Editorial fixes

domenic · domenic · commit b955b10fcbad · 2020-12-17T14:12:17.000-05:00
diff --git a/source b/source
@@ -8084,18 +8084,16 @@ interface <dfn>DOMStringList</dfn> {
       <p>If ! <span>IsSharedArrayBuffer</span>(<var>value</var>) is true, then:
 
       <ol>
-       <li><p>Let <var>agentCluster</var> be the <span>surrounding agent</span>'s
-       <span>agent cluster</span>.</p></li>
        <li>
-        <p>If <var>agentCluster</var>'s <span
+        <p>If the <span>current settings object</span>'s <span
         data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin isolated
-        capability</span> is false, then throw a
-        <span>"<code>DataCloneError</code>"</span><code>DOMException</code>.</p>
+        capability</span> is false, then throw a <span>"<code>DataCloneError</code>"</span>
+        <code>DOMException</code>.</p>
 
         <p class="note">This check is only needed when serializing (and not when deserializing) as
-        <var data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin isolated
-        </var> cannot change over time and a <code>SharedArrayBuffer</code> cannot leave an
-        <span>agent cluster</span>.</p>
+        the <span data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin
+        isolated capability</span> cannot change over time and a <code>SharedArrayBuffer</code>
+        cannot leave an <span>agent cluster</span>.</p>
        </li>
 
        <li><p>If <var>forStorage</var> is true, then throw a
@@ -77985,44 +77983,6 @@ console.assert(iframeWindow.frameElement === null);
   keys</span> to <span data-x="agent cluster">agent clusters</span>). User agents are responsible
   for collecting agent clusters when it is deemed that nothing can access them anymore.</p>
 
-  <p>A <span>browsing context group</span> has a <dfn><var
-  data-x="bcg-cross-origin-isolation">cross-origin-isolation</var></dfn> variable of type
-  <span>cross-origin-isolation</span>. Initially set to"<code
-  data-x="cross-origin-isolation-none">isolation-none</code>"</p>
-
-  <p>A <dfn>cross-origin-isolation</dfn> type can take 3 possible values: </p>
-  <ul>
-   <li><dfn><code data-x="cross-origin-isolation-none">isolation-none</code></dfn></li>
-   <li><dfn><code data-x="cross-origin-isolation-logical">isolation-logical</code></dfn></li>
-   <li><dfn><code data-x="cross-origin-isolation-concrete">isolation-concrete</code></dfn></li>
-  </ul>
-
-  <div class="note">
-  <p>
-  <code data-x="cross-origin-isolation-logical">isolation-logical</code> and
-  <code data-x="cross-origin-isolation-concrete">isolation-concrete</code> are similar. They are both used
-  for <span>browsing context group</span>, where:
-  </p>
-  <ul>
-   <li><p>Every top-level <span>Document</span> has `<code data-x="">
-   <span data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy</span>:
-   <span data-x="coop-same-origin">same-origin</span></code>`</p></li>
-
-   <li><p>Every <span>Document</span> has
-   `<code data-x=""><span>Cross-Origin-Embedder-Policy</span>:
-   <span data-x="coep-require-corp">require-corp</span></code>`</p></li>
-  </ul>
-  <p>
-  On some platforms, it is difficult to provide the security properties required
-  by the <span data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin
-  isolated capability</span>. As a result, only <code
-  data-x="cross-origin-isolation-concrete">isolation-concrete</code> can grant access to the <span
-  data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin isolated
-  capability</span>. <code data-x="cross-origin-isolation-concrete">isolation-concrete</code> is
-  used on platform not supporting this capability.
-  </p>
-  </div>
-
   <p>A <span>browsing context group</span> has an associated <dfn>historical agent cluster key
   map</dfn>, which is a <span data-x="ordered map">map</span> of <span
   data-x="origin">origins</span> to <span data-x="agent cluster key">agent cluster keys</span>. This
@@ -78033,6 +77993,41 @@ console.assert(iframeWindow.frameElement === null);
   <p class="note">The <span>historical agent cluster key map</span> only ever gains entries over the
   lifetime of the browsing context group.</p>
 
