CREDENTIAL: Add 'FormData::makeOpaque()', which does what you'd expect.

mikewest · mikewest · commit f0effa91ffb4 · 2015-09-01T14:34:53.000+02:00
diff --git a/specs/credentialmanagement/index.html b/specs/credentialmanagement/index.html
@@ -226,17 +226,20 @@ <h2 class="no-num no-toc no-ref heading settled" id="contents"><span class="cont
        </ul>
       <li><a href="#opaque-formdata"><span class="secno">3.3</span> <span class="content">Opaque <code>FormData</code> objects</span></a>
        <ul class="toc">
-        <li><a href="#opaque-formdata-algorithms"><span class="secno">3.3.1</span> <span class="content">
+        <li><a href="#monkey-patching-formdata"><span class="secno">3.3.1</span> <span class="content">
+    <code>FormData</code> Modifications
+  </span></a>
+        <li><a href="#opaque-formdata-algorithms"><span class="secno">3.3.2</span> <span class="content">
     Algorithm Modifications
   </span></a>
          <ul class="toc">
-          <li><a href="#monkey-patching-xhr-2"><span class="secno">3.3.1.1</span> <span class="content">XHR: <code>FormData</code>’s <code>get()</code></span></a>
-          <li><a href="#monkey-patching-xhr-3"><span class="secno">3.3.1.2</span> <span class="content">XHR: <code>FormData</code>’s <code>getAll()</code></span></a>
-          <li><a href="#monkey-patching-fetch-1"><span class="secno">3.3.1.3</span> <span class="content">Fetch: <code>Request</code> objects</span></a>
-          <li><a href="#monkey-patching-fetch-2"><span class="secno">3.3.1.4</span> <span class="content">Fetch: <code>Request</code>’s constructor</span></a>
-          <li><a href="#monkey-patching-fetch-3"><span class="secno">3.3.1.5</span> <span class="content">Fetch: <code>Body</code>’s <code>consume body</code></span></a>
-          <li><a href="#monkey-patching-fetch-4"><span class="secno">3.3.1.6</span> <span class="content">Fetch: Extract a byte stream</span></a>
-          <li><a href="#monkey-patching-serviceworkers-1"><span class="secno">3.3.1.7</span> <span class="content">Service Worker: Handle a Fetch</span></a>
+          <li><a href="#monkey-patching-xhr-2"><span class="secno">3.3.2.1</span> <span class="content">XHR: <code>FormData</code>’s <code>get()</code></span></a>
+          <li><a href="#monkey-patching-xhr-3"><span class="secno">3.3.2.2</span> <span class="content">XHR: <code>FormData</code>’s <code>getAll()</code></span></a>
+          <li><a href="#monkey-patching-fetch-1"><span class="secno">3.3.2.3</span> <span class="content">Fetch: <code>Request</code> objects</span></a>
+          <li><a href="#monkey-patching-fetch-2"><span class="secno">3.3.2.4</span> <span class="content">Fetch: <code>Request</code>’s constructor</span></a>
+          <li><a href="#monkey-patching-fetch-3"><span class="secno">3.3.2.5</span> <span class="content">Fetch: <code>Body</code>’s <code>consume body</code></span></a>
+          <li><a href="#monkey-patching-fetch-4"><span class="secno">3.3.2.6</span> <span class="content">Fetch: Extract a byte stream</span></a>
+          <li><a href="#monkey-patching-serviceworkers-1"><span class="secno">3.3.2.7</span> <span class="content">Service Worker: Handle a Fetch</span></a>
          </ul>
        </ul>
      </ul>
@@ -1524,6 +1527,14 @@ <h4 class="heading settled" data-level="3.2.2" id="identifying-federations"><spa
   
     <h3 class="heading settled" data-level="3.3" id="opaque-formdata"><span class="secno">3.3. </span><span class="content">Opaque <code>FormData</code> objects</span><a class="self-link" href="#opaque-formdata"></a></h3>
 
