From 44ad52096478f1d95ae8a201ad4916efef374531 Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Thu, 16 Feb 2017 22:38:49 -0700 Subject: [PATCH 01/12] Refactor the document.domain setter as a standalone algorithm (1/2) This is in response to W3C/HTML PR https://github.com/w3c/html/issues/769. The Web Authentication WG's draft currently makes reference to the "Relaxing the same-origin restriction" of the document.domain attribute setter as a way to let relying parties use foo.bar.com to generate scoped credentials for bar.com. However, 1) the attribute setter procedure isn't documented as an algorithm - so we shouldn't call it like one, and 2) we need to override some of the ambient state within it, by changing some of the values to be passed as arguments. We had started some work to inline the procedure as an algorithm within our document, but consensus is that it'd be better if we could avoid future divergence by refactoring this part of the HTML spec instead. --- source | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/source b/source index a02b4f19405..4824c1d5094 100644 --- a/source +++ b/source @@ -79482,6 +79482,55 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp +

To validate the relaxation of an origin for an origin + currentOrigin and a string inputDomain, the user agent must run these + steps:

+ +
    +

  1. If inputDomain is the empty string, then throw a + "SecurityError" DOMException.

    2. + +

  2. Let host be the result of parsing the + inputDomain.

    3. + +

  3. If host is failure, then throw a "SecurityError" + DOMException.

    4. + +

  4. Let effectiveDomain be currentOrigin's effective domain.

    5. + +
  5. +

    If host is not equal to + effectiveDomain, then run these substeps:

    + +
      +
    1. +

      If host or effectiveDomain is not a domain, then throw a "SecurityError" + DOMException.

      + +

      This is meant to exclude hosts that are an + IPv4 address or an IPv6 address.

      +
      2. + +

    2. If host, prefixed by a U+002E FULL STOP (.), does not exactly match the end + of effectiveDomain, then throw a "SecurityError" + DOMException.

      3. + +
    3. +

      If host matches a suffix in the Public Suffix List, or, if host, + prefixed by a U+002E FULL STOP (.), matches the end of a suffix in the Public Suffix List, + then throw a "SecurityError" DOMException.

      + +

      Suffixes must be compared after applying the host parser algorithm.

      +
      4. +
    +
    6. + +

  6. Return host.

    7. +
+

The domain attribute's getter must run From 152e69f03523f2ad37c88a9988417896cac347d1 Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Thu, 16 Feb 2017 22:40:55 -0700 Subject: [PATCH 02/12] Refactor the document.domain setter as a standalone algorithm (2/2) Remove duplicated lines from the document.domain setter that are now handled in the standalone algorithm. --- source | 45 ++++----------------------------------------- 1 file changed, 4 insertions(+), 41 deletions(-) diff --git a/source b/source index 4824c1d5094..66a6d6322fa 100644 --- a/source +++ b/source @@ -79563,47 +79563,10 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp set, then throw a "SecurityError" DOMException.

-

  • If the given value is the empty string, then throw a - "SecurityError" DOMException.

    • - -

  • Let host be the result of parsing the given - value.

    • - -

  • If host is failure, then throw a "SecurityError" - DOMException.

    • - -

  • Let effectiveDomain be this Document object's - origin's effective - domain.

    • - -
  • -

    If host is not equal to - effectiveDomain, then run these substeps:

    - -
      -
    1. -

      If host or effectiveDomain is not a domain, then throw a "SecurityError" - DOMException.

      - -

      This is meant to exclude hosts that are an - IPv4 address or an IPv6 address.

      -
      2. - -

    2. If host, prefixed by a U+002E FULL STOP (.), does not exactly match the end - of effectiveDomain, then throw a "SecurityError" - DOMException.

      3. - -
    3. -

      If host matches a suffix in the Public Suffix List, or, if host, - prefixed by a U+002E FULL STOP (.), matches the end of a suffix in the Public Suffix List, - then throw a "SecurityError" DOMException.

      - -

      Suffixes must be compared after applying the host parser algorithm.

      -
      4. -
    -
    • +

  • Let host be the result of + validating the relaxation of an origin with this Document object's + origin as currentOrigin and the given value as inputDomain. +

  • Set this Document object's origin's domain to host.

