attempt to solve snow clash when snow protected page opens itself

[weizman]

Attempt to fix #81.

The idea is to tell opened windows (such as tabs) from child windows (such as iframes), because opened windows have their own top.

Consider a few scenarios:

Normal single app load

• App loads
• Snow attempts to apply first protection (to top)
  • Trying to set mark
  • No mark
    • Mark and protect
  • Marked
    • Since this is a top window, warn user that the page is probably compromised and bail on protection - this really should never happen, only if something malicious ran before SNOW

App load + iframe

• App loads
• Snow protects top
• Attacker opens iframe
  • Trying to set mark
  • No mark
    • Mark and protect
  • Marked
    • Since this is NOT a top window, apply infinite loop and DoS page because only attacker can cause this
  • Snow instance in iframe loads
  • Snow protection is called
  • Since window is not top, Snow bails
    • Safe because top already protected iframe when created
    • PROBLEM TO FIX: If some inner page applies different Snow protection than upper page, it will be ignored by Snow!
      • ALSO: Is this problem relevant to next scenario as well?

App load + open window

• App loads
• Snow protects top
• Attacker opens tab
  • Trying to set mark
  • No mark
    • Mark and protect
  • Marked
    • Since this is a top window, but it is also being protected by opener Snow, tell user Snow bails and that it's ok
  • Snow instance in opened tab loads
  • Snow protection is called
  • Trying to set mark
    • No mark
    • Mark and protect
    • Marked
    • Will fail to set mark because opener already marked
    • Since window is in fact a top, bail on mark attempt, we trust opener has set protection

[weizman]

Moving this effort to another attempt @ #97