惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
小众软件
小众软件
Engineering at Meta
Engineering at Meta
博客园 - 三生石上(FineUI控件)
WordPress大学
WordPress大学
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
V2EX
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 热门话题
酷 壳 – CoolShell
酷 壳 – CoolShell
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
H
Help Net Security
Martin Fowler
Martin Fowler
G
GRAHAM CLULEY
Simon Willison's Weblog
Simon Willison's Weblog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - Franky
V
Vulnerabilities – Threatpost
云风的 BLOG
云风的 BLOG
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
量子位
Stack Overflow Blog
Stack Overflow Blog
Recent Announcements
Recent Announcements
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
I
Intezer
Scott Helme
Scott Helme
A
About on SuperTechFans
博客园 - 司徒正美
Hacker News: Ask HN
Hacker News: Ask HN
The GitHub Blog
The GitHub Blog
Forbes - Security
Forbes - Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Spread Privacy
Spread Privacy
T
Tailwind CSS Blog
S
Security Affairs
宝玉的分享
宝玉的分享

Recent Commits to webappsec-permissions-policy:main

Add WebMCP link to features.md · w3c/webappsec-permissions-policy@c10c76d Add WebMCP link to features.md · w3c/webappsec-permissions-policy@10d8736 Add `monetization` feature (#571) · w3c/webappsec-permissions-policy@876a190 Add Permissions Policy for Digital Credentials Issuance (#573) · w3c/webappsec-permissions-policy@29efab0 [focus-without-user-activation] Add alternative solutions (#563) · w3c/webappsec-permissions-policy@298d386 Add proposed features from Chrome's Built-In AI APIs (#570) · w3c/webappsec-permissions-policy@4de8724 Replace `shared-autofill` with `autofill` and `manual-text` (#560) · w3c/webappsec-permissions-policy@6f3b837 Do not use request's window concept (#565) · w3c/webappsec-permissions-policy@20ab675 focus-without-user-activation: Add missing HTML closing quote in exam… · w3c/webappsec-permissions-policy@b5dde2c Merge pull request #559 from shhnjk/main · w3c/webappsec-permissions-policy@e9edeb5 Put PermissionsPolicyViolationReportBody/allowAttribute back · w3c/webappsec-permissions-policy@1c37e68 Update index.bs · w3c/webappsec-permissions-policy@7c8ed48 Nit · w3c/webappsec-permissions-policy@173adc5 Add `ch-ua-high-entropy-values` feature (#558) · w3c/webappsec-permissions-policy@8430c86 Send reports for Permissions Policy violations in iframe to parent fr… · w3c/webappsec-permissions-policy@314ffc9 Add `storage-access` feature · w3c/webappsec-permissions-policy@c73ef39 Add 'deferred-fetch' as proposed feature · w3c/webappsec-permissions-policy@dedd81f Add mediasession feature · w3c/webappsec-permissions-policy@8ef8664 Clarify picture-in-picture shipping status · w3c/webappsec-permissions-policy@1d05f5e
add allow and src attribute to potential permissions policy violation · w3c/webappsec-permissions-policy@bb175d2
shhnjk · 2025-02-01 · via Recent Commits to webappsec-permissions-policy:main

@@ -824,6 +824,7 @@ partial interface HTMLIFrameElement {

824824

readonly attribute long? columnNumber;

825825

readonly attribute DOMString disposition;

826826

readonly attribute DOMString? allowAttribute;

827+

readonly attribute DOMString? srcAttribute;

827828

};

828829

</pre>

829830

@@ -862,6 +863,11 @@ partial interface HTMLIFrameElement {

862863

<{iframe}> element, the value of the <{iframe/allow}> attribute of that

863864

element, or omitted otherwise.

864865866+

- <dfn for="PermissionsPolicyViolationReportBody">allowAttribute</dfn>: For

867+

reports of potential violations, which can be attributed to a specific

868+

<{iframe}> element, the value of the <{iframe/src}> attribute of that

869+

element, or omitted otherwise.

