Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Try to ensure sandboxed preload scripts run in the correct realm #768

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Try to ensure sandboxed preload scripts run in the correct realm #768

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 57 additions & 8 deletions index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1257,8 +1257,55 @@ To <dfn>get or create a sandbox realm</dfn> given |name| and |navigable|:
<div algorithm>
To <dfn>create a sandbox realm</dfn> with |window|:

Issue: Define creation of sandbox realm. This is going to return a
{{SandboxWindowProxy}} wrapping |window|.
1. Let |window environment settings| be the [=environment settings object=] whose
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By looking at call sites of "create a sandbox realm" the argument should be navigable, so probably we need the env settings object of |navigable|'s [=active window=].

[=relevant global object=] is |window|.

1. Let |global| be a new {{SandboxWindowProxy}} wrapping |window|.

Issue: This is the key step but it's basically totally undefined.

1. Let |agent| be |window environment settings|'s [=realm=]'s <a spec=html for=realm>agent</a>.

1. Let |execution context| be the result of [=creating a new realm=] given |agent| using
|global| as the host-defined global object.

1. Let |realm| be the value of |execution context|'s Realm component.

1. Let |settings object| be a new [=environment settings object=] whose algorithms are defined as follows:

<dl>
<dt>The [=realm execution context=].
<dd>Return |execution context|.

<dt>The [=environment settings object/module map=]
<dd>Return |global|'s module map.
Issue: Need to define module map for {{SandboxWindowProxy}} objects.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this issue is not rendered properly? Perhaps it needs newlines or needs to be outside of dl.


<dt>The [=API base URL=]
<dd>Return |window environment settings|' [=API base url=].

<dt>[=environment settings object/origin=]
<dd>Return |window environment settings|' [=environment settings object/origin=].

<dt>[=environment settings object/policy container=]
<dd>Return |window environment settings|' [=environment settings object/policy container=].

<dt>The [=environment settings object/cross-origin isolated capability=]
<dd>Return true.

<dt>The [=time origin=]
<dd>Return |window environment settings|' [=time origin=].

1. Set |settings object|'s [=environment/id=] to a new unique opaque string,
[=creation URL=] to |window environment settings|' [=creation URL=],
[=top-level creation URL=] to |window environment settings|' [=top-level
creation URL=], [=target browsing context=] to |window environment settings|'
[=target browsing context=], [=active service worker=] to null, and
[=top-level origin=] to |window environment settings|' [=top-level origin=].

1. Set |realm|'s \[[HostDefined]] field to |settings object|.

1. Return |realm|

</div>

Expand Down Expand Up @@ -7093,8 +7140,8 @@ TODO: Extend this to scripts in other kinds of realms.
A [=BiDi session=] has a <dfn>preload script map</dfn> which is a [=/map=] in
which the keys are [[!RFC9562|UUID]]s, and the values are [=structs=] with an <a
for=struct>item</a> named <code>function declaration</code>, which is a string,
<code>arguments</code>, <code>contexts</code>, which is a list or null, and an item named <code>sandbox</code> which is a string
or null.
<code>arguments</code>, <code>contexts</code>, which is a list or null, and an
item named <code>sandbox</code> which is a string or null.

Note: If executing a [=preload script=] fails, either due to a syntax error, or
a runtime exception, an [[ECMAScript]] exception is reported in the realm in
Expand All @@ -7119,10 +7166,12 @@ To <dfn export>run WebDriver BiDi preload scripts</dfn> given |environment setti

1. If <code>contexts</code> does not [=list/contains|contain=] |navigable id|, return.

1. If |preload script|'s <code>sandbox</code> is not null, let |realm| be [=get
or create a sandbox realm=] with |preload script|'s <code>sandbox</code> and
|navigable|. Otherwise let |realm| be |environment settings|'
[=realm execution context=]'s Realm component.
1. If |preload script|'s <code>sandbox</code> is not null, let |realm| be
[=get or create a sandbox realm=] with |preload script|'s
<code>sandbox</code> and |navigable|, and set |environment settings| to
the [=environment settings object=] whose [=realm execution context=]'s
Realm component is |realm|. Otherwise let |realm| be
|environment settings|' [=realm execution context=]'s Realm component.

1. Let |exception reporting global| be be |environment settings|'
[=realm execution context=]'s Realm component's [=realm/global object=].
Expand Down
Loading