Skip to content

Commit 4430aa5

Browse files
antosartantosart
authored
Remove callerRealm param from EnsureCSPDoesNotBlockStringCompilation (#541)
This PR cleans up the EnsureCSPDoesNotBlockStringCompilation algorithm removing the callerRealm parameter, which is not used. See also #540 and #438.
1 parent a284913 commit 4430aa5

File tree

1 file changed

+9
-10
lines changed

1 file changed

+9
-10
lines changed

index.bs

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1405,16 +1405,18 @@ spec: WebAssembly-web-api-api; urlPrefix: https://webassembly.github.io/spec/web
14051405
to determine whether such compilation ought to be blocked.
14061406

14071407
<h4 id="can-compile-strings" algorithm dfn export>
1408-
EnsureCSPDoesNotBlockStringCompilation(|callerRealm|, |calleeRealm|, |source|)
1408+
EnsureCSPDoesNotBlockStringCompilation(|realm|, |source|)
14091409
</h4>
14101410

1411-
Given two <a>realms</a> (<var ignore>callerRealm</var> and |calleeRealm|),
1412-
and a string (|source|), this algorithm returns normally if string compilation
1413-
is allowed, and throws an "`EvalError`" if not:
1411+
Given a <a>realm</a> (|realm|) and a string (|source|), this algorithm
1412+
returns normally if string compilation is allowed, and throws an "`EvalError`"
1413+
if not:
14141414

14151415
1. Let |result| be "`Allowed`".
14161416

1417-
2. For each |policy| in |calleeRealm|'s [=global object/CSP list=]:
1417+
2. Let |global| be |realm|'s [=Realm/global object=].
1418+
1419+
3. For each |policy| in |global|'s [=global object/CSP list=]:
14181420

14191421
1. Let |source-list| be `null`.
14201422

@@ -1429,7 +1431,7 @@ spec: WebAssembly-web-api-api; urlPrefix: https://webassembly.github.io/spec/web
14291431
then:
14301432

14311433
1. Let |violation| be the result of executing [[#create-violation-for-global]] on
1432-
|calleeRealm|, |policy|, and "`script-src`".
1434+
|global|, |policy|, and "`script-src`".
14331435

14341436
2. Set |violation|'s [=violation/resource=] to "`eval`".
14351437

@@ -1442,15 +1444,12 @@ spec: WebAssembly-web-api-api; urlPrefix: https://webassembly.github.io/spec/web
14421444
5. If |policy|'s [=policy/disposition=] is "`enforce`", then set |result| to
14431445
"`Blocked`".
14441446

1445-
3. If |result| is "`Blocked`", throw an `EvalError` exception.
1447+
4. If |result| is "`Blocked`", throw an `EvalError` exception.
14461448

14471449
ISSUE(tc39/ecma262#938): {{HostEnsureCanCompileStrings()}} does not include the string which is
14481450
going to be compiled as a parameter. We'll also need to update HTML to pipe that value through
14491451
to CSP.
14501452

1451-
Note: The parameter |callerRealm| is ignored on purpose, see
1452-
<a href="https://github.com/w3c/webappsec-csp/issues/438">Issue 438</a>.
1453-
14541453
<h3 id="wasm-integration">Integration with WebAssembly</h3>
14551454

14561455
WebAssembly defines the {{HostEnsureCanCompileWasmBytes()}} abstract operation

0 commit comments

Comments
 (0)