Skip to content

feat(s5-4a): canonical sandbox predicate home (elidex_plugin::sandbox) + §8.1.8.1 event-handler processing step-1 gate#444

Merged
send merged 12 commits into
mainfrom
s5-4a-sandbox-predicate
Jul 3, 2026
Merged

feat(s5-4a): canonical sandbox predicate home (elidex_plugin::sandbox) + §8.1.8.1 event-handler processing step-1 gate#444
send merged 12 commits into
mainfrom
s5-4a-sandbox-predicate

Conversation

@send

@send send commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Summary

S5-4a — first slice of the S5-4 sandbox/security enforcement cluster (plan-memo docs/plans/2026-07-s5-4-sandbox-enforcement.md §5.1, bundled in this PR; plan-reviewed via /elidex-plan-review 2026-07-03). Closes defer slot #11-scripting-disabled-eventhandler-processing-step1.

  • Canonical predicate home: elidex_plugin::sandbox = content-sandbox module (HTML §7.1.5) holding IframeSandboxFlags + parse_sandbox_attribute + capability predicates (scripts_allowed / forms_allowed / popups_allowed / scripting_enabled) — data + its laws in one module. The pre-existing OS process-sandbox types moved to process_sandbox.rs; all crate-root re-export paths unchanged.
  • 3 duplicate predicate bodies delegated (VM host_data.rs, boa iframe_bridge.rs, session-trait docs) — no behavior change, one-issue-one-way convergence.
  • §8.1.8.1 event handler processing algorithm step-1 invocation gate (the missing gate; the step-3.2 compile gate already existed and stays flag-only per §2.7-C1): VmInner::scripting_disabled_for_platform_object = settings-level scripting_enabled(flags) ∧ platform-object clause (b), applied at the three handler-derived dispatch chokepoints (resolve_callable, ScriptEngine::call_listener, unhandledrejection loop), before the step-2 compile per spec order. addEventListener listeners are never gated (step 1 is handler-specific).
  • §9-Q3 resolved "representable": clause (b) = owner_document(node) != document_entity under the single-browsing-context VM model (the is_connected query shape). D3 was NOT carved. Caveats documented in-code: detached-iframe docs unreachable (moot); template-contents false-negative rides #11-template-contents-owner-document.
  • Spec bug fixed en route: parse_sandbox_attribute was case-sensitive; tokens are ASCII case-insensitive per html#attr-iframe-sandbox (sandbox="ALLOW-SCRIPTS" now grants scripts).
  • Hot path: is_handler threaded through ScriptEngine::call_listener (plan-entry bit, no per-listener ECS re-fetch); boa impl = mechanical _is_handler (no invoke gate — boa is the deletion-bound parity baseline, D-26 PR7).

S5-4c pointers (not in this PR, plan-reviewed split)

modals_allowed + 2-flag top_navigation_allowed(flags, activation) land in S5-4c WITH their consumers (VM natives + shell link-gate re-key); the module doc names the three open-coded migration-target sites.

Gate

/pre-push 6-stage complete: fmt / mise run ci ×4 green / /simplify (4-agent, module-home + doc-trim + hot-path fixes applied) / /code-review high (workflow, 5 findings adjudicated & fixed: case-insensitive tokens, gate-before-compile hoist, node_kind_inferred brand-check, canonical-predicate convergence, doc precision) / /review (7 angles, 0 actionable) / /elidex-review (5-axis: 0 CRIT / 0 IMP / 2 MIN both fixed).

Also included: two plan-memo CORRECTION notes recorded at S5-4b impl contact (§3.3 OOP-template claim falsified; §5.2 pre-flip oracle substitution) — S5-4b/4e branches are staged separately.

Tests: elidex-plugin 353 / elidex-js 6229 / elidex-js-boa 330 / elidex-script-session 135, workspace clippy -D warnings clean.

🤖 Generated with Claude Code

send and others added 6 commits July 3, 2026 01:55
…ewed)

Q2 resolved: 5-slice sub-split (4a predicate home + §8.1.8.1 gate / 4b iframe
origin ordering / 4c method gates + window.open / 4d fetch opaque-origin /
4e worker MessageEvent origin) under one plan-reviewed memo. Predicate home =
elidex-plugin (DAG-derived); Request.origin unifies on SecurityOrigin;
window.open routes through an engine-indep WindowOpenDisposition fn with a
call-time aux-nav snapshot verdict gating the shell named-miss promotion.

