-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wire up 'HostEnsureCanCompileStrings' to CSP #1005
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3011,6 +3011,7 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d | |
<li>The <dfn data-noexport="" data-x="js-FunctionCreate" data-x-href="https://tc39.github.io/ecma262/#sec-functioncreate">FunctionCreate</dfn> abstract operation</li> | ||
<li>The <dfn data-noexport="" data-x="js-GetActiveScriptOrModule" data-x-href="https://tc39.github.io/ecma262/#sec-getactivescriptormodule">GetActiveScriptOrModule</dfn> abstract operation</li> | ||
<li>The <dfn data-noexport="" data-x-href="https://tc39.github.io/ecma262/#sec-hasownproperty">HasOwnProperty</dfn> abstract operation</li> | ||
<li>The <dfn data-noexport="" data-x="js-HostEnsureCanCompileStrings" data-x-href="https://tc39.github.io/ecma262/#sec-hostensurecancompilestrings">HostEnsureCanCompileStrings</dfn> abstract operation</li> | ||
<li>The <dfn data-noexport="" data-x="js-HostPromiseRejectionTracker" data-x-href="https://tc39.github.io/ecma262/#sec-host-promise-rejection-tracker">HostPromiseRejectionTracker</dfn> abstract operation</li> | ||
<li>The <dfn data-noexport="" data-x="js-HostResolveImportedModule" data-x-href="https://tc39.github.io/ecma262/#sec-hostresolveimportedmodule">HostResolveImportedModule</dfn> abstract operation</li> | ||
<li>The <dfn data-noexport="" data-x="js-InitializeHostDefinedRealm" data-x-href="https://tc39.github.io/ecma262/#sec-initializehostdefinedrealm">InitializeHostDefinedRealm</dfn> abstract operation</li> | ||
|
@@ -3831,6 +3832,7 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d | |
<li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec-csp/#initialize-document-csp">Initialize a Document's CSP list</dfn> algorithm</li> | ||
<li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec-csp/#should-block-inline">Should element's inline behavior be blocked by Content Security Policy?</dfn> algorithm</li> | ||
<li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec-csp/#report-uri"><code data-x="">report-uri</code> directive</dfn></li> | ||
<li>The <dfn data-noexport="" data-x="csp-EnsureCSPDoesNotBlockStringCompilation" data-x-href="https://w3c.github.io/webappsec-csp/#can-compile-strings">EnsureCSPDoesNotBlockStringCompilation</dfn> abstract operation</li> | ||
</ul> | ||
|
||
<p>The following terms are defined in <cite>Content Security Policy: Document Features</cite>: <ref spec="CSPDOCUMENT"></p> | ||
|
@@ -86244,7 +86246,20 @@ dictionary <dfn>PromiseRejectionEventInit</dfn> : <span>EventInit</span> { | |
<p>The <dfn><code data-x="dom-PromiseRejectionEvent-reason">reason</code></dfn> attribute must | ||
return the value it was initialised to. It represents the rejection reason for the promise.</p> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You forgot to remove the space before the dot. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ugh. Fixed. :) |
||
|
||
<h5 id="the-hostensurecancompilestrings-implementation"><dfn>HostEnsureCanCompileStrings</dfn>(<var>callerRealm</var>, <var>calleeRealm</var>)</h5> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The |
||
|
||
<p>JavaScript contains an implementation-defined <span | ||
data-x="js-HostEnsureCanCompileStrings">HostEnsureCanCompileStrings</span>(<var>callerRealm</var>, | ||
<var>calleeRealm</var>) abstract operation. User agents must use the following implementation: | ||
<ref spec=JAVASCRIPT> | ||
|
||
<ol> | ||
|
||
<li><p>Perform ? <span | ||
data-x="csp-EnsureCSPDoesNotBlockStringCompilation">EnsureCSPDoesNotBlockStringCompilation(<var>callerRealm</var>, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. span should wrap the function name, not the function call |
||
<var>calleeRealm</var>)</span>. <ref spec=CSP></p></li> | ||
|
||
</ol> | ||
|
||
<div w-nodev> | ||
|
||
|
@@ -88471,6 +88486,13 @@ document.body.appendChild(frame)</pre> | |
<dd> | ||
|
||
<ol> | ||
<li><p>Let <var>callerRealm</var> be the <span>entry settings object</span>'s | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You need to save the entry settings object outside the task; inside the task there is no entry settings object. However, there's an old bug talking about how it might be good to move from entry settings object's realm to "the current Realm". Normally I'd say stick with entry settings object and maybe in the future we can update all at once, but in this case, I think for consistency with |
||
<span>JavaScript realm</span>, and <var>calleeRealm</var> be <var>method context</var>'s | ||
<span>JavaScript realm</span>.</p></li> | ||
|
||
<li><p>Perform ? <span | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Since we're not in the context of a JS operation definition, instead of the ? notation, we'll say "Rethrow any exceptions". There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Actually, we need to "report the exception", i.e. send it to window.onerror. |
||
data-x="js-HostEnsureCanCompileStrings">HostEnsureCanCompileStrings</span>(<var>callerRealm</var>, | ||
<var>calleeRealm</var>)</p></li> | ||
|
||
<li><p>Let <var>script source</var> be the first method argument.</p></li> | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No
<code>
for abstract operation; and call it an "abstract operation" instead of "operation" (just like in the ES section)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hrm. Ok. I guess I was assuming that an operation was no longer abstract once it was defined (like an "abstract class" in C++). Hooray for different meanings in different languages! :)