Secure sheets

[mikewest]

@tabatkins: Is this at all reasonable?

---

Preview | Diff

[mikewest]

@annevk might have opinions too, I suppose.

Note that https://github.com/w3c/webappsec-secure-contexts/pull/51/commits/c5af7e313ea1b0d049dd2d164348b802526114be is the only commit that should be in this PR. The first commit is already in master. Not sure why it's showing up here. Weird.

[tabatkins]

CSS stylesheet only has null parent node/sheet when you grab a reference to a sheet, then make the browser regen the sheet. Like:

<!DOCTYPE html>
<style id=foo>
.foo { color: red; }
</style>
<script>
var foo = document.querySelector("#foo");
var oldSheet = foo.sheet;
foo.innerHTML = ".bar { color: blue; }";
var newSheet = foo.sheet;
console.log(oldSheet.ownerNode); // null
console.log(newSheet.ownerNode); // the <style> element
</script>

In other words, the sheet is definitely not going to be applied anywhere. Whether it's treated as secure or not is irrelevant for functionality purposes, do whatever you think is best.

[tabatkins]

Otherwise seems okay to me.

[annevk]

Would probably be best to cache it at creation time then.

[mikewest]

Are there any cases where it would matter, @annevk? It shouldn't be possible for a context to shift state during a page's lifetime, so runtime evaluations of the stylesheet's state should be ~indistinguishable from caching the state at the time it's attached to the page (though that sounds like an optimization that an implementer might be interested in poking at).

[tabatkins]

Caching just means we have a definite answer for what to return in the double-null case. (And, currently, stylesheets can't be constructed double-null, they just end up that way post-construction.)

(Constructable stylesheets are a thing that will happen, and we'll make the security decision there independently. Possibly by just making the feature secure-context only in the first place.)

[annevk]

@mikewest I don't know what kind of decisions CSS will take based on this bit. If we could imagine it would affect parsing, then in contrived scenarios you could notice this changing over time. I'm not sure that's something implementations would actually want to have to support.

(And once constructable style sheets happen we'll have a big mess if we don't cache it seems like.)

[tabatkins]

Ah yeah, another good point. Yeah, since parsing will probably end up depending on the secure bit, having it change on us would be annoying.

[annevk]

Closing as this didn't go anywhere.