Skip to content

Commit

Permalink
Remove image/media origins and check origin-cleanness directly
Browse files Browse the repository at this point in the history 
That is, check the type of response directly, instead of synthesizing an opaque origin for opaque responses and then comparing that to the entry settings object's origin.

Closes #2813. Helps with #1431 by removing various uses of the entry concept, and closes #2761 by removing the origin concept for image and media elements entirely, since it is now unused.
  • Loading branch information
@domenic
domenic authored May 6, 2021
1 parent 79e39f6 commit 2f69571
Showing 1 changed file with 23 additions and 64 deletions.
87 changes: 23 additions & 64 deletions source
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28376,7 +28376,7 @@ was an English &lt;a href="/wiki/Music_hall">music hall&lt;/a> singer, ...</code

<p>The resource obtained in this fashion, if any, is <var>image request</var>'s <span
data-x="img-req-data">image data</span>. It can be either <span>CORS-same-origin</span> or
<span>CORS-cross-origin</span>; this affects the <span>origin</span> of the image itself (e.g.
<span>CORS-cross-origin</span>; this affects the image's interaction with other APIs (e.g.,
when used on a <code>canvas</code>).</p>

<!-- same text in <input type=image> section and similar text elsewhere -->
Expand Down Expand Up @@ -29123,8 +29123,8 @@ was an English &lt;a href="/wiki/Music_hall">music hall&lt;/a> singer, ...</code

<li><p>Otherwise, <var>response</var>'s <span>unsafe response</span> is <var>image
request</var>'s <span data-x="img-req-data">image data</span>. It can be either
<span>CORS-same-origin</span> or <span>CORS-cross-origin</span>; this affects the
<span>origin</span> of the image itself (e.g., when used on a <code>canvas</code>).</p></li>
<span>CORS-same-origin</span> or <span>CORS-cross-origin</span>; this affects the image's
interaction with other APIs (e.g., when used on a <code>canvas</code>).</p></li>
</ol>
</li>

Expand Down Expand Up @@ -63118,16 +63118,18 @@ try {
object's bitmap image data must be used as the source image.</p>

<p>An object <var>image</var> <dfn id=the-image-argument-is-not-origin-clean>is not
origin-clean</dfn> if, switching on <var>image</var>:</p>
origin-clean</dfn> if, switching on <var>image</var>'s type:</p>

<dl class=switch>
<dt><code>HTMLOrSVGImageElement</code>
<dd><p><var>image</var>'s <span>current request</span>'s <span data-x="img-req-data">image
data</span> is <span>CORS-cross-origin</span>.</p></dd>

<dt><code>HTMLVideoElement</code>
<dd><p><var>image</var>'s <span>origin</span> is not <span>same origin</span> with <span>entry
settings object</span>'s <span data-x="concept-settings-object-origin">origin</span>.</p></dd>
<dd><p><var>image</var>'s <span>media data</span> is <span>CORS-cross-origin</span>.</p></dd>

<dt><code>HTMLCanvasElement</code>
<dt><code>ImageBitMap</code>
<dt><code>ImageBitmap</code>
<dd><p><var>image</var>'s bitmap's <span data-x="concept-canvas-origin-clean">origin-clean</span>
flag is false.</p></dd>
</dl>
Expand Down Expand Up @@ -81123,6 +81125,8 @@ interface <dfn>BarProp</dfn> {
data-x="concept-origin-tuple">tuple origin</span> can be changed, and only through the <code
data-x="dom-document-domain">document.domain</code> API.</p>

<div w-nodev>

<p>The <dfn export data-x="concept-origin-effective-domain">effective domain</dfn> of an
<span>origin</span> <var>origin</var> is computed as follows:</p>

Expand All @@ -81136,55 +81140,6 @@ interface <dfn>BarProp</dfn> {
<li><p>Return <var>origin</var>'s <span data-x="concept-origin-host">host</span>.</p></li>
</ol>

<div w-nodev>

<p>Various specification objects are defined to have an <span>origin</span>. These <span
data-x="origin">origins</span> are determined as follows:</p>

<dl>
<dt>For images of <code>img</code> elements</dt>

<dd>
<dl class="switch">

<dt>If the <span data-x="img-req-data">image data</span> is <span>CORS-cross-origin</span></dt>

<dd><p>A unique <span data-x="concept-origin-opaque">opaque origin</span> assigned when the
image is created.</p></dd>


<dt>If the <span data-x="img-req-data">image data</span> is <span>CORS-same-origin</span></dt>

