Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Spec] window.top can reach past a fenced frame boundary. #195

Open
blu25 opened this issue Oct 7, 2024 · 2 comments
Open

[Spec] window.top can reach past a fenced frame boundary. #195

blu25 opened this issue Oct 7, 2024 · 2 comments

Comments

@blu25
Copy link
Collaborator

blu25 commented Oct 7, 2024
edited
Loading

The definition of top-level traversable was modified to always get the unfenced top-level traversable. That is, calling this algorithm from within a fenced frame tree will break past the fenced frame boundary and get the outermost traversable instead.

This change has the side effect of breaking the intended fenced functionality of window.top. That algorithm returns the active WindowProxy of the top-level traversable. However, since that algorithm is unfenced, window.top is now able to reach past a fenced frame boundary and get a frame outside of a fenced frame tree, which is something we do not want the web platform to be able to do.

To fix this, we should:

  1. Introduce fenced/unfenced variants of top-level traversable. (we already have an unfenced variant in the form of traversable navigable)
  2. Have the window.top algorithm call the traversable navigable algorithm, essentially making it fenced.
  3. Audit other instances where top-level traversable is called to see if it should be fenced or not, and fix those as well if necessary.
  4. Based on the audit, determine if top-level traversable should be fenced or unfenced by default.
@domfarolino
Copy link
Collaborator

Isn't https://html.spec.whatwg.org/multipage/document-sequences.html#nav-traversable just the "fenced" version of "top-level traversable"? Also, I am pretty sure https://docs.google.com/spreadsheets/d/1p7_LtfkB1BAFx_Iu_vQ9J0zLHgd2SaC5ih4ANfhYp0E/edit?gid=533819146#gid=533819146&range=B338 should be the audit you're referencing. Maybe it is triaged wrong though, or we just didn't get to it.

@blu25
Copy link
Collaborator Author

blu25 commented Nov 4, 2024

Isn't https://html.spec.whatwg.org/multipage/document-sequences.html#nav-traversable just the "fenced" version of "top-level traversable"?

Actually yes. I think I was thinking that "traversable navigable" and "navigable" were the same thing. In that case, then window.top can simply call traversable navigable instead of top-level traversable and it should be functionally correct and match the implementation.

Also, I am pretty sure https://docs.google.com/spreadsheets/d/1p7_LtfkB1BAFx_Iu_vQ9J0zLHgd2SaC5ih4ANfhYp0E/edit?gid=533819146#gid=533819146&range=B338 should be the audit you're referencing. Maybe it is triaged wrong though, or we just didn't get to it.

I think the triaging is correct, but because of how top-level traversable works after fenced frames, anything marked as "Expects fence" is an action required item and needs modifying to call traversable navigable and not top-level traversable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@blu25 @domfarolino