diff --git a/index.bs b/index.bs
index 77ff2bad61..83bad238b6 100644
--- a/index.bs
+++ b/index.bs
@@ -25,7 +25,6 @@ At Risk: The [[#is-element-nonceable]] algorithm.
spec:dom; type:interface; text:Document
spec:html
type: dfn
- text: plugin document
text: fallback base url
text: duplicate-attribute
type: element
@@ -123,7 +122,6 @@ spec: HTML; urlPrefix: https://html.spec.whatwg.org/
for: script
text: "parser-inserted"
text: origin; url: concept-origin
- text: browsing context; url: browsing-context
text: content security policy state; url: attr-meta-http-equiv-content-security-policy
text: create and initialize a new document object; url: initialise-the-document-object
text: initializing a new Document object; url: initialise-the-document-object
@@ -625,7 +623,7 @@ spec: WebRTC; urlPrefix: https://www.w3.org/TR/webrtc/
6. A navigation response check, which takes a
request, a navigation type string ("`form-submission`" or "`other`"),
- a response, a browsing context, a check type string ("`source`"
+ a response, a navigable, a check type string ("`source`"
or "`response`"), and a policy as arguments, and is executed during
[[#should-block-navigation-response]]. It returns "`Allowed`" unless otherwise specified.
@@ -1145,15 +1143,18 @@ spec: WebRTC; urlPrefix: https://www.w3.org/TR/webrtc/
base URL algorithm to ensure that the <{base/href}> attribute's value
is valid.
- 10. [[#should-block-navigation-request]] is called during the process a
- navigate fetch algorithm, and [[#should-block-navigation-response]]
- is called during the process a navigate response algorithm to
- apply directive's navigation checks, as well as inline checks for
+ 10. [[#should-block-navigation-request]] is called during the create
+ navigation params by fetching algorithm, and [[#should-block-navigation-response]]
+ is called during the attempt to populate the history entry's document
+ algorithm to apply directive's navigation checks, as well as inline checks for
navigations to `javascript:` URLs.
11. [[#run-global-object-csp-initialization]] is called during the run a worker
algorithm.
+ 12. The sandbox directive is used to populate the CSP-derived
+ sandboxing flags.
+
Run `CSP` initialization for a `Document`
@@ -1310,7 +1311,7 @@ spec: WebRTC; urlPrefix: https://www.w3.org/TR/webrtc/
Given a request (|navigation request|), a response |navigation
response|, a [=/CSP list=] |response CSP list|, a string (|type|, either
- "`form-submission`" or "`other`"), and a browsing context |target|, this algorithm
+ "`form-submission`" or "`other`"), and a navigable |target|, this algorithm
returns "`Blocked`" if the active policy blocks the navigation, and "`Allowed`"
otherwise:
@@ -1947,8 +1948,8 @@ this algorithm returns normally if compilation is allowed, and throws a
`child-src`
- The `child-src` directive governs the creation of nested browsing
- contexts (e.g. <{iframe}> and <{frame}> navigations) and Worker execution
+ The `child-src` directive governs the creation of child
+ navigables (e.g. <{iframe}> and <{frame}> navigations) and Worker execution
contexts. The syntax for the directive's name and value is described by the
following ABNF:
@@ -2339,7 +2340,7 @@ this algorithm returns normally if compilation is allowed, and throws a
`frame-src`
The frame-src directive restricts the URLs which may be loaded into
- nested browsing contexts. The syntax for the directive's name and value
+ child navigables. The syntax for the directive's name and value
is described by the following ABNF:
@@ -2646,16 +2647,16 @@ this algorithm returns normally if compilation is allowed, and throws a
Note: The `object-src` directive acts upon any request made on behalf of
an <{object}> or <{embed}> element. This includes requests
- which would populate the nested browsing context generated by the
+ which would populate the child navigable generated by the
former two (also including navigations). This is true even when the data is
semantically equivalent to content which would otherwise be restricted by
another directive, such as an <{object}> element with a `text/html` MIME
type.