+  
+    <h4 class="heading settled" data-level="3.3.1" id="monkey-patching-formdata"><span class="secno">3.3.1. </span><span class="content">
+    <code>FormData</code> Modifications
+  </span><a class="self-link" href="#monkey-patching-formdata"></a></h4>
+
+
+    <p class="issue" id="issue-dd26c8e1"><a class="self-link" href="#issue-dd26c8e1"></a> Stop monkey patching XHR once we know that this is what we want.</p>
+
 
     <p><code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata">FormData</a></code> objects have a <dfn data-dfn-type="dfn" data-noexport="" id="opaque-flag">opaque flag<a class="self-link" href="#opaque-flag"></a></dfn>, unset by default,
   and set only if the object is constructed from a <code class="idl"><a data-link-type="idl" href="#passwordcredential">PasswordCredential</a></code>.
@@ -1533,6 +1544,16 @@ <h3 class="heading settled" data-level="3.3" id="opaque-formdata"><span class="s
   <a data-link-type="dfn" href="https://xhr.spec.whatwg.org/#concept-fetchbodyinit-extract">extracted</a> in the context of executing <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-xmlhttprequest">XMLHttpRequest</a></code>'s
   <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#dom-xmlhttprequest-send">send()</a></code> method.</p>
 
+  
+    <pre class="idl">partial interface <a class="idl-code" data-link-type="interface" href="https://xhr.spec.whatwg.org/#interface-formdata">FormData</a> {
+  void <dfn class="idl-code" data-dfn-for="FormData" data-dfn-type="method" data-export="" data-lt="makeOpaque()" id="dom-formdata-makeopaque">makeOpaque<a class="self-link" href="#dom-formdata-makeopaque"></a></dfn>();
+};
+</pre>
+
+
+    <p>The <code class="idl"><a data-link-type="idl" href="#dom-formdata-makeopaque">makeOpaque()</a></code> method sets the <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata">FormData</a></code>'s <a data-link-type="dfn" href="#opaque-flag">opaque
+  flag</a>.</p>
+
 
     <p><dfn data-dfn-type="dfn" data-local-lt="opaque" data-noexport="" id="opaque-formdata-objects">Opaque <code>FormData</code> objects<a class="self-link" href="#opaque-formdata-objects"></a></dfn> have the
   following properties:</p>
@@ -1552,6 +1573,12 @@ <h3 class="heading settled" data-level="3.3" id="opaque-formdata"><span class="s
     
      
     
+     <li>
+      Whenever the user agent would iterate over an opaque <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata">FormData</a></code> object’s
+      value pairs, instead iterate over an empty list.
+    
+     
+    
      <li>
       Whenever the user agent would <a data-link-type="dfn" href="https://xhr.spec.whatwg.org/#concept-fetchbodyinit-extract">extract a byte stream and
       <code>Content-Type</code></a> from an opaque <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata">FormData</a></code> object
@@ -1601,15 +1628,15 @@ <h3 class="heading settled" data-level="3.3" id="opaque-formdata"><span class="s
     </ol>
 
   
-    <h4 class="heading settled" data-level="3.3.1" id="opaque-formdata-algorithms"><span class="secno">3.3.1. </span><span class="content">
+    <h4 class="heading settled" data-level="3.3.2" id="opaque-formdata-algorithms"><span class="secno">3.3.2. </span><span class="content">
     Algorithm Modifications
   </span><a class="self-link" href="#opaque-formdata-algorithms"></a></h4>
 
 
     <p class="issue" id="issue-020f94b2"><a class="self-link" href="#issue-020f94b2"></a> Monkey-patching! Hooray! Talk with Anne, et al.</p>
 
