Fix references to html after navigation and session history rewrite (#580)

This change fixes broken references to html, which were mostly a result of the navigation and session history rewrite.

In particular, this change:
- replaces browsing contexts with navigables,
- drops the sandbox initialization part for documents, since it is now included in html,
- rewords the part on plugins, since the html no longer defines plugin documents, but only considers pdfs.

Author: antosart

index.bs

@@ -25,7 +25,6 @@ At Risk: The [[#is-element-nonceable]] algorithm.
 spec:dom; type:interface; text:Document
 spec:html
   type: dfn
-    text: plugin document
     text: fallback base url
     text: duplicate-attribute
   type: element
@@ -123,7 +122,6 @@ spec: HTML; urlPrefix: https://html.spec.whatwg.org/
     for: script
       text: "parser-inserted"
     text: origin; url: concept-origin
-    text: browsing context; url: browsing-context
     text: content security policy state; url: attr-meta-http-equiv-content-security-policy
     text: create and initialize a new document object; url: initialise-the-document-object
     text: initializing a new Document object; url: initialise-the-document-object
@@ -625,7 +623,7 @@ spec: WebRTC; urlPrefix: https://www.w3.org/TR/webrtc/
 
   6.  A <dfn for="directive" export>navigation response check</dfn>, which takes a
       <a for="/">request</a>, a navigation type string ("`form-submission`" or "`other`"),
-      a <a>response</a>, a <a>browsing context</a>, a check type string ("`source`"
+      a <a>response</a>, a <a>navigable</a>, a check type string ("`source`"
       or "`response`"), and a <a for="/">policy</a> as arguments, and is executed during
       [[#should-block-navigation-response]]. It returns "`Allowed`" unless otherwise specified.
 
@@ -1145,15 +1143,18 @@ spec: WebRTC; urlPrefix: https://www.w3.org/TR/webrtc/
       base URL</a> algorithm to ensure that the <{base/href}> attribute's value
       is valid.
 
-  10. [[#should-block-navigation-request]] is called during the <a>process a
-      navigate fetch</a> algorithm, and [[#should-block-navigation-response]]
-      is called during the <a>process a navigate response</a> algorithm to
-      apply directive's navigation checks, as well as inline checks for
+  10. [[#should-block-navigation-request]] is called during the <a spec=html>create
+      navigation params by fetching</a> algorithm, and [[#should-block-navigation-response]]
+      is called during the <a spec=html>attempt to populate the history entry's document</a>
+      algorithm to apply directive's navigation checks, as well as inline checks for
       navigations to `javascript:` URLs.
 
   11. [[#run-global-object-csp-initialization]] is called during the <a>run a worker</a>
       algorithm.
 
+  12. The <a>sandbox</a> directive is used to populate the <a spec=html>CSP-derived
+      sandboxing flags</a>.
+
   <h4 id="run-document-csp-initialization" algorithm dfn export>
     Run `CSP` initialization for a `Document`
   </h4>
@@ -1310,7 +1311,7 @@ spec: WebRTC; urlPrefix: https://www.w3.org/TR/webrtc/
 
   Given a <a for="/">request</a> (|navigation request|), a <a>response</a> |navigation
   response|, a [=/CSP list=] |response CSP list|, a string (|type|, either
-  "`form-submission`" or "`other`"),  and a <a>browsing context</a> |target|, this algorithm
+  "`form-submission`" or "`other`"), and a <a>navigable</a> |target|, this algorithm
   returns "`Blocked`" if the active policy blocks the navigation, and "`Allowed`"
   otherwise:
 
@@ -1947,8 +1948,8 @@ this algorithm returns normally if compilation is allowed, and throws a
 