    • From f3b69813c66dc31afb51ec829ea82e0f84b582dc Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Thu, 16 Feb 2017 22:43:50 -0700 Subject: [PATCH 03/12] Add self to acknowledgements, per CONTRIBUTING.md --- source | 1 + 1 file changed, 1 insertion(+) diff --git a/source b/source index 66a6d6322fa..db0d08b7af7 100644 --- a/source +++ b/source @@ -119643,6 +119643,7 @@ INSERT INTERFACES HERE Ivan Enderlin, Ivo Emanuel Gonçalves, J. King, + J.C. Jones, Jackson Ray Hamilton, Jacob Davies, Jacques Distler, From 3ad1185fbfc6484bc107595cc61d74042bda70e7 Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Fri, 17 Feb 2017 07:27:37 -0700 Subject: [PATCH 04/12] Review updates per annevk and mikewest - thanks! - Moved the
    up. - Fixed a line break / mis-wrap in the attribute setter. - Moved all exception throwing outside the algorith, so it returns failure instead. --- source | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/source b/source index db0d08b7af7..ed322503317 100644 --- a/source +++ b/source @@ -79482,6 +79482,8 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp +
    +

    To validate the relaxation of an origin for an origin currentOrigin and a string inputDomain, the user agent must run these steps:

    @@ -79493,8 +79495,7 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

    Let host be the result of parsing the inputDomain.

    -

  • If host is failure, then throw a "SecurityError" - DOMException.

    • +

  • If host is failure, then return failure.

  • Let effectiveDomain be currentOrigin's effective domain.

    • @@ -79506,22 +79507,19 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

  • If host or effectiveDomain is not a domain, then throw a "SecurityError" - DOMException.

    + data-x="concept-domain">domain, then return failure.

    This is meant to exclude hosts that are an IPv4 address or an IPv6 address.

  • If host, prefixed by a U+002E FULL STOP (.), does not exactly match the end - of effectiveDomain, then throw a "SecurityError" - DOMException.

    • + of effectiveDomain, then return failure.

  • If host matches a suffix in the Public Suffix List, or, if host, prefixed by a U+002E FULL STOP (.), matches the end of a suffix in the Public Suffix List, - then throw a "SecurityError" DOMException.

    + then return failure.

    Suffixes must be compared after applying the host parser algorithm.

    • @@ -79531,8 +79529,6 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

    Return host.

    -
    -

    The domain attribute's getter must run these steps:

    @@ -79565,8 +79561,11 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

    Let host be the result of validating the relaxation of an origin with this Document object's - origin as currentOrigin and the given value as inputDomain. -

    + origin as currentOrigin and the given value as + inputDomain.

    + +

  • If host is failure, then throw a "SecurityError" + DOMException.

  • Set this Document object's origin's domain to host.

    • From 61a7ea83eafb513fa80c732020bbd68088ed8ac7 Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Fri, 17 Feb 2017 11:41:31 -0700 Subject: [PATCH 05/12] Trying the nomenclature suggested by jyasskin Renamed the algorithm "validate the relaxation of an origin" to "hostA is a registrable domain suffix of hostB", along with renaming the variables to hostA and hostB. --- source | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/source b/source index ed322503317..4ea3c56002b 100644 --- a/source +++ b/source @@ -79484,20 +79484,20 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp -

    To validate the relaxation of an origin for an origin - currentOrigin and a string inputDomain, the user agent must run these - steps:

    +

    To determine if hostA is a registrable domain suffix of + hostB for a string hostA and an origin hostB, + the user agent must run these steps:

      -

    1. If inputDomain is the empty string, then throw a +

    2. If hostA is the empty string, then throw a "SecurityError" DOMException.

      3. -

    3. Let host be the result of parsing the - inputDomain.

      4. +

    4. Let host be the result of parsing + hostA.

    5. If host is failure, then return failure.

      6. -

    6. Let effectiveDomain be currentOrigin's

      Let effectiveDomain be hostB's effective domain.

    7. @@ -79559,10 +79559,9 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp set, then throw a "SecurityError" DOMException.

      8. -

    8. Let host be the result of - validating the relaxation of an origin with this Document object's - origin as currentOrigin and the given value as - inputDomain.

      9. +

    9. Let host be the result of determining if hostA is a + registrable domain suffix of hostB with the given value as hostA and + this Document object's origin as hostB.

