Delegate srcdoc's CSP list initialization to CSP.

mikewest · mikewest · commit 80f660805767 · 2017-04-27T10:02:25.000+02:00
Following up on w3c/webappsec-csp#210, this patch simplifies the integration point between HTML and CSP, delegating the functionality entirely to the latter.
diff --git a/source b/source
@@ -3747,7 +3747,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
      <li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#grammardef-serialized-policy">Content Security Policy syntax</dfn></li>
      <li><dfn data-x-href="https://w3c.github.io/webappsec-csp/#enforced">enforce the policy</dfn></li>
      <li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#parse-serialized-policy">parse a serialized Content Security Policy</dfn> algorithm</li>
-     <li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#initialize-global-object-csp">Initialize a global object's CSP list</dfn> algorithm</li>
+     <li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#initialize-worker-csp">Initialize a worker's CSP list</dfn> algorithm</li>
      <li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#initialize-document-csp">Initialize a Document's CSP list</dfn> algorithm</li>
      <li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#should-block-inline">Should element's inline behavior be blocked by Content Security Policy?</dfn> algorithm</li>
      <li>The <dfn data-x-href="https://w3c.github.io/webappsec-csp/#should-block-navigation-request">Should navigation request of type from source in target be blocked by Content Security Policy?</dfn> algorithm</li>
@@ -28891,9 +28891,7 @@ interface <dfn>HTMLIFrameElement</dfn> : <span>HTMLElement</span> {
     data-x="concept-response-header-list">header list</span> consists of `<code
     data-x="">Content-Type</code>`/`<code>text/html</code>, <span
     data-x="concept-response-body">body</span> is the value of the attribute, <span
-    data-x="concept-response-csp-list">CSP list</span> is the <span
-    data-x="concept-document-csp-list">CSP list</span> of the <code>iframe</code> element's <span>node
-    document</span>, <span data-x="concept-response-https-state">HTTPS state</span> is the <span
+    data-x="concept-response-https-state">HTTPS state</span> is the <span
     data-x="concept-document-https-state">HTTPS state</span> of the <code>iframe</code> element's
     <span>node document</span>.
 
@@ -97482,8 +97480,8 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {
      <span data-x="parse-referrer-policy-header">parsing the `<code>Referrer-Policy</code>`
      header</span> of <var>response</var>.</p></li>
 
-     <li><p>Execute the <span>Initialize a <code data-x="">global object</code>'s CSP list</span>
-     algorithm on <var>worker global scope</var> and <var>response</var>. <ref spec="CSP"></p></li>
+     <li><p>Execute the <span>Initialize a worker's CSP list</span> algorithm on <var>worker global
+     scope</var> and <var>response</var>. <ref spec="CSP"></p></li>
 
      <li><p>Asynchronously complete the <span data-x="fetching-scripts-perform-fetch">perform the
      fetch</span> steps with <var>response</var>.</p></li>