/elidex-plan-review converged: R1 5-agent (1C/2I/11M) -> fixes -> focused
re-checks (1I/6M) -> fixes -> final verify (1M) -> fix. All findings fixed.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…) + §8.1.8.1 event-handler processing step-1 gate

Predicate unification (One issue, one way): the three duplicate
`sandbox_flags.is_none_or(contains(X))` bodies — VM HostData
(scripts/forms/popups_allowed), boa iframe_bridge (same trio;
modals_allowed stays boa-only until S5-4c/S5-6), and the session-trait
surface (doc-pointer update; the trait has declarations only) — now
delegate to one engine-independent home, `elidex_plugin::sandbox`
(§7.1.5 content-sandbox capability predicates + the §8.1.3.4
settings-level `scripting_enabled` composition), co-resident with the
existing process-sandbox policy types (module doc separates the two
planes). Truth-table unit tests pin the None / Some(empty) / per-bit
contract.

New INVOKE gate (the missing half of §8.1.8.1): "the event handler
processing algorithm" step 1 ("If scripting is disabled for
eventTarget, then return") now gates every handler-derived invocation
path — the dispatch-walk callable-resolve seam
(`DispatchTarget::resolve_callable`), the session UA-dispatch
(`ScriptEngine::call_listener`), and the `unhandledrejection` UA-fire —
via `VmInner::scripting_disabled_for_platform_object` /
`event_handler_invocation_suppressed` (marshal-scale composition;
settings-level rule from elidex-plugin). §9-Q3 resolved
"representable now": clause (b) ships via the bound-document proxy
(node document ≠ bound `document_entity` ⇒ null browsing context in the
single-BC VM model; Document-node and non-Node targets handled;
unresolvable owner fails open). Clause (c) documented never-fires while
bound. §8-D3 NOT carved. The existing COMPILE gate (get-current-value
step 3.2) keeps its flag-only predicate — two gates, two predicates
(memo §2.7-C1 / E1); plain addEventListener listeners are never
suppressed. Step-1 suppression preserves the IDL getter's callable
value.

Closes slot #11-scripting-disabled-eventhandler-processing-step1
(marker comment replaced by the spec-cited gate). Memo updated: §9-Q3
RESOLVED / §8-D3 NOT CREATED / §5.0 host_data.rs touch-time seam
assessment = no split (single cohesive struct+impl; delegation reduces
lines).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…ms, is_handler threading

Reviewed /simplify fixes on top of the S5-4a predicate-home commit:

1. Module relocation: OS process-sandbox types (SandboxPolicy /
   PlatformSandbox / SandboxError / Filesystem+NetworkAccess) move to
   elidex_plugin::process_sandbox; sandbox.rs becomes the cohesive
   content-sandbox module — IframeSandboxFlags + parse_sandbox_attribute
   (moved from origin.rs, tests included) alongside the §7.1.5 capability
   predicates. Root re-export paths unchanged.
2. Doc trims: scripting_enabled §8.1.3.4 transcription → 5 lines;
   step-1 gate narration stated once on the canonical predicate, call
   sites reduced to one-line pointers; scripting_disabled_for_platform_object
   docstring trimmed to composition + fail-open rationale + one-line
   slot-cited caveats.
3. Hot path: is_handler threaded through ScriptEngine::call_listener from
   the dispatch plan's ListenerPlanEntry, replacing the per-listener
   EventListeners re-fetch; boa impl takes _is_handler (no invoke gate).
4. unhandledrejection loop captures is_handler into PendingListener at
   collection and checks the settings-level predicate directly (target =
   bound document ⇒ clause (b) cannot fire).
   event_handler_invocation_suppressed left with zero callers → deleted;
   the canonical comment lives on scripting_disabled_for_platform_object.
5. Plan-memo §4.1 Shape block notes the kickoff naming resolution
   (process_sandbox rename + flags/parser move).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…fied; pre-flip oracle substitution)

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…1 gate precedes compile, inferred brand-check, canonical predicate convergence

- parse_sandbox_attribute matches allow-* tokens ASCII case-insensitively
  (WHATWG HTML attr-iframe-sandbox: tokens are ASCII case-insensitive);
  truth-table test added
- $8.1.8.1 processing step 1 (scripting-disabled gate) hoisted ABOVE the
  step-2 'getting the current value' compile at both gated dispatch sites
  (engine.rs call_listener / dispatch_target.rs resolve_callable), so a
  suppressed target's raw inline source never compiles during dispatch;
  pinned by suppressed_target_dispatch_does_not_compile_raw_inline_handler
- scripting_disabled_for_platform_object brand-checks via
  node_kind_inferred (crate convention), closing the fail-open hole for
  NodeKind-less nodes of a null-BC document
- unhandledrejection dispatch routes through the canonical
  scripting_disabled_for_platform_object predicate (one-issue-one-way),
  gated before its compile likewise
- sandbox module doc names the open-coded S5-4c migration targets instead
  of implying no consumers exist

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…not a dangling future

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@send

send commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Keep it up!

