





















@@ -823,6 +823,7 @@ partial interface HTMLIFrameElement {
823823 readonly attribute long? lineNumber;
824824 readonly attribute long? columnNumber;
825825 readonly attribute DOMString disposition;
826+ readonly attribute DOMString? allowAttribute;
826827 };
827828</pre>
828829@@ -856,6 +857,11 @@ partial interface HTMLIFrameElement {
856857 resulted only in this report being generated (with no further action taken
857858 by the user agent in response to the violation).
858859860+ - <dfn for="PermissionsPolicyViolationReportBody">allowAttribute</dfn>: For
861+ reports of potential violations, which can be attributed to a specific
862+<{iframe}> element, the value of the <{iframe/allow}> attribute of that
863+ element, or omitted otherwise.
864+859865<section>
860866<h3 id="permissions-policy-report-only-http-header-field">\``Permissions-Policy-Report-Only`\` HTTP Header Field</h3>
861867<p>The \`<dfn export http-header
@@ -1044,17 +1050,19 @@ partial interface HTMLIFrameElement {
10441050<div class="algorithm"
10451051 data-algorithm="define-inherited-policy-in-container">
10461052 Given a [=policy-controlled feature|feature=] (|feature|), null or a <a>navigable container</a>
1047- (|container|), and an <a for="Document">origin</a> for a {{Document}} in
1048- that container (|origin|), this algorithm returns the [=inherited policy for
1049- a feature|inherited policy value=] for |feature|.
1053+ (|container|), an <a for="Document">origin</a> for a {{Document}} in
1054+ that container (|origin|), and an optional boolean (|report-only|), with
1055+ a default value of False, this algorithm returns the [=inherited policy
1056+ for a feature|inherited policy value=] for |feature|.
10501057 1. If |container| is null, return "<code>Enabled</code>".
10511058 1. If the result of executing <a abstract-op>Get feature value for
1052- origin</a> on |feature|, |container|'s <a>node document</a>, and
1053- |container|'s <a>node document</a>'s origin is
1059+ origin</a> on |feature|, |container|'s <a>node document</a>,
1060+ |container|'s <a>node document</a>'s origin, and |report-only| is
10541061 "<code>Disabled</code>", return "<code>Disabled</code>".
10551062 1. If the result of executing <a abstract-op>Get feature value for
1056- origin</a> on |feature|, |container|'s <a>node document</a>, and
1057- |origin| is "<code>Disabled</code>", return "<code>Disabled</code>".
1063+ origin</a> on |feature|, |container|'s <a>node document</a>, |origin|,
1064+ and |report-only| is "<code>Disabled</code>", return
1065+ "<code>Disabled</code>".
10581066 1. Let |container policy| be the result of running <a abstract-op>Process
10591067 permissions policy attributes</a> on |container|.
10601068 1. If |feature| [=map/exists=] in |container policy|:
@@ -1075,10 +1083,12 @@ partial interface HTMLIFrameElement {
1075108310761084<div class="algorithm" data-algorithm="get-feature-value-for-origin">
10771085 Given a [=policy-controlled feature|feature=] (|feature|), a {{Document}} object
1078- (|document|), and an [=origin=] (|origin|), this algorithm
1079- returns "<code>Disabled</code>" if |feature| should be considered
1080- disabled, and "<code>Enabled</code>" otherwise.
1081- 1. Let |policy| be |document|'s [=Document/permissions policy=].
1086+ (|document|), an [=origin=] (|origin|), and a boolean (|report-only|),
1087+ this algorithm returns "<code>Disabled</code>" if |feature| should be
1088+ considered disabled, and "<code>Enabled</code>" otherwise.
1089+ 1. Let |policy| be |document|'s [=Document/report-only permissions
1090+ policy=] if |report-only| is True, or |document|'s
1091+[=Document/permissions policy=] otherwise.
10821092 1. If |policy|'s <a for="permissions policy">inherited policy</a> for
10831093 |feature| is "<code>Disabled</code>", return "<code>Disabled</code>".
10841094 1. If |feature| is present in |policy|'s <a for="permissions policy">declared
@@ -1180,6 +1190,41 @@ partial interface HTMLIFrameElement {
1180119011811191</div>
11821192</section>
1193+<section>
1194+ ## <dfn abstract-op id="check-potential-violation-in-container">Check potential violation of permissions policy in container</dfn> ## {#algo-check-potential-violation-in-container}
1195+1196+<div class="algorithm" data-algorithm="check-potential-violation-in-container">
1197+ Given a <a>navigable container</a> (|container|), this algorithm sends potential
1198+ violation reports.
1199+ 1. Let |document| be |container|'s <a>node document</a>.
1200+ 2. Let |settings| be |document|'s <a>environment settings
1201+ object</a>.