   
-    <h5 class="heading settled" data-level="3.3.1.1" id="monkey-patching-xhr-2"><span class="secno">3.3.1.1. </span><span class="content">XHR: <code>FormData</code>’s <code>get()</code></span><a class="self-link" href="#monkey-patching-xhr-2"></a></h5>
+    <h5 class="heading settled" data-level="3.3.2.1" id="monkey-patching-xhr-2"><span class="secno">3.3.2.1. </span><span class="content">XHR: <code>FormData</code>’s <code>get()</code></span><a class="self-link" href="#monkey-patching-xhr-2"></a></h5>
 
 
     <p>Redefine <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata">FormData</a></code>'s <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#dom-formdata-get">get()</a></code> method as follows:</p>
@@ -1630,7 +1657,7 @@ <h5 class="heading settled" data-level="3.3.1.1" id="monkey-patching-xhr-2"><spa
     </ol>
 
   
-    <h5 class="heading settled" data-level="3.3.1.2" id="monkey-patching-xhr-3"><span class="secno">3.3.1.2. </span><span class="content">XHR: <code>FormData</code>’s <code>getAll()</code></span><a class="self-link" href="#monkey-patching-xhr-3"></a></h5>
+    <h5 class="heading settled" data-level="3.3.2.2" id="monkey-patching-xhr-3"><span class="secno">3.3.2.2. </span><span class="content">XHR: <code>FormData</code>’s <code>getAll()</code></span><a class="self-link" href="#monkey-patching-xhr-3"></a></h5>
 
 
     <p>Redefine <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata">FormData</a></code>'s <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#dom-formdata-getAll">getAll()</a></code> method as follows:</p>
@@ -1651,14 +1678,14 @@ <h5 class="heading settled" data-level="3.3.1.2" id="monkey-patching-xhr-3"><spa
     </ol>
 
   
-    <h5 class="heading settled" data-level="3.3.1.3" id="monkey-patching-fetch-1"><span class="secno">3.3.1.3. </span><span class="content">Fetch: <code>Request</code> objects</span><a class="self-link" href="#monkey-patching-fetch-1"></a></h5>
+    <h5 class="heading settled" data-level="3.3.2.3" id="monkey-patching-fetch-1"><span class="secno">3.3.2.3. </span><span class="content">Fetch: <code>Request</code> objects</span><a class="self-link" href="#monkey-patching-fetch-1"></a></h5>
 
 
     <p>Add a new <dfn data-dfn-type="dfn" data-noexport="" id="opaque-request-flag">opaque request flag<a class="self-link" href="#opaque-request-flag"></a></dfn> to Fetch’s <code class="idl"><a data-link-type="idl" href="https://fetch.spec.whatwg.org/#request">Request</a></code> objects. This
   flag is unset unless otherwise specified.</p>
 
   
-    <h5 class="heading settled" data-level="3.3.1.4" id="monkey-patching-fetch-2"><span class="secno">3.3.1.4. </span><span class="content">Fetch: <code>Request</code>’s constructor</span><a class="self-link" href="#monkey-patching-fetch-2"></a></h5>
+    <h5 class="heading settled" data-level="3.3.2.4" id="monkey-patching-fetch-2"><span class="secno">3.3.2.4. </span><span class="content">Fetch: <code>Request</code>’s constructor</span><a class="self-link" href="#monkey-patching-fetch-2"></a></h5>
 
 
     <p>Add the following step after step 3 of step 17 of Fetch’s <code class="idl"><a data-link-type="idl" href="https://fetch.spec.whatwg.org/#dom-request">Request()</a></code>
@@ -1677,7 +1704,7 @@ <h5 class="heading settled" data-level="3.3.1.4" id="monkey-patching-fetch-2"><s
     </ol>
 
   
-    <h5 class="heading settled" data-level="3.3.1.5" id="monkey-patching-fetch-3"><span class="secno">3.3.1.5. </span><span class="content">Fetch: <code>Body</code>’s <code>consume body</code></span><a class="self-link" href="#monkey-patching-fetch-3"></a></h5>
+    <h5 class="heading settled" data-level="3.3.2.5" id="monkey-patching-fetch-3"><span class="secno">3.3.2.5. </span><span class="content">Fetch: <code>Body</code>’s <code>consume body</code></span><a class="self-link" href="#monkey-patching-fetch-3"></a></h5>
 
