[spec] Allow createWorklet() in opaque origin contexts #156
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In opaque origin contexts (e.g. sandboxed iframes), we now allow window.createWorklet(url) and allow selectURL()/run() on the resulting worklet object. Those methods were previously disallowed in opaque origin contexts. Reason: While direct storage access is typically disallowed in sandboxed iframe, that's more of a side effect of having an opaque origin, rather than the original intent of sandboxing. Thus, it should be okay to allow creating new non-opaque contexts via createWorklet(url), and the new contexts can further access shared storage. This enables more flexible functionality within the sandboxed environment while still adhering to the security principles of sandboxing.
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 6, 2024
PR: WICG/shared-storage#156 Bug: 345274915 Change-Id: I748df668635d77a2d158bd86222aa2fdecfed3eb
github-actions bot
added a commit
that referenced
this pull request
Jun 6, 2024
…rigin SHA: c375c8d Reason: push, by xyaoinum Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 7, 2024
PR: WICG/shared-storage#156 Bug: 345274915 Change-Id: I748df668635d77a2d158bd86222aa2fdecfed3eb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5564969 Reviewed-by: Cammie Smith Barnes <[email protected]> Commit-Queue: Yao Xiao <[email protected]> Cr-Commit-Position: refs/heads/main@{#1311659}
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 7, 2024
PR: WICG/shared-storage#156 Bug: 345274915 Change-Id: I748df668635d77a2d158bd86222aa2fdecfed3eb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5564969 Reviewed-by: Cammie Smith Barnes <[email protected]> Commit-Queue: Yao Xiao <[email protected]> Cr-Commit-Position: refs/heads/main@{#1311659}
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Jun 12, 2024
…n opaque origin contexts, a=testonly Automatic update from web-platform-tests [shared storage] Allow createWorklet() in opaque origin contexts PR: WICG/shared-storage#156 Bug: 345274915 Change-Id: I748df668635d77a2d158bd86222aa2fdecfed3eb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5564969 Reviewed-by: Cammie Smith Barnes <[email protected]> Commit-Queue: Yao Xiao <[email protected]> Cr-Commit-Position: refs/heads/main@{#1311659} -- wpt-commits: ffb30418af724f933a640e1142b349b10e129be7 wpt-pr: 46649
i3roly
pushed a commit
to i3roly/firefox-dynasty
that referenced
this pull request
Jun 14, 2024
…n opaque origin contexts, a=testonly Automatic update from web-platform-tests [shared storage] Allow createWorklet() in opaque origin contexts PR: WICG/shared-storage#156 Bug: 345274915 Change-Id: I748df668635d77a2d158bd86222aa2fdecfed3eb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5564969 Reviewed-by: Cammie Smith Barnes <[email protected]> Commit-Queue: Yao Xiao <[email protected]> Cr-Commit-Position: refs/heads/main@{#1311659} -- wpt-commits: ffb30418af724f933a640e1142b349b10e129be7 wpt-pr: 46649
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In opaque origin contexts (e.g. sandboxed iframes), we now allow
window.createWorklet(url)and allowselectURL()/run()on the resulting worklet object. Those methods were previously disallowed in opaque origin contexts.Reason: While direct storage access is typically disallowed in sandboxed iframe, that's more of a side effect of having an opaque origin, rather than the original intent of sandboxing. Thus, it should be okay to allow creating new non-opaque contexts via
createWorklet(url), and the new contexts can further access shared storage. This enables more flexible functionality within the sandboxed environment while still adhering to the security principles of sandboxing.Preview | Diff