Skip to content

Commit

Permalink
Make current origin and focused area's origin check more precise (#483)
Browse files Browse the repository at this point in the history
Add an algorithm that operates on specific concepts such as navigables, and
use the "origin" definition from an environment settings object, which,
according to the HTML spec, is "an origin used in security checks".

Related to: #444 (gets rid of some "browsing context" references)
Related to: #463
  • Loading branch information
rakuco authored Feb 17, 2024
1 parent ad110bd commit 738e124
Showing 1 changed file with 26 additions and 10 deletions.
36 changes: 26 additions & 10 deletions index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,9 @@ urlPrefix: https://html.spec.whatwg.org/multipage/; spec: HTML
text: task queue
text: spin the event loop; url: spin-the-event-loop
urlPrefix: interaction.html
text: DOM anchor; url: dom-anchor
text: gains focus; url: gains-focus
text: currently focused area; url: currently-focused-area-of-a-top-level-browsing-context
text: currently focused area; url: currently-focused-area-of-a-top-level-traversable
urlPrefix: https://w3ctag.github.io/security-questionnaire/; spec: SECURITY-PRIVACY-QUESTIONNAIRE
type: dfn
text: same-origin policy violations; url: sop-violations
Expand Down Expand Up @@ -405,12 +406,11 @@ the given [=sensor type=]. See [[PERMISSIONS-POLICY]] for more details.

<h4 id="focused-area" oldids="losing-focus">Focused Area</h4>

[=Sensor readings=] are only available for [=active documents=] whose
origin is [=same origin-domain=] with the [=currently focused area=]
document.
[=Sensor readings=] are only available for an [=navigable/active document=] if
the [=focus and origin check=] on it returns true.

This is done in order to mitigate the risk of a skimming attack against the
[=browsing context=] containing an element which has [=gains focus|gained focus=],
[=/navigable=] containing an element which has [=gains focus|gained focus=],
for example when the user carries out an in-game purchase using a third party
payment service from within an iframe.

Expand Down Expand Up @@ -749,12 +749,11 @@ The [=reporting frequency=] differs from the {{Sensor}}'s {{Sensor/[[frequency]]

## Conditions to expose sensor readings ## {#concepts-can-expose-sensor-readings}

The user agent <dfn>can expose sensor readings</dfn> to a given |document| if and only if
all of the following are true:
The user agent <dfn>can expose sensor readings</dfn> to a {{Document}}
|document| if and only if all of the following are true:
- |document|'s [=relevant settings object=] is a [=secure context=].
- |document|'s [=visibility state=] is "visible".
- The [=currently focused area=] belongs to a document whose origin is [=same
origin-domain=] with |document|'s origin.
- The [=focus and origin check=] on |document| returns true.
- <dfn export>Specific conditions</dfn>: [=Extension specifications=] may add new
conditions to this list to have stricter requirements for their sensor types.

Expand Down Expand Up @@ -809,7 +808,7 @@ The current [=browsing context=]'s [=platform sensor=] must have:
- An associated [=sensor type=].

Any time a new [=sensor reading=] for a [=platform sensor=] is obtained and if the user agent
[=can expose sensor readings=] to the current [=browsing context=]'s [=active document=],
[=can expose sensor readings=] to the current [=/navigable=]'s [=navigable/active document=],
the user agent invokes [=update latest reading=] with the [=platform sensor=] and
the [=sensor reading=] as arguments.

Expand Down Expand Up @@ -1560,6 +1559,23 @@ to {{SensorErrorEventInit}}.
1. Return "granted".
</div>

<h3 dfn export>Focus and origin check</h3>

<div algorithm="focus and origin check">

: input
:: |document|, a {{Document}}.
: output
:: A boolean.

1. Let |origin| be |document|'s [=relevant settings object=]'s [=environment settings object/origin=].
1. Let |focusedDocument| be |document|'s [=node navigable=]'s [=navigable/top-level traversable=]'s
[=currently focused area=]'s [=DOM anchor=]'s [=node document=].
1. Let |focusedOrigin| be |focusedDocument|'s [=relevant settings object=]'s [=environment settings
object/origin=].
1. Return true if |origin| and |focusedOrigin| are [=same origin-domain=], and false otherwise.
</div>

<h2 id="automation">Automation</h2>

The Generic Sensor API and its [=extension specifications=] pose a challenge
Expand Down

0 comments on commit 738e124

Please sign in to comment.