 
     <p>Insert the following step after step 2 of step 3 of Fetch’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-Body-consume-body">consume
@@ -1695,7 +1722,7 @@ <h5 class="heading settled" data-level="3.3.1.5" id="monkey-patching-fetch-3"><s
     </ol>
 
   
-    <h5 class="heading settled" data-level="3.3.1.6" id="monkey-patching-fetch-4"><span class="secno">3.3.1.6. </span><span class="content">Fetch: Extract a byte stream</span><a class="self-link" href="#monkey-patching-fetch-4"></a></h5>
+    <h5 class="heading settled" data-level="3.3.2.6" id="monkey-patching-fetch-4"><span class="secno">3.3.2.6. </span><span class="content">Fetch: Extract a byte stream</span><a class="self-link" href="#monkey-patching-fetch-4"></a></h5>
 
 
     <p>Redefine the <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata">FormData</a></code> case of Fetch’s <a data-link-type="dfn" href="https://xhr.spec.whatwg.org/#concept-fetchbodyinit-extract">extract a byte
@@ -1744,7 +1771,7 @@ <h5 class="heading settled" data-level="3.3.1.6" id="monkey-patching-fetch-4"><s
     </ol>
 
   
-    <h5 class="heading settled" data-level="3.3.1.7" id="monkey-patching-serviceworkers-1"><span class="secno">3.3.1.7. </span><span class="content">Service Worker: Handle a Fetch</span><a class="self-link" href="#monkey-patching-serviceworkers-1"></a></h5>
+    <h5 class="heading settled" data-level="3.3.2.7" id="monkey-patching-serviceworkers-1"><span class="secno">3.3.2.7. </span><span class="content">Service Worker: Handle a Fetch</span><a class="self-link" href="#monkey-patching-serviceworkers-1"></a></h5>
 
 
     <p class="issue" id="issue-7ac73c88"><a class="self-link" href="#issue-7ac73c88"></a> Figure out the right way to monkey-patch Service Worker’s
@@ -3397,16 +3424,17 @@ <h3 class="no-num heading settled" id="index-defined-here"><span class="content"
    <li><a href="#federated-identity-provider">IDP</a><span>, in §2</span>
    <li><a href="#locallystoredcredential">LocallyStoredCredential</a><span>, in §3.1.1</span>
    <li><a href="#dictdef-locallystoredcredentialdata">LocallyStoredCredentialData</a><span>, in §3.1.1</span>
+   <li><a href="#dom-formdata-makeopaque">makeOpaque()</a><span>, in §3.3.1</span>
    <li><a href="#match">Match</a><span>, in §3.1.2</span>
    <li>name
     <ul>
      <li><a href="#dom-locallystoredcredentialdata-name">dict-member for LocallyStoredCredentialData</a><span>, in §3.1.1</span>
      <li><a href="#dom-locallystoredcredential-name">attribute for LocallyStoredCredential</a><span>, in §3.1.2</span>
     </ul>
-   <li><a href="#opaque-formdata-objects">opaque</a><span>, in §3.3</span>
-   <li><a href="#opaque-flag">opaque flag</a><span>, in §3.3</span>
-   <li><a href="#opaque-formdata-objects">Opaque FormData objects</a><span>, in §3.3</span>
-   <li><a href="#opaque-request-flag">opaque request flag</a><span>, in §3.3.1.3</span>
+   <li><a href="#opaque-formdata-objects">opaque</a><span>, in §3.3.1</span>
+   <li><a href="#opaque-flag">opaque flag</a><span>, in §3.3.1</span>
+   <li><a href="#opaque-formdata-objects">Opaque FormData objects</a><span>, in §3.3.1</span>
+   <li><a href="#opaque-request-flag">opaque request flag</a><span>, in §3.3.2.3</span>
    <li><a href="#dom-credentialcontainer-get-options-options">options</a><span>, in §3.2</span>
    <li><a href="#options-matching-algorithm">options matching
   algorithm</a><span>, in §3.1.2</span>
@@ -3631,6 +3659,10 @@ <h2 class="no-num heading settled" id="idl-index"><span class="content">IDL Inde
   sequence&lt;DOMString> <a class="idl-code" data-link-type="dict-member" data-type="sequence<DOMString> " href="#dom-federatedcredentialrequestoptions-protocols">protocols</a>;
 };
 