   <h4 id="directive-child-src">`child-src`</h4>
 
-  The <dfn export>`child-src`</dfn> directive governs the creation of <a>nested browsing
-  contexts</a> (e.g. <{iframe}> and <{frame}> navigations) and Worker execution
+  The <dfn export>`child-src`</dfn> directive governs the creation of <a>child
+  navigables</a> (e.g. <{iframe}> and <{frame}> navigations) and Worker execution
   contexts. The syntax for the directive's name and value is described by the
   following ABNF:
 
@@ -2339,7 +2340,7 @@ this algorithm returns normally if compilation is allowed, and throws a
   <h4 id="directive-frame-src">`frame-src`</h4>
 
   The <dfn export>frame-src</dfn> directive restricts the URLs which may be loaded into
-  <a>nested browsing contexts</a>. The syntax for the directive's name and value
+  <a>child navigables</a>. The syntax for the directive's name and value
   is described by the following ABNF:
 
   <pre>
@@ -2646,16 +2647,16 @@ this algorithm returns normally if compilation is allowed, and throws a
 
   Note: The `object-src` directive acts upon any request made on behalf of
   an <{object}> or <{embed}> element. This includes requests
-  which would populate the <a>nested browsing context</a> generated by the
+  which would populate the <a>child navigable</a> generated by the
   former two (also including navigations). This is true even when the data is
   semantically equivalent to content which would otherwise be restricted by
   another directive, such as an <{object}> element with a `text/html` MIME
   type.
 
-  Note: When a plugin resource is navigated to directly (that is, as a <a>plugin document</a> in the
-  <a>top-level browsing context</a> or a <a>nested browsing context</a>, and not as an embedded
+  Note: When a plugin resource is navigated to directly (that is, as a <a spec=html>plugin</a>
+  inside a <a>navigable</a>, and not as an embedded
   subresource via <{embed}> or <{object}>), any <a for="/">policy</a> delivered along
-  with that resource will be applied to the <a>plugin document</a>. This means, for instance, that
+  with that resource will be applied to the resulting <a>document</a>. This means, for instance, that
   developers can prevent the execution of arbitrary resources as plugin content by delivering the
   policy `object-src 'none'` along with a response. Given plugins' power (and the
   sometimes-interesting security model presented by Flash and others), this could mitigate the risk
@@ -3467,35 +3468,32 @@ this algorithm returns normally if compilation is allowed, and throws a
   </h5>
 
   This directive's <a for="directive">initialization</a> algorithm is
-  responsible for adjusting a {{Document}}'s <a>forced sandboxing flag set</a>
-  and for checking whether a worker is allowed to run according to the <a>`sandbox`</a>
-  values present in its policies as follows:
+  responsible for checking whether a worker is allowed to run according
+  to the <a>`sandbox`</a> values present in its policies as follows:
+
+  Note: The <a>sandbox</a> directive is also responsible for adjusting a
+  {{Document}}'s <a for=Document>active sandboxing flag set</a> via the
+  <a spec=html>CSP-derived sandboxing flags</a>.
 
   Given a {{Document}} or <a for="/">global object</a> (|context|) and a <a for="/">policy</a>
   (|policy|):
 
   1.  If |policy|'s <a for="policy">disposition</a> is not "`enforce`", or
-      |context| is a {{WorkletGlobalScope}}, then abort this algorithm.
+      |context| is not a {{WorkerGlobalScope}}, then abort this algorithm.
 
   2.  Let |sandboxing flag set| be a new [=/sandboxing flag set=].
 
   3.  <a>Parse a sandboxing directive</a> using this directive's <a
       for="directive">value</a> as the input, and |sandboxing flag set| as the output.
 
-  4.  If |context| is a {{WorkerGlobalScope}}:
-
-      1.  If |sandboxing flag set| contains either the <a>sandboxed scripts browsing
-          context flag</a> or the <a>sandboxed origin browsing context flag</a> flags,
-          return "`Blocked`".
+  4.  If |sandboxing flag set| contains either the <a>sandboxed scripts browsing context
+      flag</a> or the <a>sandboxed origin browsing context flag</a> flags,
+      return "`Blocked`".
 