870+865871

<section>

866872

<h3 id="permissions-policy-report-only-http-header-field">\``Permissions-Policy-Report-Only`\` HTTP Header Field</h3>

867873

<p>The \`<dfn export http-header

@@ -1194,8 +1200,9 @@ partial interface HTMLIFrameElement {

11941200

## <dfn abstract-op id="check-potential-violation-in-container">Check potential violation of permissions policy in container</dfn> ## {#algo-check-potential-violation-in-container}

1195120111961202

<div class="algorithm" data-algorithm="check-potential-violation-in-container">

1197-

Given a <a>navigable container</a> (|container|), this algorithm sends potential

1198-

violation reports.

1203+

Given a <a>navigable container</a> (|container|), a string-or-null

1204+

(|allowAttribute|), and a string-or-null (|srcAttribute|), this algorithm

1205+

sends potential violation reports.

11991206

1. Let |document| be |container|'s <a>node document</a>.

12001207

2. Let |settings| be |document|'s <a>environment settings

12011208

object</a>.

@@ -1209,7 +1216,8 @@ partial interface HTMLIFrameElement {

12091216

|document|'s [=Document/permissions policy=].

12101217

2. Call <a abstract-op>Generate report for potential violation

12111218

of permissions policy on settings</a> given |feature|,

1212-

|settings|, "<code>Enforce</code>", and |endpoint|.

1219+

|settings|, "<code>Enforce</code>", |endpoint|, |allowAttribute|,

1220+

and |srcAttribute|.

12131221

2. Else, if the result of running <a abstract-op>Define an inherited

12141222

policy for feature in container at origin</a> on |feature|,

12151223

|container|, |container|'s <a>declared origin</a> and True is

@@ -1220,8 +1228,8 @@ partial interface HTMLIFrameElement {

12201228

permissions policy=].

12211229

2. Call <a abstract-op>Generate report for potential violation

12221230

of permissions policy on settings</a> given |feature|,

1223-

|settings|, "<code>Report</code>", and |report-only

1224-

endpoint|.

1231+

|settings|, "<code>Report</code>", |report-only endpoint|,

1232+

|allowAttribute|, and |srcAttribute|.

1225123312261234

</div>

12271235

</section>

@@ -1264,9 +1272,9 @@ partial interface HTMLIFrameElement {

1264127212651273

<div class="algorithm" data-algorithm="report-potential-permissions-policy-violation">

12661274

Given a [=policy-controlled feature|feature=] (|feature|), an <a>environment settings object</a>

1267-

(|settings|), a string (|disposition|), a string-or-null (|endpoint|), and a string-or-null

1268-

(|allowAttribute|), this algorithm generates a <a>report</a> about the <a>violation</a> of the

1269-

policy for |feature|.

1275+

(|settings|), a string (|disposition|), a string-or-null (|endpoint|), a string-or-null

1276+

(|allowAttribute|), and a string-or-null (|srcAttribute|), this algorithm generates a

1277+

<a>report</a> about the <a>violation</a> of the policy for |feature|.

1270127812711279

1. Let |body| be a new {{PermissionsPolicyViolationReportBody}}, initialized

12721280

as follows:

@@ -1283,6 +1291,8 @@ partial interface HTMLIFrameElement {

12831291

:: |disposition|

12841292

: [=PermissionsPolicyViolationReportBody/allowAttribute=]

12851293

:: |allowAttribute|

1294+

: [=PermissionsPolicyViolationReportBody/allowAttribute=]

1295+

:: |srcAttribute|

1286129612871297

1. If the user agent is currently executing script, and can extract the

12881298

source file's URL, line number, and column number from |settings|, then

@@ -1344,11 +1354,13 @@ partial interface HTMLIFrameElement {

13441354

And in the same section, in step 10, set the new {{Document}}'s

13451355

[=Document/report-only permissions policy=] to |reportOnlyPermissionsPolicy|.

134613561347-

And in the same section, in step 19 before the return, insert the following step:

1357+

In <a

1358+

href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#iframe-load-event-steps">iframe

1359+

load event steps</a>, after step 6, insert the following step:

134813601349-

19. If navigationParams's navigable's container is not null, call <a

1350-

abstract-op>Check potential violation of permissions policy in

1351-

container</a> given navigationParams's navigable's container.

1361+

7. Call <a abstract-op>Check potential violation of permissions policy in

1362+

container</a> given |element|, |element|'s allow attribute, and

1363+

|element|'s src attribute.

13521364

</section>

13531365

</section>

13541366