type:dfn; for:environment settings object; text:global object
robbiemc marked this conversation as resolved.
Show resolved Hide resolved
spec:html; type:dfn; text:browsing context group
spec:html; type:dfn; text:concrete
spec:html; type:dfn; for:/; text:origin
Expand Down Expand Up @@ -124,7 +125,8 @@ is the core entry point CSP will expose to HTML.
A [=CSP list=] |policies| is said to
<dfn for="CSP list" export local-lt="mitigate-injection">meaningfully
mitigate injection attacks</dfn> if the following algorithm returns
"`Meaningful`":
"`Meaningful`". Possible return values are "`Meaningful`" and
"`Not meaningful enough`".

<ol class="algorithm">
1. Let |meets object requirements|, |meets base requirements|,
Expand Down Expand Up @@ -190,7 +192,8 @@ the active directive</dfn> given a [=policy=] |policy| and a |directive name|:

<div algorithm="object requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently mitigates plugins</dfn> if
the following algorithm returns "`Sufficient`":
the following algorithm returns "`Sufficient`". Possible return values are
"`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. <a abstract-op lt="obtain-directive">Obtain</a> |active directive| from
Expand All @@ -201,7 +204,8 @@ the following algorithm returns "`Sufficient`":
* |active directive| is not null
* |active directive|'s [=directive/value=]'s [=set/size=] is 1
* |active directive|'s [=directive/value=][0] is an
[=ASCII case-insensitive=] match for the string "`'none'`".
[=ASCII case-insensitive=] match for the string
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-none">none</a>'`".

1. Return "`Not sufficient`".
</ol>
Expand All @@ -211,7 +215,8 @@ the following algorithm returns "`Sufficient`":

<div algorithm="base requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently mitigates relative URL
manipulation</dfn> if the following algorithm returns "`Sufficient`":
manipulation</dfn> if the following algorithm returns "`Sufficient`".
Possible return values are "`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. [=For each=] |directive| in |policy|'s [=policy/directive set=]:
Expand All @@ -222,7 +227,9 @@ manipulation</dfn> if the following algorithm returns "`Sufficient`":
* |directive|'s [=directive/value=]'s [=set/size=] is 1
* |directive|'s [=directive/value=][0] is an
[=ASCII case-insensitive=] match for either the string
"`'none'`" or the string "`'self'`".
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-none">none</a>'`"
or the string
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-self">self</a>'`".
robbiemc marked this conversation as resolved.
Show resolved Hide resolved

1. Return "`Not sufficient`".
</ol>
Expand All @@ -232,7 +239,8 @@ manipulation</dfn> if the following algorithm returns "`Sufficient`":

<div algorithm="script requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently mitigates script execution</dfn>
if the following algorithm returns "`Sufficient`":
if the following algorithm returns "`Sufficient`".
Possible return values are "`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. <a abstract-op lt="obtain-directive">Obtain</a> |active directive| from
Expand All @@ -242,8 +250,11 @@ if the following algorithm returns "`Sufficient`":

* |active directive| is not null
* All [=source expressions=] in |active directive| are an
[=ASCII case-insensitive=] match for the strings "`'none'`",
"`'self'`", or "`'wasm-unsafe-eval'`".
[=ASCII case-insensitive=] match for the strings
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-none">none</a>'`",
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-self">self</a>'`",
or
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-wasm-unsafe-eval">wasm-unsafe-eval</a>'`".

1. Return "`Not sufficient`".
</ol>
Expand All @@ -253,7 +264,8 @@ if the following algorithm returns "`Sufficient`":

<div algorithm="style requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently mitigates style evaluation</dfn> if
the following algorithm returns "`Sufficient`":
the following algorithm returns "`Sufficient`".
Possible return values are "`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. [=For each=] |directive| in |policy|'s [=policy/directive set=]:
Expand All @@ -264,8 +276,11 @@ the following algorithm returns "`Sufficient`":

* |directive|'s [=directive/name=] is "`style-src`".
* All [=source expressions=] in |active directive| are an
[=ASCII case-insensitive=] match for the strings "`'none'`",
"`'self'`", or "`'unsafe-inline'`".
[=ASCII case-insensitive=] match for the strings
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-none">none</a>'`",
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-self">self</a>'`",
or
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-unsafe-inline">unsafe-inline</a>'`".

1. Return "`Not sufficient`".
</ol>
Expand All @@ -275,18 +290,21 @@ the following algorithm returns "`Sufficient`":

<div algorithm="subresource requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently blocks insecure
subresources</dfn> if the following algorithm returns "`Sufficient`":
subresources</dfn> if the following algorithm returns "`Sufficient`".
Possible return values are "`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. [=For each=] |directive name| in the set [`frame-src`, `connect-src`,
`img-src`, `media-src`, `font-src`]:
1. <a abstract-op lt="obtain-directive">Obtain</a> |active directive|
from |policy|, given |directive name|.

1. Return "`not sufficient`" if any [=source expression=] in
1. Return "`Not sufficient`" if any [=source expression=] in
|active directive| is **not** an [=ASCII case-insensitive=] match
for the strings "`'none'`", "`'self'`", "`https:`", "`blob:`",
or "`data:`".
for the strings
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-none">none</a>'`",
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-self">self</a>'`",
"`https:`", "`blob:`", or "`data:`".