+  <p>A <span>browsing context group</span> has a <dfn
+  data-x="bcg-cross-origin-isolation">cross-origin isolation mode</dfn>, which is a
+  <span>cross-origin isolation mode</span>. It is initially "<code
+  data-x="cross-origin-isolation-none">none</code>".</p>
+
+  <p>A <dfn>cross-origin isolation mode</dfn> is one of three possible values: "<dfn><code
+  data-x="cross-origin-isolation-none">none</code></dfn>", "<dfn><code
+  data-x="cross-origin-isolation-logical">logical</code></dfn>", or "<dfn><code
+  data-x="cross-origin-isolation-concrete">concrete</code></dfn>".</p>
+
+  <div class="note">
+   <p>"<code data-x="cross-origin-isolation-logical">logical</code>" and "<code
+   data-x="cross-origin-isolation-concrete">concrete</code>" are similar. They are both used for
+   <span data-x="browsing context group">browsing context groups</span> where:</p>
+
+   <ul>
+    <li><p>every top-level <span>Document</span> has `<code data-x=""><span
+    data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy</span>: <span
+    data-x="coop-same-origin">same-origin</span></code>`, and</p></li>
+
+    <li><p>every <span>Document</span> has `<code
+    data-x=""><span>Cross-Origin-Embedder-Policy</span>: <span
+    data-x="coep-require-corp">require-corp</span></code>`.</p></li>
+   </ul>
+
+   <p>On some platforms, it is difficult to provide the security properties required to grant safe
+   access to the APIs gated by the <span
+   data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin isolated
+   capability</span>. As a result, only "<code
+   data-x="cross-origin-isolation-concrete">concrete</code>" can grant access that capability.
+   "<code data-x="cross-origin-isolation-logical">logical</code>" is used on platform not supporting
+   this capability, where various restrictions imposed by cross-origin isolation will still apply,
+   but the capability is not granted.</p>
+  </div>
+
   <p>To <dfn data-x="creating a new browsing context group">create a new browsing context
   group</dfn>, run these steps:</p>
 
@@ -79681,16 +79676,17 @@ interface <dfn>BarProp</dfn> {
 
      <dt>The <span data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin
      isolated capability</span></dt>
-     <dd><p>Return the logical conjunction of:</p>
-     <ol>
-       <li><p><var>realm</var>'s <span>agent cluster</span>'s <var
-       data-x="agent-cluster-cross-origin-isolation">cross-origin-isolation</var> is <code
-       data-x="cross-origin-isolation-concrete">isolation-concrete</code></p></li>
+     <dd>
+      <p>Return true if both of the following hold, and false otherwise:</p>
+      <ol>
+       <li><p><var>realm</var>'s <span>agent cluster</span>'s <span
+       data-x="agent-cluster-cross-origin-isolation">cross-origin-isolation mode</span> is "<code
+       data-x="cross-origin-isolation-concrete">concrete</code>", and</p></li>
 
-       <li><p><span data-x="concept-document-window">associated <code>Document</code></span> is
-       <span>allowed to use</span> the "<code
-       data-x="cross-origin-isolated-feature">cross-origin-isolated</code>" feature.</p>
-     </ol>
+       <li><p><var>window</var>'s <span data-x="concept-document-window">associated
+       <code>Document</code></span> is <span>allowed to use</span> the "<code
+       data-x="cross-origin-isolated-feature">cross-origin-isolated</code>" feature.</p></li>
+      </ol>
      </dd>
     </dl>
    </li>
@@ -80466,9 +80462,9 @@ interface <dfn>BarProp</dfn> {
    a registrable domain suffix of and is not equal to</span> <var>effectiveDomain</var>, then throw
    a <span>"<code>SecurityError</code>"</span> <code>DOMException</code>.</p></li>
 