Reviewed commit: 1d78c5ba77

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@send

send commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1d78c5ba77

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/script/elidex-js/src/vm/host/event_handler_attrs.rs Outdated
Comment thread crates/script/elidex-js/src/vm/host/event_handler_attrs.rs Outdated
@send

send commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1d78c5ba77

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/script/elidex-js-boa/src/runtime/mod.rs
…e home + adopt-equivalent clause (b)

Two adjudicated external-review findings:

- F1 (Layering, Codex P1): the HTML §8.1.3.4 platform-object composition
  moved out of vm/host/ into engine-independent
  elidex_script_session::scripting::scripting_disabled_for_platform_object
  (pure fn over &EcsDom + bound document + sandbox flags, unit-tested).
  VmInner::scripting_disabled_for_platform_object is now a thin marshal
  wrapper (HostData reads + delegate; unbound-DOM guard keeps the
  VmObject-only dispatch path settings-level, as before). Call sites
  unchanged in shape.

- F2 (over-suppression bug, Codex P2): elidex's insertion path lacks
  DOM §4.2.3 pre-insert adoption (append_child relinks without re-homing
  AssociatedDocument), so a DOMParser-parsed node appended into the bound
  document kept a stale owner and clause (b) wrongly suppressed its
  handlers. Clause (b) now resolves the node document adopt-equivalently:
  composed tree root == bound document (the isConnected query) => node
  document IS the bound document => not suppressed; only out-of-tree nodes
  fall through to the stale-owner comparison. Missing insertion-adoption
  carved as defer slot #11-cross-document-adopt-on-insert. VM regression
  tests: appended DOMParser node handler RUNS (fails pre-fix, verified);
  appended-then-removed suppressed again.

Memo §5.1.2 carries the correction note.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@send

send commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e1a8a1376f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/script/elidex-script-session/src/scripting.rs Outdated
Comment thread docs/plans/2026-07-s5-4-sandbox-enforcement.md Outdated
…memo plan-review date

F-R4a: replace the directional adopt-equivalent clause (b) with a single
effective-node-document rule resolved from the composed tree root. The R2
directional fix only handled a foreign node appended INTO the bound tree;
the mirror case (a bound-created node appended INTO a DOMParser/null-BC
document, keeping a stale bound-document `AssociatedDocument`) was NOT
suppressed though §8.1.3.4 clause (b) requires it. New rule: if the
composed tree root IS a Document that root is the effective node document
(connected), else fall back to `owner_document` (detached); suppress iff
the effective node document != bound document; unresolvable → fail open.
Both directions are symptoms of the missing DOM §4.2.3 insertion-adoption
(`#11-cross-document-adopt-on-insert`). Adds the reverse-quadrant unit +
VM tests (falsified against the directional rule).

F-R4b: reword the §0 plan-review resolution to assert the ordering
(plan-review converged BEFORE the first S5-4a implementation commit) and
use 2026-07-02 (UTC commit date) so it no longer reads as future-dated.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@send

send commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fa6aa1dcd9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/script/elidex-script-session/src/scripting.rs
…dge (defers to #11-cross-document-adopt-on-insert)

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@send

send commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Keep them coming!

Reviewed commit: 35515cf82e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@send

send commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 35515cf82e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread docs/plans/2026-07-s5-4-sandbox-enforcement.md
Comment thread docs/plans/2026-07-s5-4-sandbox-enforcement.md Outdated
…sert in §8 + sweep future-dated provenance

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@send

send commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3fb4552bfe

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/script/elidex-script-session/src/scripting.rs
@send

send commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Chef's kiss.

Reviewed commit: 3fb4552bfe

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

…e (b) is §8.1.3.4

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@send

send commented Jul 3, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: edd5ec82e9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/script/elidex-script-session/src/scripting.rs
…e cross-document-move facet class (#11-cross-document-adopt-on-insert)

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@send

send commented Jul 3, 2026

Copy link
Copy Markdown
Owner Author

@codex review

1 similar comment
@send

send commented Jul 3, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Nice work!

Reviewed commit: a4a2aac425

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@send

send commented Jul 3, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. More of your lovely PRs please.

Reviewed commit: a4a2aac425

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@send send merged commit 24c9b0d into main Jul 3, 2026
6 checks passed
@send send deleted the s5-4a-sandbox-predicate branch July 3, 2026 09:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant