improve ImageBitmap checks to allow certain non-problematic cases to continue to work

Author: annevk

source

@@ -8275,9 +8275,8 @@ interface <dfn>DOMStringList</dfn> {
       <p>If ! <span>IsSharedArrayBuffer</span>(<var>value</var>) is true, then:
 
       <ol>
-       <li><p>Let <var>agentCluster</var> be the <span>current Realm Record</span>'s corresponding
+       <li><p>Let <var>agentCluster</var> be <span>surrounding agent</span>'s
        <span>agent cluster</span>.</p></li>
-       <!-- Should this use the surrounding agent's agent cluster instead? -->
 
        <li>
         <p>If <var>agentCluster</var>'s <span>allow sidechannel attacks</span> is false, then throw
@@ -95255,6 +95254,9 @@ dictionary <dfn>ImageBitmapOptions</dfn> {
   are:</p>
 
   <ol>
+   <li><p>Set <var>serialized</var>.[[AllowSideChannelAttacks]] to <span>surrounding agent</span>'s
+   <span>agent cluster</span>'s <span>allow sidechannel attacks</span>.</p></li>
+
    <li><p>Set <var>serialized</var>.[[BitmapData]] to a copy of <var>value</var>'s <span
    data-x="concept-ImageBitmap-bitmap-data">bitmap data</span>.</p></li>
 
@@ -95268,14 +95270,14 @@ dictionary <dfn>ImageBitmapOptions</dfn> {
 
   <ol>
    <li>
-    <p>If <var>serialized</var>.[[OriginClean]] is false and <span>surrounding agent</span>'s
+    <p>If <var>serialized</var>.[[OriginClean]] is false,
+    <var>serialized</var>.[[AllowSideChannelAttacks]] is false, and <span>surrounding agent</span>'s
     <span>agent cluster</span>'s <span>allow sidechannel attacks</span> is true, then throw a
     <span>"<code>DataCloneError</code>"</span> <code>DOMException</code>.</p>
 
-    <p class="warning">To protect against sidechannel attacks implementations should avoid
-    transmitting <var>serialized</var>.[[BitmapData]], when <var>serialized</var>.[[OriginClean]] is
-    false, to <span data-x="agent cluster">agent clusters</span> whose <span>allow sidechannel
-    attacks</span> is true.</p>
+    <p class="warning">To truly protect against sidechannel attacks implementations should avoid
+    transmitting <var>serialized</var>.[[BitmapData]] to the <span>surrounding agent</span>'s
+    <span>agent cluster</span> under the above conditions.</p>
    </li>
 
    <li><p>Set <var>value</var>'s <span data-x="concept-ImageBitmap-bitmap-data">bitmap data</span>
@@ -95288,6 +95290,9 @@ dictionary <dfn>ImageBitmapOptions</dfn> {
   <p>Their <span>transfer steps</span>, given <var>value</var> and <var>dataHolder</var>, are:</p>
 
   <ol>
+   <li><p>Set <var>dataHolder</var>.[[AllowSideChannelAttacks]] to <span>surrounding agent</span>'s
+   <span>agent cluster</span>'s <span>allow sidechannel attacks</span>.</p></li>
+
    <li><p>Set <var>dataHolder</var>.[[BitmapData]] to <var>value</var>'s <span
    data-x="concept-ImageBitmap-bitmap-data">bitmap data</span>.</p></li>
 
@@ -95304,14 +95309,14 @@ dictionary <dfn>ImageBitmapOptions</dfn> {
 
   <ol>
    <li>
-    <p>If <var>dataHolder</var>.[[OriginClean]] is false and <span>surrounding agent</span>'s
+    <p>If <var>dataHolder</var>.[[OriginClean]] is false,
+    <var>dataHolder</var>.[[AllowSideChannelAttacks]] is false, and <span>surrounding agent</span>'s
     <span>agent cluster</span>'s <span>allow sidechannel attacks</span> is true, then throw a
     <span>"<code>DataCloneError</code>"</span> <code>DOMException</code>.</p>
 
-    <p class="warning">To protect against sidechannel attacks implementations should avoid sharing
-    <var>dataHolder</var>.[[BitmapData]], when <var>dataHolder</var>.[[OriginClean]] is false, with
-    <span data-x="agent cluster">agent clusters</span> whose <span>allow sidechannel attacks</span>
-    is true.</p>
+    <p class="warning">To truly protect against sidechannel attacks implementations should avoid
+    sharing <var>dataHolder</var>.[[BitmapData]] with <span>surrounding agent</span>'s
+    <span>agent cluster</span> under the above conditions.</p>
    </li>
 
    <li><p>Set <var>value</var>'s <span data-x="concept-ImageBitmap-bitmap-data">bitmap data</span>