-   <li><p>If the <span>surrounding agent</span>'s <span>agent cluster</span>'s
-   <var data-x="agent-cluster-cross-origin-isolation">cross-origin-isolation</var> is not <code
-   data-x="cross-origin-isolation-none">isolation-none</code> then return.</p></li>
+   <li><p>If the <span>surrounding agent</span>'s <span>agent cluster</span>'s <span
+   data-x="agent-cluster-cross-origin-isolation">cross-origin isolation mode</span> is not "<code
+   data-x="cross-origin-isolation-none">none</code>", then return.</p></li>
 
    <li><p>If the <span>surrounding agent</span>'s <span>agent cluster</span>'s <span>is
    origin-keyed</span> is true, then return.</p></li>
@@ -80577,9 +80573,9 @@ interface <dfn>BarProp</dfn> {
   and the <code data-x="dom-originAgentCluster">originAgentCluster</code> getter will always return
   true.</p>
 
-  <p class="note">Similarly, <code>Document</code>s with <span>agent cluster</span>'s
-  <var data-x="agent-cluster-cross-origin-isolation">cross-origin-isolated</var> not <code
-  data-x="cross-origin-isolation-none">isolation-none</code> are automatically origin-isolated. The
+  <p class="note">Similarly, <code>Document</code>s whose <span>agent cluster</span>'s
+  <span data-x="agent-cluster-cross-origin-isolation">cross-origin isolation mode</span> is not
+  "<code data-x="cross-origin-isolation-none">none</code>" are automatically origin-keyed. The
   `<code data-x="http-origin-agent-cluster">Origin-Agent-Cluster</code>` header might be useful as
   an additional hint to implementations about resource allocation, since the `<code
   data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy</code>` and
@@ -80945,9 +80941,9 @@ interface <dfn>BarProp</dfn> {
    <dd>
     <p>This behaves the same as "<code data-x="coop-same-origin">same-origin</code>", with the
     addition that it sets the (new) <span>top-level browsing context</span>'s <span data-x="tlbc
-    group">group</span>'s <span data-x="bcg-cross-origin-isolation">cross-origin-isolation</span> to
-    <code data-x="cross-origin-isolation-logical">isolation-logical</code> or <code
-      data-x="cross-origin-isolation-concrete">isolation-concrete</code></p>
+    group">group</span>'s <span data-x="bcg-cross-origin-isolation">cross-origin isolation
+    mode</span> to one of "<code data-x="cross-origin-isolation-logical">logical</code>" or "<code
+    data-x="cross-origin-isolation-concrete">concrete</code>".</p>
 
     <p class="note">"<code data-x="coop-same-origin-plus-COEP">same-origin-plus-COEP</code>" cannot
     be directly set via the `<code
@@ -81354,20 +81350,21 @@ interface <dfn>BarProp</dfn> {
    <li><p>Let <var>newBrowsingContext</var> be the result of <span>creating a new top-level browsing
    context</span>.</p></li>
 
-   <li><p>If <var>navigationCOOP</var>'s <span data-x="coop-struct-value">value</span> is "<code
-   data-x="coop-same-origin-plus-COEP">same-origin-plus-COEP</code>", then set
-   <var>newBrowsingContext</var>'s <span data-x="tlbc group">group</span>'s <span
-   data-x="bcg-cross-origin-isolation">cross-origin-isolation</span> to: <code
-   data-x="cross-origin-isolation-logical">isolation-logical</code> or <code
-   data-x="cross-origin-isolation-concrete">isolation-concrete</code>. The one used is
-   platform-specific. </p>
+   <li>
+    <p>If <var>navigationCOOP</var>'s <span data-x="coop-struct-value">value</span> is "<code
+    data-x="coop-same-origin-plus-COEP">same-origin-plus-COEP</code>", then set
+    <var>newBrowsingContext</var>'s <span data-x="tlbc group">group</span>'s <span
+    data-x="bcg-cross-origin-isolation">cross-origin isolation mode</span> to either "<code
+    data-x="cross-origin-isolation-logical">logical</code>" or "<code
+    data-x="cross-origin-isolation-concrete">concrete</code>". The choice of which is
+    <span>implementation-defined</span>.</p>
 
