Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delegate srcdoc's CSP list initialization to CSP. #2599

Closed
wants to merge 1 commit into from
Closed

Delegate srcdoc's CSP list initialization to CSP. #2599

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 4 additions & 6 deletions source
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3747,7 +3747,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#grammardef-serialized-policy">Content Security Policy syntax</dfn></li>
<li><dfn data-x-href="https://w3c.github.io/webappsec-csp/#enforced">enforce the policy</dfn></li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#parse-serialized-policy">parse a serialized Content Security Policy</dfn> algorithm</li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#initialize-global-object-csp">Initialize a global object's CSP list</dfn> algorithm</li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#initialize-worker-csp">Initialize a worker's CSP list</dfn> algorithm</li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#initialize-document-csp">Initialize a Document's CSP list</dfn> algorithm</li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#should-block-inline">Should element's inline behavior be blocked by Content Security Policy?</dfn> algorithm</li>
<li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#should-block-navigation-request">Should navigation request of type from source in target be blocked by Content Security Policy?</dfn> algorithm</li>
Expand Down Expand Up @@ -28891,9 +28891,7 @@ interface <dfn>HTMLIFrameElement</dfn> : <span>HTMLElement</span> {
data-x="concept-response-header-list">header list</span> consists of `<code
data-x="">Content-Type</code>`/`<code>text/html</code>, <span
data-x="concept-response-body">body</span> is the value of the attribute, <span
data-x="concept-response-csp-list">CSP list</span> is the <span
data-x="concept-document-csp-list">CSP list</span> of the <code>iframe</code> element's <span>node
document</span>, <span data-x="concept-response-https-state">HTTPS state</span> is the <span
data-x="concept-response-https-state">HTTPS state</span> is the <span
data-x="concept-document-https-state">HTTPS state</span> of the <code>iframe</code> element's
<span>node document</span>.

Expand Down Expand Up @@ -97482,8 +97480,8 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {
<span data-x="parse-referrer-policy-header">parsing the `<code>Referrer-Policy</code>`
header</span> of <var>response</var>.</p></li>

<li><p>Execute the <span>Initialize a <code data-x="">global object</code>'s CSP list</span>
algorithm on <var>worker global scope</var> and <var>response</var>. <ref spec="CSP"></p></li>
<li><p>Execute the <span>Initialize a worker's CSP list</span> algorithm on <var>worker global
scope</var> and <var>response</var>. <ref spec="CSP"></p></li>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In w3c/webappsec-csp#210 it seems this algorithm also takes an owner.


<li><p>Asynchronously complete the <span data-x="fetching-scripts-perform-fetch">perform the
fetch</span> steps with <var>response</var>.</p></li>
Expand Down