-          Note: This will need to change if we allow Workers to be sandboxed into unique
-          origins, which seems like a pretty reasonable thing to do.
+       Note: This will need to change if we allow Workers to be sandboxed into unique
+       origins, which seems like a pretty reasonable thing to do.
 
-  5.  If |context| is a {{Document}}:
-
-      1.  Set |context|'s <a>forced sandboxing flag set</a> to |sandboxing flag set|.
-
-  6.  Return "`Allowed`".
+  5.  Return "`Allowed`".
 
   <h3 id="directives-navigation">
     Navigation Directives
@@ -3564,7 +3562,7 @@ this algorithm returns normally if compilation is allowed, and throws a
 
   Given a <a for="/">request</a> (|request|), a string |navigation type|
   ("`form-submission`" or "`other`"), a
-  <a>response</a> (|navigation response|) a <a>browsing context</a> (|target|),
+  <a>response</a> (|navigation response|) a <a>navigable</a> (|target|),
   a string |check type| ("`source`" or "`response`"), and a
   <a for="/">policy</a> (|policy|) this algorithm returns "`Blocked`" if one or
   more of the ancestors of |target| violate the `frame-ancestors` directive
@@ -3581,16 +3579,16 @@ this algorithm returns normally if compilation is allowed, and throws a
     3.  If |check type| is "`source`", return "`Allowed`".
 
         Note: The 'frame-ancestors' <a>directive</a> is relevant only to the
-        |target| <a>browsing context</a> and it has no impact on the |request|'s
+        |target| <a>navigable</a> and it has no impact on the |request|'s
         context.
 
-    4.  If |target| is not a <a>nested browsing context</a>, return "`Allowed`".
+    4.  If |target| is not a <a>child navigable</a>, return "`Allowed`".
 
     5.  Let |current| be |target|.
 
-    6.  While |current| is a <a>nested browsing context</a>:
+    6.  While |current| is a <a>child navigable</a>:
 
-        1.  Let |document| be |current|'s [=browsing context/container document=].
+        1.  Let |document| be |current|'s [=navigable/container document=].
 
         2.  Let |origin| be the result of executing the <a>URL parser</a> on the
             <a lt="ASCII serialization of an origin">ASCII serialization</a>
@@ -3600,7 +3598,7 @@ this algorithm returns normally if compilation is allowed, and throws a
             executed upon |origin|, this directive's <a for="directive">value</a>,
             |policy|'s [=policy/self-origin=], and `0`, return "`Blocked`".
 
-        4.  Set |current| to |document|'s <a>browsing context</a>.
+        4.  Set |current| to |document|'s <a>node navigable</a>.
 
     7.  Return "`Allowed`".
   </ol>
@@ -4712,7 +4710,7 @@ this algorithm returns normally if compilation is allowed, and throws a
   </h3>
 
   Documents loaded from <a>local schemes</a> will inherit a copy of the
-  policies in the <a>source browsing context</a>. The goal is to ensure that a page can't
+  policies in the source document. The goal is to ensure that a page can't
   bypass its policy by embedding a frame or opening a new window containing
   content that is entirely under its control (`srcdoc` documents, `blob:` or `data:`
   URLs, `about:blank` documents that can be manipulated via `document.write()`, etc).
@@ -4730,7 +4728,7 @@ this algorithm returns normally if compilation is allowed, and throws a
   means that the new {{Document}}'s <a for="global object">CSP list</a> is a
   snapshot of the relevant policies at its creation time. Modifications in the
   <a for="global object">CSP list</a> of the new {{Document}} won't affect the
-  <a>source browsing context</a>'s <a for="global object">CSP list</a> or vice-versa.
+  source {{Document}}'s <a for="global object">CSP list</a> or vice-versa.
 
   <div class="example">
     In the example below the image inside the iframe will not load because it is