Re: [heycam/webidl] Define the `[CrossOriginIsolated]` extended attribute. (#883) from Mike West on 2020-05-13 (public-webapps-github@w3.org from May 2020)

From: Mike West <notifications@github.com>
Date: Wed, 13 May 2020 05:52:02 -0700
To: heycam/webidl <webidl@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <heycam/webidl/pull/883/c627962009@github.com>

> Sounds like it needs two rules, one to prevent descendants to use `[CrossOriginIsolated]` when there is `[SecureContext]` and vise versa.

I think we'd have one rule for `[CrossOriginIsolated]` and another for `[SecureContext]` along the lines of what @annevk suggested.

> I wonder we could rename `[SecureContext]` to `[Context=Secure]` and `[CrossOriginIsolated]` to `[Context=CrossOriginIsolated]` so that we can have only one check: whether descendants have `[Context]` or not.

This is more or less the spelling of the proposal in https://github.com/mikewest/securer-contexts#a-proposal (`[SecureContext=(Transport,Isolation,Injection)]`). That's a fine approach if it's what we end up wanting. I think I'd prefer distinct attributes, however, as that would allow us to invert the `[SecureContext]` model entirely (https://github.com/heycam/webidl/issues/876).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/heycam/webidl/pull/883#issuecomment-627962009

Received on Wednesday, 13 May 2020 12:52:16 UTC