From 4438b7eb6b3290fe3eb01cba1c6161053b692ff1 Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 9 Nov 2015 12:53:13 +0100
Subject: [PATCH] Fix #313: make disowning a browsing context work

This change attempts to make it so that when using rel=noopener, rel=noreferrer, and when setting window.opener to null, the browsing contexts involve can no longer directly reach each other. They end up in their own unit of related browsing contexts. (This is what some in the ECMAScript community refer to as a vat or continent.)

We do this by making directly reachable account for disowning, by making familiar with account for directly reachable, and by changing the rules for choosing a browsing context given a browsing context name to no longer say "related enough", but instead clearly say that the browsing contexts have to be familiar with each other, and by extension, have to be directly reachable.
---
 source | 51 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/source b/source
index 2ed247a2530..fdf60da51d2 100644
--- a/source
+++ b/source
@@ -21628,8 +21628,8 @@ interface <dfn>HTMLHyperlinkElementUtils</dfn> {
 
    <li><p>If <var>subject</var>'s <a href="#linkTypes">link types</a> include the <code
    data-x="rel-noreferrer">noreferrer</code> or <code data-x="rel-noopener">noopener</code> keyword,
-   and <var>replace</var> is true, then <span data-x="disowned its opener">disown
-   <var>target</var>'s opener</span>.</p></li>
+   and <var>replace</var> is true, then <span data-x="disowned">disown</span>
+   <var>target</var>.</p></li>
 
    <li><p><span data-x="parse a url">Parse</span> the <span>URL</span> given by <var>subject</var>'s
    <code data-x="attr-hyperlink-href">href</code> attribute, relative to <var>subject</var>'s
@@ -22141,7 +22141,9 @@ interface <dfn>HTMLHyperlinkElementUtils</dfn> {
      <td><em>not allowed</em></td>
      <td><span data-x="hyperlink annotation">Annotation</span></td>
      <td class="no"> &middot; </td>
-     <td>Requires that the user agent not send an HTTP `<code data-x="http-referer">Referer</code>` (sic) header if the user follows the hyperlink.</td>
+     <td>Indicates that any <span>browsing context</span> created by following the hyperlink is
+     <span>disowned</span> and that the user agent will not send an HTTP `<code
+     data-x="http-referer">Referer</code>` (sic) header if the user follows the hyperlink.</td>
     </tr>
 
     <tr>
@@ -22149,7 +22151,8 @@ interface <dfn>HTMLHyperlinkElementUtils</dfn> {
      <td><em>not allowed</em></td>
      <td><span data-x="hyperlink annotation">Annotation</span></td>
      <td class="no"> &middot; </td>
-     <td>Requires that any <span>browsing context</span> created by following the hyperlink must not have an <span>opener browsing context</span>.</td>
+     <td>Indicates that any <span>browsing context</span> created by following the hyperlink is
+     <span>disowned</span>.</td>
     </tr>
 
     <tr>
@@ -78152,17 +78155,18 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
   the <span>browsing context</span> from which the <span>auxiliary browsing context</span> was
   created.</p>
 
+  <p>An <span>auxiliary browsing context</span> can be <dfn id="disowned-its-opener">disowned</dfn>.
+  This means it is no longer <span data-x="directly reachable browsing contexts">directly
+  reachable</span>.</p>
 
   <h5>Navigating auxiliary browsing contexts in the DOM</h5>
 
   <p>The <dfn><code data-x="dom-opener">opener</code></dfn> IDL attribute on the <code>Window</code>
-  object, on getting, must return the <code>WindowProxy</code> object of the <span>browsing
-  context</span> from which the current <span>browsing context</span> was created (its <span>opener
-  browsing context</span>), if there is one, if it is still available, and if the current
-  <span>browsing context</span> has not <i data-x="disowned its opener">disowned its opener</i>;
-  otherwise, it must return null. On setting, if the new value is null then the current
-  <span>browsing context</span> must <dfn data-x="disowned its opener">disown its opener</dfn>; if
-  the new value is anything else then the user agent must
+  object, on getting, must return the <code>WindowProxy</code> object of the current <span>browsing
+  context</span>'s <span>opener browsing context</span>, if there is one and it is not
+  <span>disowned</span>; otherwise, it must return null. On setting, if the new value is null then
+  the current <span>browsing context</span> must be <span>disowned</span>; if the new value is
+  anything else then the user agent must
 
     <!-- dark magic incantation begins -->
     call the [[DefineOwnProperty]] internal method of the <code>Window</code> object, passing the
@@ -78181,8 +78185,9 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
   <h4 id="security-nav">Security</h4>
 
   <p id="security-1">A <span>browsing context</span> <var>A</var> is <dfn>familiar
-  with</dfn> a second <span>browsing context</span> <var>B</var> if one of the following
-  conditions is true:</p>
+  with</dfn> a second <span>browsing context</span> <var>B</var> if <var>A</var> can <span
+  data-x="directly reachable browsing contexts">directly reach</span> <var>B</var> and one of the
+  following conditions is true:</p>
 
   <ul>
 
@@ -78269,9 +78274,11 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
    <li>The <span>browsing context</span>'s <span>parent browsing context</span>.</li>
 
    <li>All the <span data-x="browsing context">browsing contexts</span> that have the <span>browsing
-   context</span> as their <span>opener browsing context</span>.</li>
+   context</span> as their <span>opener browsing context</span> as long as neither side is
+   <span>disowned</span>.</li>
 
-   <li>The <span>browsing context</span>'s <span>opener browsing context</span>.</li>
+   <li>The <span>browsing context</span>'s <span>opener browsing context</span> as long as neither
+   side is <span>disowned</span>.</li>
 
   </ul>
 
@@ -78520,11 +78527,10 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
     <p>If the given browsing context name is not <code data-x="">_blank</code> and there exists a
     browsing context whose <span data-x="browsing context name">name</span> is the same as the given
     browsing context name, and the current browsing context is <span>familiar with</span> that
-    browsing context, and the user agent determines that the two browsing contexts are related
-    enough that it is ok if they reach each other, then that browsing context must be the chosen
-    one. If there are multiple matching browsing contexts, the user agent should select one in some
-    arbitrary consistent manner, such as the most recently opened, most recently focused, or more
-    closely related.</p>
+    browsing context, then that browsing context must be the chosen one. If there are multiple
+    matching browsing contexts the current browsing context is <span>familiar with</span>, the user
+    agent should select one in some arbitrary consistent manner, such as the most recently opened,
+    most recently focused, or more closely related.</p>
 
    </li>
 
@@ -79351,9 +79357,8 @@ callback <dfn>FrameRequestCallback</dfn> = void (<span>DOMHighResTimeStamp</span
     <ol>
 
      <li><p>If the result of <span data-x="split a string on commas">splitting <var>features</var>
-     on commas</span> contains the token "<code data-x="">noopener</code>", <span data-x="disowned
-     its opener">disown <var>target browsing context</var>'s opener</span>, and return <code
-     data-x="">null</code>.</p></li>
+     on commas</span> contains the token "<code data-x="">noopener</code>", <span
+     data-x="disowned">disown</span> <var>target browsing context</var>, and return null.</p></li>
 
      <li><p>Otherwise, return the <code>WindowProxy</code> object of <var>target browsing
      context</var>.</p></li>