1. Return "`Sufficient`"
</ol>
Expand All @@ -296,17 +314,20 @@ subresources</dfn> if the following algorithm returns "`Sufficient`":

<div algorithm="trusted type requirements">
A [=policy=] |policy| <dfn for="policy">sufficiently mitigates DOM sinks</dfn>
if the following algorithm returns "`Sufficient`":
if the following algorithm returns "`Sufficient`".
Possible return values are "`Sufficient`" and "`Not sufficient`".

<ol class="algorithm">
1. [=For each=] |directive| in |policy|'s [=policy/directive set=]:

1. Return "`Sufficient`" if all of the following are true:

* |directive|'s [=directive/name=] is
"`require-trusted-types-for`". [[!TRUSTED-TYPES]]
"`<a href="https://w3c.github.io/trusted-types/dist/spec/#require-trusted-types-for-directive">require-trusted-types-for</a>`".
[[!TRUSTED-TYPES]]
robbiemc marked this conversation as resolved.
Show resolved Hide resolved
* |directive|'s [=directive/value=] [=set/contains=][0] an
[=ASCII case-insensitive=] match for the string "`'script'`".
[=ASCII case-insensitive=] match for the string
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-script">script</a>'`".

1. Return "`Not sufficient`".
</ol>
Expand Down Expand Up @@ -338,7 +359,8 @@ require-trusted-types-for 'script';
A [=CSP list=] |policies| is said to
<dfn for="CSP list" export local-lt="mitigate-ui-redressing">meaningfully
mitigate UI Redressing attacks</dfn> [[UISECURITY]] if the following algorithm
returns "`Meaningful`":
returns "`Meaningful`".
Possible return values are "`Meaningful`" and "`Not meaningful enough`".

<ol class="algorithm">
1. [=For each=] |policy| in |policies|:
Expand All @@ -355,7 +377,9 @@ returns "`Meaningful`":
* |directive|'s [=directive/value=]'s [=set/size=] is 1
* |directive|'s [=directive/value=][0] is an
[=ASCII case-insensitive=] match for either the string
"`'none'`" or the string "`'self'`".
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-none">none</a>'`"
or the string
"`'<a href="https://w3c.github.io/webappsec-csp/#grammardef-self">self</a>'`".

1. Return "`Not meaningful enough`".
</ol>
Expand All @@ -377,10 +401,11 @@ A [=browsing context group=] has an <dfn for="browsing context group" export>
integrity origin</dfn>, which is an [=origin=] or `null`.

A [=browsing context group=] has an <dfn for="browsing context group" export>
integrity verification algorithm</dfn>, which is `null` or a [=user agent=]
defined algorithm that accepts a [=request=] and a [=response=], and returns a
[=boolean=]. A [=browsing context group=]'s [=integrity verification algorithm=]
MUST be non-null if its [=integrity origin=] is non-null.
integrity verification algorithm</dfn>, which is `null` or an
[=implementation-defined=] algorithm that accepts a [=request=] and a
[=response=], and returns a [=boolean=]. A [=browsing context group=]'s
[=integrity verification algorithm=] MUST be non-null if its
[=integrity origin=] is non-null.

Note: A typical [=integrity verification algorithm=] might verify that a
response body hashes to an expected value, or that it originated from a known
Expand Down Expand Up @@ -415,14 +440,16 @@ An [=environment settings object=] |environment| is an
|environment| belongs to.
1. If |environment| does not [=environment settings object/meaningfully
mitigate injection attacks=], return `false`.
1. If |browsing context group|'s [=cross-origin isolated capability=] is
not [=concrete=], return `false`.
1. If |environment|'s [=cross-origin isolated capability=] is not
[=concrete=], return `false`.
1. If |environment| does not [=environment settings object/mitigate UI
Redressing attacks=], return `false`.
1. If |browsing context group|'s [=browsing context group/integrity
origin=] is null, return `false`.
1. If |environment|'s [=origin=] is not equal to [=browsing context group/
integrity origin=], return `false`.
1. Let |integrity origin| be |browsing context group|'s
[=browsing context group/integrity origin=].
1. If |environment|'s [=origin=] is not [=same origin=] with |integrity
origin|, return `false`.
1. Return `true`.
</div>

Expand All @@ -435,7 +462,8 @@ In Fetch, we'll use the [=integrity verification algorithm=] defined in
### Verify the integrity of a response ### {#fetch-verify-response}
<div algorithm>
To <dfn>verify the integrity of a response</dfn> given a [=request=] |request|
and a [=response=] |response|:
and a [=response=] |response|, run these steps. Possible return values are
"`not applicable`", "`invalid`", or "`valid`".

<ol>
<li>Let |client| be |request|'s [=request/client=].</li>
Expand All @@ -456,8 +484,8 @@ and a [=response=] |response|:
return "`not applicable`".
</li>
<li>
If |request|'s [=request/origin=] is not equal to |integrity origin|,
return "`not applicable`".
If |request|'s [=request/origin=] is not [=same origin=] with |integrity
origin|, return "`not applicable`".
</li>
<li>
If |response|'s [=response/body=] is `null`, return "`invalid`".
Expand Down
Loading