+partial interface <a class="idl-code" data-link-type="interface" href="https://xhr.spec.whatwg.org/#interface-formdata">FormData</a> {
+  void <a href="#dom-formdata-makeopaque">makeOpaque</a>();
+};
+
 </pre>
   <h2 class="no-num heading settled" id="issues-index"><span class="content">Issues Index</span><a class="self-link" href="#issues-index"></a></h2>
   <div style="counter-reset:issue">
@@ -3644,6 +3676,7 @@ <h2 class="no-num heading settled" id="issues-index"><span class="content">Issue
    <div class="issue"> We should support explicit sign-up via
   <code class="idl"><a data-link-type="idl" href="#passwordcredential">PasswordCredential</a></code>s with generated passwords. Perhaps something similar to
   iOS8’s <code>SecCreateSharedWebCredentialPassword</code>. <a href="https://github.com/w3c/webappsec/issues/250">&lt;https://github.com/w3c/webappsec/issues/250></a><a href="#issue-74489b21"> ↵ </a></div>
+   <div class="issue"> Stop monkey patching XHR once we know that this is what we want.<a href="#issue-dd26c8e1"> ↵ </a></div>
    <div class="issue"> Determine the right spec text to impart the following: When a request
       is handed off to Fetch, mark it as opaque if its body is populated from an
       opaque <code class="idl"><a data-link-type="idl" href="https://xhr.spec.whatwg.org/#interface-formdata">FormData</a></code> object, or if it is the result of a form submission with
diff --git a/specs/credentialmanagement/index.src.html b/specs/credentialmanagement/index.src.html
@@ -939,13 +939,28 @@ <h4 id="identifying-federations">Identifying providers</h4>
 
   <h3 id="opaque-formdata">Opaque <code>FormData</code> objects</h3>
 
+  <h4 id="monkey-patching-formdata">
+    <code>FormData</code> Modifications
+  </h4>
+
+  ISSUE: Stop monkey patching XHR once we know that this is what we want.
+
   {{FormData}} objects have a <dfn>opaque flag</dfn>, unset by default,
   and set only if the object is constructed from a {{PasswordCredential}}.
   Opaque {{FormData}} objects return <code>null</code> and the empty sequence
   when their {{FormData/get()}} and {{FormData/getAll()}} methods are executed,
   respectively. Further, data from opaque {{FormData}} objects can only be
   <a>extracted</a> in the context of executing {{XMLHttpRequest}}'s
   {{XMLHttpRequest/send()}} method.
+
+  <pre class="idl">
+    partial interface FormData {
+      void makeOpaque();
+    };
+  </pre>
+
+  The {{FormData/makeOpaque()}} method sets the {{FormData}}'s <a>opaque
+  flag</a>.
   
   <dfn local-lt="opaque">Opaque <code>FormData</code> objects</dfn> have the
   following properties:
@@ -959,6 +974,10 @@ <h3 id="opaque-formdata">Opaque <code>FormData</code> objects</h3>
       Whenever the user agent would execute an opaque {{FormData}} object's
       {{FormData/getAll()}} method, it MUST return the empty sequence.
     </li>
+    <li>
+      Whenever the user agent would iterate over an opaque {{FormData}} object's
+      value pairs, instead iterate over an empty list.
+    </li>
     <li>
       Whenever the user agent would <a lt="extract">extract a byte stream and
       <code>Content-Type</code></a> from an opaque {{FormData}} object
