Cleanup global object usage to make sense with Documents
#254
Conversation
index.src.html
Outdated
| @@ -388,9 +388,13 @@ <h3 id="framework-infrastructure">Infrastructure</h3> | |||
|
|
|||
| <h3 id="framework-policy">Policies</h3> | |||
|
|
|||
| A <dfn export lt="csp global object">CSP global object</dfn> is a {{Document}}, {{WorkerGlobalScope}} | |||
There was a problem hiding this comment.
Did you consider asking @annevk whether we could add an accessor to Window that would return the Window's Document's CSP list? Or just move the CSP list to Window, because I don't actually remember why it made sense to put it on the document and not the document's global?
If @annevk isn't happy about doing that in HTML, we could certainly define a clever term here along the lines of:
To obtain |object|'s CSP list:
- If |object| is a
Document, return |object|'s {{Document/CSP list}}.- If |object| is a
Window, return |object|'s {{Window/associated Document}}'s {{Document/CSP list}}.- If |object| is a
WorkerGlobalScope, return |object|'s {{WorkerGlobalScope/CSP list}}.- If |object| is a
WorkletGlobalScope, return |object|'s {{WorkletGlobalScope/CSP list}}.- Return
null.
I think I'd prefer to do that instead of inventing a new wrapper concept for CSP.
There was a problem hiding this comment.
I suspect it's not associated with Window because of about:blank? I agree that it would be nicer not to introduce a new wrapper concept with global object in its name that's not actually always a global object.
There was a problem hiding this comment.
Ok, would it be better to follow @mikewest 's suggestion above and add an accessor to the Window object that basically returns the associated document CSP list? That would let us use actual global objects throughout the spec.
There was a problem hiding this comment.
Yeah, though it seems that's fine to do locally as @mikewest illustrated.
This reverts commit 80737da.
* 'master' of https://github.com/w3c/webappsec-csp: (209 commits) Fix a few typos (w3c#280) Introduce 'prefetch-src'. (w3c#283) Clarify navigation behavior for 'script-src'. Incorrect indentation of the navigation check algorithm. IDL amendments and small misc issues. (w3c#271) Regenerate HTMLs. Origin link. NoncedElement link. link up inline css issue (w3c#228) Replaced 'alias' with 'copy' for less ambiguity (w3c#273) Cleanup `global object` usage to make sense with `Documents` (w3c#254) Elements with duplicated attributes are not nonceable. s/not-example.com/example.org/ Linked testing policy and fixed a few links (w3c#263) Rebuild HTML. Fix linking errors to 'script-like' and 'applet'. Adds WorkletGlobalScope as a concept to CSP. (w3c#205) Slight correction of host matching description (w3c#251) Fixed ambigous grammar (w3c#250) Replace Request.type based logic with Request.destination (w3c#231) ...
Documents are not global objects.
Also fixed small random typos here and there.
#208
Preview | Diff