    10. If host is failure, then throw a "SecurityError" DOMException.

      11. From 2e67f75d2ad6d37d4d03af496fbd1fc240ab175c Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Fri, 17 Feb 2017 15:48:34 -0700 Subject: [PATCH 06/12] Review updates per domenic - Rename the algorithm to "is a registrable domain suffix" - Make the algorithm return true/false - Rename the arguments to hostString and origin --- source | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/source b/source index 4ea3c56002b..6ac85bae21c 100644 --- a/source +++ b/source @@ -79484,20 +79484,19 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp -

      To determine if hostA is a registrable domain suffix of - hostB for a string hostA and an origin hostB, - the user agent must run these steps:

      +

      To determine if a string hostString is a registrable domain suffix of an + origin origin, run these steps:

        -

      1. If hostA is the empty string, then throw a - "SecurityError" DOMException.

        2. +

      2. If hostString is the empty string, then return false.

      3. Let host be the result of parsing - hostA.

        4. + hostString.

        -

      4. If host is failure, then return failure.

        5. +

      5. If host is failure, then return false.

        6. -

      6. Let effectiveDomain be hostB's

        Let effectiveDomain be origin's effective domain.

      7. @@ -79507,26 +79506,26 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

      8. If host or effectiveDomain is not a domain, then return failure.

        + data-x="concept-domain">domain, then return false.

        This is meant to exclude hosts that are an IPv4 address or an IPv6 address.

      9. If host, prefixed by a U+002E FULL STOP (.), does not exactly match the end - of effectiveDomain, then return failure.

        10. + of effectiveDomain, then return false.

      10. If host matches a suffix in the Public Suffix List, or, if host, prefixed by a U+002E FULL STOP (.), matches the end of a suffix in the Public Suffix List, - then return failure.

        + then return false.

        Suffixes must be compared after applying the host parser algorithm.

      -

    11. Return host.

      12. +

    12. Return true.

    The domain attribute's getter must run @@ -79559,15 +79558,13 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp set, then throw a "SecurityError" DOMException.

    -

  • Let host be the result of determining if hostA is a - registrable domain suffix of hostB with the given value as hostA and - this Document object's origin as hostB.

    • - -

  • If host is failure, then throw a "SecurityError" - DOMException.

    • +

  • If the given value is not a registrable + domain suffix of this Document object's origin, then throw a + "SecurityError" DOMException.

  • Set this Document object's origin's domain to host.

    • + data-x="concept-origin-domain">domain to the result of parsing the given value.

    From 0f23e3ab483f412c52cb24ffde863f3602c9a988 Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Mon, 20 Feb 2017 08:01:29 -0700 Subject: [PATCH 07/12] Change the second argument of "is a registrable domain suffix" to a host Per annevk's review suggestion that this algorithm operate only on hosts, move the effectiveDomain function call to the outside of the algorithm. --- source | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/source b/source index 6ac85bae21c..37bd356ae2b 100644 --- a/source +++ b/source @@ -79485,8 +79485,8 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

    To determine if a string hostString is a registrable domain suffix of an - origin origin, run these steps:

    + suffix|is not a registrable domain suffix">is a registrable domain suffix of a + string effectiveDomain, run these steps:

    1. If hostString is the empty string, then return false.

      2. @@ -79496,9 +79496,6 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

      If host is failure, then return false.

      -

    2. Let effectiveDomain be origin's effective domain.

      3. -

    3. If host is not equal to effectiveDomain, then run these substeps:

      @@ -79559,7 +79556,8 @@ callback FrameRequestCallback = void (DOMHighResTimeStampDOMException.

    4. If the given value is not a registrable - domain suffix of this Document object's origin, then throw a + domain suffix of this Document object's origin's effective domain, then throw a "SecurityError" DOMException.