- Note: When a plugin resource is navigated to directly (that is, as a plugin document in the
- top-level browsing context or a nested browsing context, and not as an embedded
+ Note: When a plugin resource is navigated to directly (that is, as a plugin
+ inside a navigable, and not as an embedded
subresource via <{embed}> or <{object}>), any policy delivered along
- with that resource will be applied to the plugin document. This means, for instance, that
+ with that resource will be applied to the resulting document. This means, for instance, that
developers can prevent the execution of arbitrary resources as plugin content by delivering the
policy `object-src 'none'` along with a response. Given plugins' power (and the
sometimes-interesting security model presented by Flash and others), this could mitigate the risk
@@ -3467,35 +3468,32 @@ this algorithm returns normally if compilation is allowed, and throws a
This directive's initialization algorithm is
- responsible for adjusting a {{Document}}'s forced sandboxing flag set
- and for checking whether a worker is allowed to run according to the `sandbox`
- values present in its policies as follows:
+ responsible for checking whether a worker is allowed to run according
+ to the `sandbox` values present in its policies as follows:
+
+ Note: The sandbox directive is also responsible for adjusting a
+ {{Document}}'s active sandboxing flag set via the
+ CSP-derived sandboxing flags.
Given a {{Document}} or global object (|context|) and a policy
(|policy|):
1. If |policy|'s disposition is not "`enforce`", or
- |context| is a {{WorkletGlobalScope}}, then abort this algorithm.
+ |context| is not a {{WorkerGlobalScope}}, then abort this algorithm.
2. Let |sandboxing flag set| be a new [=/sandboxing flag set=].
3. Parse a sandboxing directive using this directive's value as the input, and |sandboxing flag set| as the output.
- 4. If |context| is a {{WorkerGlobalScope}}:
-
- 1. If |sandboxing flag set| contains either the sandboxed scripts browsing
- context flag or the sandboxed origin browsing context flag flags,
- return "`Blocked`".
+ 4. If |sandboxing flag set| contains either the sandboxed scripts browsing context
+ flag or the sandboxed origin browsing context flag flags,
+ return "`Blocked`".
- Note: This will need to change if we allow Workers to be sandboxed into unique
- origins, which seems like a pretty reasonable thing to do.
+ Note: This will need to change if we allow Workers to be sandboxed into unique
+ origins, which seems like a pretty reasonable thing to do.
- 5. If |context| is a {{Document}}:
-
- 1. Set |context|'s forced sandboxing flag set to |sandboxing flag set|.
-
- 6. Return "`Allowed`".
+ 5. Return "`Allowed`".
Navigation Directives
@@ -3564,7 +3562,7 @@ this algorithm returns normally if compilation is allowed, and throws a
Given a request (|request|), a string |navigation type|
("`form-submission`" or "`other`"), a
- response (|navigation response|) a browsing context (|target|),
+ response (|navigation response|) a navigable (|target|),
a string |check type| ("`source`" or "`response`"), and a
policy (|policy|) this algorithm returns "`Blocked`" if one or
more of the ancestors of |target| violate the `frame-ancestors` directive
@@ -3581,16 +3579,16 @@ this algorithm returns normally if compilation is allowed, and throws a
3. If |check type| is "`source`", return "`Allowed`".
Note: The 'frame-ancestors' directive is relevant only to the
- |target| browsing context and it has no impact on the |request|'s
+ |target| navigable and it has no impact on the |request|'s
context.
- 4. If |target| is not a nested browsing context, return "`Allowed`".
+ 4. If |target| is not a child navigable, return "`Allowed`".
5. Let |current| be |target|.
- 6. While |current| is a nested browsing context:
+ 6. While |current| is a child navigable:
- 1. Let |document| be |current|'s [=browsing context/container document=].
+ 1. Let |document| be |current|'s [=navigable/container document=].
2. Let |origin| be the result of executing the URL parser on the
ASCII serialization
@@ -3600,7 +3598,7 @@ this algorithm returns normally if compilation is allowed, and throws a
executed upon |origin|, this directive's value,
|policy|'s [=policy/self-origin=], and `0`, return "`Blocked`".
- 4. Set |current| to |document|'s browsing context.
+ 4. Set |current| to |document|'s node navigable.
7. Return "`Allowed`".
@@ -4712,7 +4710,7 @@ this algorithm returns normally if compilation is allowed, and throws a
Documents loaded from local schemes will inherit a copy of the
- policies in the source browsing context. The goal is to ensure that a page can't
+ policies in the source document. The goal is to ensure that a page can't
bypass its policy by embedding a frame or opening a new window containing
content that is entirely under its control (`srcdoc` documents, `blob:` or `data:`
URLs, `about:blank` documents that can be manipulated via `document.write()`, etc).
@@ -4730,7 +4728,7 @@ this algorithm returns normally if compilation is allowed, and throws a
means that the new {{Document}}'s CSP list is a
snapshot of the relevant policies at its creation time. Modifications in the
CSP list of the new {{Document}} won't affect the
- source browsing context's CSP list or vice-versa.
+ source {{Document}}'s CSP list or vice-versa.
In the example below the image inside the iframe will not load because it is