-   <p class="note">It is difficult on some platforms to provide the security properties required by
-   the <span data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin isolated
-   capability</span>. Only the <code
-   data-x="cross-origin-isolation-concrete">isolation-concrete</code> might grant access to it.
-   <code data-x="cross-origin-isolation-logical">Isolation-logical</code> won't and is used for the
-   platforms not supporting it.</p>
+    <p class="note">It is difficult on some platforms to provide the security properties required by
+    the <span data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin
+    isolated capability</span>. Only "<code
+    data-x="cross-origin-isolation-concrete">concrete</code>" might grant access to it. "<code
+    data-x="cross-origin-isolation-logical">logical</code>" won't, and is used by implementations on
+    other platforms.</p>
    </li>
 
    <li>
@@ -86799,9 +86796,9 @@ interface <dfn>BeforeUnloadEvent</dfn> : <span>Event</span> {
     directly or by using <code data-x="dom-document-domain">document.domain</code>.</p>
 
     <p>If the encompassing <span>agent cluster</span>'s <span
-    data-x="agent-cluster-cross-origin-isolation">cross-origin-isolation</span> is not <code
-    data-x="cross-origin-isolation-none">isolation-none</code>, then all the <code>Window</code>
-    objects will be <span>same origin</span>, can reach each other directly, and <code
+    data-x="agent-cluster-cross-origin-isolation">cross-origin isolation mode</span> is not "<code
+    data-x="cross-origin-isolation-none">none</code>", then all the <code>Window</code> objects will
+    be <span>same origin</span>, can reach each other directly, and <code
     data-x="dom-document-domain">document.domain</code> will no-op.</p>
 
     <p class="note">Two <code>Window</code> objects that are <span>same origin</span> can be in
@@ -86884,10 +86881,10 @@ interface <dfn>BeforeUnloadEvent</dfn> : <span>Event</span> {
 
   <div w-nodev>
 
-  <p>An <span>agent cluster</span> has an associated <dfn><var
-  data-x="agent-cluster-cross-origin-isolation">cross-origin-isolation</var></dfn> variable, of type
-  <span>cross-origin-isolation</span>. Initially set to <code
-  data-x="cross-origin-isolation-none">isolation-none</code>.
+  <p>An <span>agent cluster</span> has an associated <dfn
+  data-x="agent-cluster-cross-origin-isolation">cross-origin isolation mode</dfn>, which is a
+  <span>cross-origin isolation mode</span>. It is initially "<code
+  data-x="cross-origin-isolation-none">none</code>".</p>
 
   <p>An <span>agent cluster</span> has an associated <dfn>is origin-keyed</dfn> (a boolean), which
   is initially false.</p>
@@ -86915,10 +86912,9 @@ interface <dfn>BeforeUnloadEvent</dfn> : <span>Event</span> {
 
    <li><p>Let <var>key</var> be <var>site</var>.</p></li>
 
-   <li><p>If <var>group</var>'s <span
-   data-x="bcg-cross-origin-isolation">cross-origin-isolation</span> is not <code
-   data-x="cross-origin-isolation-none">isolation-none</code>, then set <var>key</var> to
-   <var>origin</var>.</p></li>
+   <li><p>If <var>group</var>'s <span data-x="bcg-cross-origin-isolation">cross-origin isolation
+   mode</span> is not "<code data-x="cross-origin-isolation-none">none</code>", then set
+   <var>key</var> to <var>origin</var>.</p></li>
 