    5. Set this Document object's origin's Date: Mon, 20 Feb 2017 10:08:45 -0700 Subject: [PATCH 08/12] Change type of effectiveDomain from string to host --- source | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source b/source index 37bd356ae2b..d7ab729a7e4 100644 --- a/source +++ b/source @@ -79486,7 +79486,7 @@ callback FrameRequestCallback = void (DOMHighResTimeStampTo determine if a string hostString is a registrable domain suffix of a - string effectiveDomain, run these steps:

      + host effectiveDomain, run these steps:

      1. If hostString is the empty string, then return false.

        2. From 6170adc13b42b1b29b40bcddc33325321f07542d Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Mon, 20 Feb 2017 11:09:12 -0700 Subject: [PATCH 09/12] Reword the algorithm to include "or is equal to" per annevk --- source | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/source b/source index d7ab729a7e4..b84511cbe22 100644 --- a/source +++ b/source @@ -79484,9 +79484,10 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp -

        To determine if a string hostString is a registrable domain suffix of a - host effectiveDomain, run these steps:

        +

        To determine if a string hostString is a + registrable domain suffix of or is equal to a host effectiveDomain, run these + steps:

        1. If hostString is the empty string, then return false.

          2. @@ -79555,10 +79556,10 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp set, then throw a "SecurityError" DOMException.

          -

        2. If the given value is not a registrable - domain suffix of this Document object's origin's effective domain, then throw a - "SecurityError" DOMException.

          3. +

        3. If the given value is not + a registrable domain suffix of and is not equal to this Document object's + origin's effective domain, + then throw a "SecurityError" DOMException.

        4. Set this Document object's origin's domain to the result of opaque origin, then - return origin.

          5. + return null.

        5. If origin's domain is non-null, then return origin's domain.

          6. @@ -79486,8 +79486,8 @@ callback FrameRequestCallback = void (DOMHighResTimeStampTo determine if a string hostString is a - registrable domain suffix of or is equal to a host effectiveDomain, run these - steps:

          + registrable domain suffix of or is equal to a host + targetHost, run these steps:

          1. If hostString is the empty string, then return false.

            2. @@ -79499,11 +79499,11 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

            If host is not equal to - effectiveDomain, then run these substeps:

            + targetHost, then run these substeps:

            1. -

              If host or effectiveDomain is not a If host or targetHost is not a domain, then return false.

              This is meant to exclude hosts that are an @@ -79511,7 +79511,7 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

            2. If host, prefixed by a U+002E FULL STOP (.), does not exactly match the end - of effectiveDomain, then return false.

              3. + of targetHost, then return false.

            3. If host matches a suffix in the Public Suffix List, or, if host, @@ -79536,8 +79536,7 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

              Let effectiveDomain be this Document's origin's effective domain. -

            4. If effectiveDomain is an opaque - origin, then return the empty string.

              5. +

            5. If effectiveDomain is null, then return the empty string.

            6. Return effectiveDomain, serialized.

              7. @@ -79556,10 +79555,15 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp set, then throw a "SecurityError" DOMException.

              +

            7. Let effectiveDomain be this Document's origin's effective domain. + +

            8. If effectiveDomain is null, then throw a + "SecurityError" DOMException.

              9. +

            9. If the given value is not - a registrable domain suffix of and is not equal to this Document object's - origin's effective domain, - then throw a "SecurityError" DOMException.

              10. + a registrable domain suffix of and is not equal to effectiveDomain, then throw + a "SecurityError" DOMException.

            10. Set this Document object's origin's domain to the result of is a registrable domain suffix of or is equal to a host targetHost, run these steps:

              +

              1. If hostString is the empty string, then return false.

                2. From a75b407b7add8296fafe121d653c3edfe3da6113 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Wed, 22 Feb 2017 08:59:24 +0100 Subject: [PATCH 12/12] review nits --- source | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/source b/source index 0c94c4b76e4..73dc066abb9 100644 --- a/source +++ b/source @@ -79484,27 +79484,27 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp -

                To determine if a string hostString is a - registrable domain suffix of or is equal to a host - targetHost, run these steps:

                - +

                To determine if a string hostSuffixString is a registrable domain suffix of or is equal to a host originalHost, run these steps:

                +
                  -

                1. If hostString is the empty string, then return false.

                  2. +

                2. If hostSuffixString is the empty string, then return false.

                3. Let host be the result of parsing - hostString.

                  4. + hostSuffixString.

                4. If host is failure, then return false.

                5. If host is not equal to - targetHost, then run these substeps:

                  + originalHost, then run these substeps:

                  1. -

                    If host or targetHost is not a If host or originalHost is not a domain, then return false.

                    This is meant to exclude hosts that are an @@ -79512,7 +79512,7 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

                  2. If host, prefixed by a U+002E FULL STOP (.), does not exactly match the end - of targetHost, then return false.

                    3. + of originalHost, then return false.

                  3. If host matches a suffix in the Public Suffix List, or, if host,