<dd><p>The <code>img</code> element's <span>node document</span>'s <span
data-x="concept-document-origin">origin</span>.</p></dd>
</dl>
</dd>


<dt>For <code>audio</code> and <code>video</code> elements</dt>

<dd>
<dl class="switch">

<dt>If the <span>media data</span> is <span>CORS-cross-origin</span></dt>

<dd><p>A unique <span data-x="concept-origin-opaque">opaque origin</span> assigned when the
<span>media data</span> is fetched.</p></dd>


<dt>If the <span>media data</span> is <span>CORS-same-origin</span></dt>

<dd><p>The <span>media element</span>'s <span>node document</span>'s <span
data-x="concept-document-origin">origin</span>.</p></dd>
</dl>
</dd>
</dl>

<p>Other specifications can override the above definitions by themselves specifying the origin of
a particular image or <span>media element</span>.</p>

<hr>

<p>The <!--en-GB--><dfn id="ascii-serialisation-of-an-origin" export data-lt="serialization of an
origin|ASCII serialization of an origin">serialization of an origin</dfn> is the string obtained
by applying the following algorithm to the given <span>origin</span> <var>origin</var>:</p>
Expand All @@ -81209,10 +81164,14 @@ interface <dfn>BarProp</dfn> {
<li><p>Return <var>result</var>.</p></li>
</ol>

</div>

<p class="example">The <span data-x="serialization of an origin">serialization</span> of ("<code
data-x="">https</code>", "<code data-x="">xn--maraa-rta.example</code>", null, null) is "<code
data-x="">https://xn--maraa-rta.example</code>".</p>

<div w-nodev>

<!--en-GB--><p class="note" id="unicode-serialisation-of-an-origin">There used to also be a
<i>Unicode serialization of an origin</i>. However, it was never widely adopted.</p>

Expand Down Expand Up @@ -81257,6 +81216,8 @@ interface <dfn>BarProp</dfn> {
<li><p>Return false.</p></li>
</ol>

</div>

<div class="example">
<table>
<tr>
Expand Down Expand Up @@ -81306,6 +81267,8 @@ interface <dfn>BarProp</dfn> {
<p>A <dfn export>site</dfn> is an <span data-x="concept-origin-opaque">opaque origin</span> or a
<span>scheme-and-host</span>.</p>

<div w-nodev>

<p>To <dfn export>obtain a site</dfn>, given an origin <var>origin</var>, run these steps:</p>

<ol>
Expand Down Expand Up @@ -81361,6 +81324,8 @@ interface <dfn>BarProp</dfn> {
<span data-x="concept-origin-scheme">scheme</span></p></li>
</ul>

</div>

<p class="note">Unlike the <span>same origin</span> and <span>same origin-domain</span> concepts,
for <span>schemelessly same site</span> and <span>same site</span>, the <span
data-x="concept-origin-port">port</span> and <span data-x="concept-origin-domain">domain</span>
Expand Down Expand Up @@ -81428,8 +81393,6 @@ interface <dfn>BarProp</dfn> {
data-x="concept-origin-domain">domain</span> components since they are not considered.)</p>
</div>

</div>


<h4>Relaxing the same-origin restriction</h4>

Expand Down Expand Up @@ -96022,9 +95985,7 @@ dictionary <dfn>ImageBitmapOptions</dfn> {
is not supported or is disabled), or, if there is no such image, the first frame of the
animation.</p></li>

<li><p>If the <span>origin</span> of <var>image</var>'s image is not <span>same origin</span>
with <span>entry settings object</span>'s <span
data-x="concept-settings-object-origin">origin</span>, then set the <span
<li><p>If <var>image</var> <span>is not origin-clean</span>, then set the <span
data-x="concept-canvas-origin-clean">origin-clean</span> flag of <var>imageBitmap</var>'s
bitmap to false.</p></li>

Expand Down Expand Up @@ -96053,9 +96014,7 @@ dictionary <dfn>ImageBitmapOptions</dfn> {
after any aspect-ratio correction has been applied), <span>cropped to the source rectangle
with formatting</span>.</p>

<li><p>If the <span>origin</span> of <var>image</var>'s video is not <span>same origin</span>
with <span>entry settings object</span>'s <span
data-x="concept-settings-object-origin">origin</span>, then set the <span
<li><p>If <var>image</var> <span>is not origin-clean</span>, then set the <span
data-x="concept-canvas-origin-clean">origin-clean</span> flag of <var>imageBitmap</var>'s
bitmap to false.</p></li>

Expand Down

0 comments on commit 2f69571

Please sign in to comment.