You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<pclass="copyright" data-fill-with="copyright"><ahref="http://creativecommons.org/publicdomain/zero/1.0/" rel="license"><imgalt="CC0" src="https://licensebuttons.net/p/zero/1.0/80x15.png"></a> To the extent possible under law, the editors have waived all copyright
2060
2060
and related or neighboring rights to this work.
2061
-
In addition, as of 18 February 2021,
2061
+
In addition, as of 22 February 2021,
2062
2062
the editors have made this specification available under the <ahref="http://www.openwebfoundation.org/legal/the-owf-1-0-agreements/owfa-1-0" rel="license">Open Web Foundation Agreement Version 1.0</a>,
2063
2063
which is available at http://www.openwebfoundation.org/legal/the-owf-1-0-agreements/owfa-1-0.
2064
2064
Parts of this work may be from another specification document. If so, those parts are instead covered by the license of that specification document. </p>
<p>In early 2018, Spectre made it clear that a foundational security boundary the web aimed to
2119
2119
maintain was substantially less robust than expected. <adata-link-type="biblio" href="#biblio-spectre">[SPECTRE]</a> This revelation has pushed web
2120
-
browsers to shift their focus from the platform-level <adata-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin">origin</a> boundary to a hardware-level
2120
+
browsers to shift their focus from the platform-level <adata-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin">origin</a> boundary to an OS-level
2121
2121
process boundary. Chromium’s threat model, for instance, now asserts that "active web content …
2122
2122
will be able to read any and all data in the address space of the process that hosts it". <adata-link-type="biblio" href="#biblio-post-spectre-rethink">[POST-SPECTRE-RETHINK]</a> This shift in thinking imposes a shift in development practice, both
2123
2123
for browser vendors, and for web developers. Browsers need to align the origin boundary with the
0 commit comments