    <li><p>Otherwise, if <var>group</var>'s <span>historical agent cluster key
    map</span>[<var>origin</var>] <span data-x="map exists">exists</span>, then set <var>key</var> to
@@ -86943,9 +86939,10 @@ interface <dfn>BeforeUnloadEvent</dfn> : <span>Event</span> {
     <ol>
      <li><p>Let <var>agentCluster</var> be a new <span>agent cluster</span>.</p></li>
 
-     <li><p>Set <var>agentCluster</var>'s <var
-     data-x="agent-cluster-cross-origin-isolation">cross-origin-isolation</var> to <var>group</var>'s
-     <var data-x="bcg-cross-origin-isolation">cross-origin-isolation</var>.</p></li>
+     <li><p>Set <var>agentCluster</var>'s <span
+     data-x="agent-cluster-cross-origin-isolation">cross-origin isolation mode</span> to
+     <var>group</var>'s <span data-x="bcg-cross-origin-isolation">cross-origin isolation
+     mode</span>.</p></li>
 
      <li><p>Set <var>agentCluster</var>'s <span>is origin-keyed</span> to true if <var>key</var>
      equals <var>origin</var>; otherwise false.</p></li>
@@ -87326,9 +87323,9 @@ interface <dfn>BeforeUnloadEvent</dfn> : <span>Event</span> {
    href="https://github.com/tc39/ecma262/issues/1357">tc39/ecma262#1357</a>.</span></p></li>
 
    <li>
-    <p>If <var>agent</var>'s <span>agent cluster</span>'s <var
-    data-x="agent-cluster-cross-origin-isolation">cross-origin-isolation</var> is <code
-    data-x="cross-origin-isolation-none">isolation-none</code>, then:
+    <p>If <var>agent</var>'s <span>agent cluster</span>'s <span
+    data-x="agent-cluster-cross-origin-isolation">cross-origin isolation mode</span> is "<code
+    data-x="cross-origin-isolation-none">none</code>", then:</p>
 
     <ol>
      <li><p>Let <var>global</var> be <var>realm</var>'s <span data-x="concept-realm-global">global
@@ -99248,11 +99245,11 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {
       <p>If <var>worker global scope</var>'s <span
       data-x="concept-WorkerGlobalScope-embedder-policy">embedder policy</span> is "<code
       data-x="coep-require-corp">require-corp</code>" and <var>is shared</var> is true, then set
-      <var>agent</var>'s <span>agent cluster</span>'s <var
-      data-x="agent-cluster-cross-origin-isolation">cross-origin-isolated</var> to <code
-      data-x="cross-origin-isolation-logical">isolation-logical</code> or <code
-      data-x="cross-origin-isolation-concrete">isolation-concrete</code>. The one chosen is
-      platform-specific.</p>
+      <var>agent</var>'s <span>agent cluster</span>'s <span
+      data-x="agent-cluster-cross-origin-isolation">cross-origin isolation mode</span> to "<code
+      data-x="cross-origin-isolation-logical">logical</code>" or "<code
+      data-x="cross-origin-isolation-concrete">concrete</code>". The one chosen is
+      <span>implementation-defined</span>.</p>
 
       <p class="XXX">This really ought to be set when the agent cluster is created, which requires a
       redesign of this section.</p>
@@ -99265,8 +99262,9 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {
 
      <li><p>Set <var>worker global scope</var>'s <span
      data-x="concept-WorkerGlobalScope-cross-origin-isolated-capability">cross-origin isolated
-     capability</span> to <var>agent</var>'s <span>agent cluster</span>'s <var
-     data-x="agent-cluster-cross-origin-isolation">cross-origin-isolation</var>.</p></li>
+     capability</span> to true if <var>agent</var>'s <span>agent cluster</span>'s <span
+     data-x="agent-cluster-cross-origin-isolation">cross-origin isolation mode</span> is "<code
+     data-x="cross-origin-isolation-concrete">concrete</code>".</p></li>
 
      <li><p>If <var>is shared</var> is false and <var>owner</var>'s <span
      data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin isolated