1202+ 3. [=set/For each=] <a>supported feature</a> |feature|:
1203+ 1. If the result of running <a abstract-op>Define an inherited
1204+ policy for feature in container at origin</a> on |feature|,
1205+ |container| and |container|'s <a>declared origin</a> is
1206+ "<code>Disabled</code>":
1207+ 1. Let |endpoint| be the result of calling <a abstract-op>Get
1208+ the reporting endpoint for a feature</a> given |feature| and
1209+ |document|'s [=Document/permissions policy=].
1210+ 2. Call <a abstract-op>Generate report for potential violation
1211+ of permissions policy on settings</a> given |feature|,
1212+ |settings|, "<code>Enforce</code>", and |endpoint|.
1213+ 2. Else, if the result of running <a abstract-op>Define an inherited
1214+ policy for feature in container at origin</a> on |feature|,
1215+ |container|, |container|'s <a>declared origin</a> and True is
1216+ "<code>Disabled</code>":
1217+ 1. Let |report-only endpoint| be the result of calling <a
1218+ abstract-op>Get the reporting endpoint for a feature</a>
1219+ given |feature| and |document|'s [=Document/report-only
1220+ permissions policy=].
1221+ 2. Call <a abstract-op>Generate report for potential violation
1222+ of permissions policy on settings</a> given |feature|,
1223+ |settings|, "<code>Report</code>", and |report-only
1224+ endpoint|.
1225+1226+</div>
1227+</section>
11831228<section>
11841229 ## <dfn export abstract-op id="report-permissions-policy-violation">Generate report for violation of permissions policy on settings</dfn> ## {#algo-report-permissions-policy-violation}
11851230@@ -1214,6 +1259,42 @@ partial interface HTMLIFrameElement {
1214125912151260</div>
12161261</section>
1262+<section>
1263+ ## <dfn export abstract-op id="report-potential-permissions-policy-violation">Generate report for potential violation of permissions policy on settings</dfn> ## {#algo-report-potential-permissions-policy-violation}
1264+1265+<div class="algorithm" data-algorithm="report-potential-permissions-policy-violation">
1266+ Given a [=policy-controlled feature|feature=] (|feature|), an <a>environment settings object</a>
1267+ (|settings|), a string (|disposition|), a string-or-null (|endpoint|), and a string-or-null
1268+ (|allowAttribute|), this algorithm generates a <a>report</a> about the <a>violation</a> of the
1269+ policy for |feature|.
1270+1271+ 1. Let |body| be a new {{PermissionsPolicyViolationReportBody}}, initialized
1272+ as follows:
1273+1274+ : [=PermissionsPolicyViolationReportBody/featureId=]
1275+ :: |feature|'s string representation.
1276+ : [=PermissionsPolicyViolationReportBody/sourceFile=]
1277+ :: null
1278+ : [=PermissionsPolicyViolationReportBody/lineNumber=]
1279+ :: null
1280+ : [=PermissionsPolicyViolationReportBody/columnNumber=]
1281+ :: null
1282+ : [=PermissionsPolicyViolationReportBody/disposition=]
1283+ :: |disposition|
1284+ : [=PermissionsPolicyViolationReportBody/allowAttribute=]
1285+ :: |allowAttribute|
1286+1287+ 1. If the user agent is currently executing script, and can extract the
1288+ source file's URL, line number, and column number from |settings|, then
1289+ set |body|'s [=PermissionsPolicyViolationReportBody/sourceFile=],
1290+[=PermissionsPolicyViolationReportBody/lineNumber=], and
1291+[=PermissionsPolicyViolationReportBody/columnNumber=] accordingly.
1292+1293+ 1. Execute [=generate and queue a report=] with |body|,
1294+ "potential-permissions-policy-violation", |endpoint|, and |settings|.
1295+1296+</div>
1297+</section>
12171298<section>
12181299 ## <dfn export abstract-op id="should-request-be-allowed-to-use-feature">Should request be allowed to use feature?</dfn> ## {#algo-should-request-be-allowed-to-use-feature}
12191300@@ -1261,7 +1342,13 @@ partial interface HTMLIFrameElement {
12611342 navigationParams's origin, navigationParams's response, and True.
1262134312631344 And in the same section, in step 10, set the new {{Document}}'s
1264-[=Document/report-only permissions policy=] to |reportOnlyPermissionsPolicy|.
1345+[=Document/report-only permissions policy=] to |reportOnlyPermissionsPolicy|.
1346+1347+ And in the same section, in step 19 before the return, insert the following step:
1348+1349+ 19. If navigationParams's navigable's container is not null, call <a
1350+ abstract-op>Check potential violation of permissions policy in
1351+ container</a> given navigationParams's navigable's container.
12651352</section>
12661353</section>
12671354此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。