Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creator browsing context state #2508

Open
annevk opened this issue Apr 5, 2017 · 7 comments
Open

Creator browsing context state #2508

annevk opened this issue Apr 5, 2017 · 7 comments
Labels
clarification Standard could be clearer

Comments

@annevk
Copy link
Member

annevk commented Apr 5, 2017

In #792 I flattened the concept of a creator document into several smaller slots so we store less data overall and create less of a chance for other standards to require leaking large parts of a document.

However, as pointed out in #2480 due to browsing context container and in particular nested through, we end up leaking the entire document anyway, except for the opener browsing context scenario.

It seems there's some duplication here that we could clean up, probably best done through studying the various places that make use of this mechanism:

  • Secure contexts
  • Fullscreen (it seems Fullscreen should just require the document to be fully active; needs tests)
  • Usage inside HTML
  • ...?
@annevk annevk added the clarification Standard could be clearer label Apr 5, 2017
@annevk annevk mentioned this issue Apr 5, 2017
Open
@foolip
Copy link
Member

foolip commented Apr 5, 2017

It just so happens that there are "is active" checks all over Blink's Fullscreen implementation, preconditions that I haven't figured out if they should be spec'd or if they're there to bail out in cases where it shouldn't be observable. I'd be unsurprised if it is observable. These checks aren't done when traversing ancestors though.

@annevk
Copy link
Member Author

annevk commented Apr 5, 2017

I think in particular requesting fullscreen from onclick in a current (fully active) document on a document that's navigated away from would be the kind of thing that is observable there and wrong in the current standard.

@foolip
Copy link
Member

foolip commented Apr 6, 2017

Do you mean if the fullscreen resize is racing with the navigation? Yes, that seems likely to be broken.

@annevk
Copy link
Member Author

annevk commented Apr 6, 2017

I was actually not considering races, just holding a reference to the previous document.

@foolip
Copy link
Member

foolip commented Apr 6, 2017

Oh, now I see what you mean. Because of the active check's in Blink's implementation, that would be a no-op, it wouldn't even fire a fullscreenerror event. (One could try, but we don't dispatch events in inactive documents, which I assume is also not accounted for by any standard.)

@annevk
Copy link
Member Author

annevk commented Apr 6, 2017

Well, the event loop processing model does say not to run in inactive (/ not fully active?) documents so that would match. I guess the other thing is that in Blink such a document can never become active again, whereas in Firefox it can (and other browsers that implement a theoretical "fast back" feature).

@annevk
Copy link
Member Author

annevk commented Apr 27, 2017

https://w3c.github.io/webappsec-csp/ defines "embedding document" so something like that is probably needed.

@annevk annevk mentioned this issue Apr 23, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
clarification Standard could be clearer
Milestone
No milestone
Development

No branches or pull requests
2 participants
@foolip @annevk