惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
GRAHAM CLULEY
S
Security @ Cisco Blogs
P
Proofpoint News Feed
Cisco Talos Blog
Cisco Talos Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
WordPress大学
WordPress大学
Project Zero
Project Zero
S
Schneier on Security
P
Proofpoint News Feed
小众软件
小众软件
P
Privacy International News Feed
美团技术团队
L
LangChain Blog
Know Your Adversary
Know Your Adversary
J
Java Code Geeks
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
The Register - Security
The Register - Security
N
Netflix TechBlog - Medium
Microsoft Security Blog
Microsoft Security Blog
Engineering at Meta
Engineering at Meta
I
InfoQ
量子位
Vercel News
Vercel News
博客园 - 三生石上(FineUI控件)
Spread Privacy
Spread Privacy
D
DataBreaches.Net
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
U
Unit 42
P
Privacy & Cybersecurity Law Blog
C
Cybersecurity and Infrastructure Security Agency CISA
T
The Blog of Author Tim Ferriss
Latest news
Latest news
K
Kaspersky official blog
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 热门话题
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
S
Securelist
AWS News Blog
AWS News Blog
F
Fortinet All Blogs
T
Threat Research - Cisco Blogs
Stack Overflow Blog
Stack Overflow Blog
Scott Helme
Scott Helme
Help Net Security
Help Net Security
Y
Y Combinator Blog
宝玉的分享
宝玉的分享
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
Tenable Blog

Recent Commits to webappsec-permissions-policy:main

Add WebMCP link to features.md · w3c/webappsec-permissions-policy@c10c76d Add WebMCP link to features.md · w3c/webappsec-permissions-policy@10d8736 Add `monetization` feature (#571) · w3c/webappsec-permissions-policy@876a190 Add Permissions Policy for Digital Credentials Issuance (#573) · w3c/webappsec-permissions-policy@29efab0 [focus-without-user-activation] Add alternative solutions (#563) · w3c/webappsec-permissions-policy@298d386 Add proposed features from Chrome's Built-In AI APIs (#570) · w3c/webappsec-permissions-policy@4de8724 Replace `shared-autofill` with `autofill` and `manual-text` (#560) · w3c/webappsec-permissions-policy@6f3b837 Do not use request's window concept (#565) · w3c/webappsec-permissions-policy@20ab675 focus-without-user-activation: Add missing HTML closing quote in exam… · w3c/webappsec-permissions-policy@b5dde2c Merge pull request #559 from shhnjk/main · w3c/webappsec-permissions-policy@e9edeb5 Put PermissionsPolicyViolationReportBody/allowAttribute back · w3c/webappsec-permissions-policy@1c37e68 Update index.bs · w3c/webappsec-permissions-policy@7c8ed48 Nit · w3c/webappsec-permissions-policy@173adc5 add allow and src attribute to potential permissions policy violation · w3c/webappsec-permissions-policy@bb175d2 Add `ch-ua-high-entropy-values` feature (#558) · w3c/webappsec-permissions-policy@8430c86 Add `storage-access` feature · w3c/webappsec-permissions-policy@c73ef39 Add 'deferred-fetch' as proposed feature · w3c/webappsec-permissions-policy@dedd81f Add mediasession feature · w3c/webappsec-permissions-policy@8ef8664 Clarify picture-in-picture shipping status · w3c/webappsec-permissions-policy@1d05f5e
Send reports for Permissions Policy violations in iframe to parent fr… · w3c/webappsec-permissions-policy@314ffc9
shhnjk · 2024-09-26 · via Recent Commits to webappsec-permissions-policy:main

@@ -823,6 +823,7 @@ partial interface HTMLIFrameElement {

823823

readonly attribute long? lineNumber;

824824

readonly attribute long? columnNumber;

825825

readonly attribute DOMString disposition;

826+

readonly attribute DOMString? allowAttribute;

826827

};

827828

</pre>

828829

@@ -856,6 +857,11 @@ partial interface HTMLIFrameElement {

856857

resulted only in this report being generated (with no further action taken

857858

by the user agent in response to the violation).

858859860+

- <dfn for="PermissionsPolicyViolationReportBody">allowAttribute</dfn>: For

861+

reports of potential violations, which can be attributed to a specific

862+

<{iframe}> element, the value of the <{iframe/allow}> attribute of that

863+

element, or omitted otherwise.

864+859865

<section>

860866

<h3 id="permissions-policy-report-only-http-header-field">\``Permissions-Policy-Report-Only`\` HTTP Header Field</h3>

861867

<p>The \`<dfn export http-header

@@ -1044,17 +1050,19 @@ partial interface HTMLIFrameElement {

10441050

<div class="algorithm"

10451051

data-algorithm="define-inherited-policy-in-container">

10461052

Given a [=policy-controlled feature|feature=] (|feature|), null or a <a>navigable container</a>

1047-

(|container|), and an <a for="Document">origin</a> for a {{Document}} in

1048-

that container (|origin|), this algorithm returns the [=inherited policy for

1049-

a feature|inherited policy value=] for |feature|.

1053+

(|container|), an <a for="Document">origin</a> for a {{Document}} in

1054+

that container (|origin|), and an optional boolean (|report-only|), with

1055+

a default value of False, this algorithm returns the [=inherited policy

1056+

for a feature|inherited policy value=] for |feature|.

10501057

1. If |container| is null, return "<code>Enabled</code>".

10511058

1. If the result of executing <a abstract-op>Get feature value for

1052-

origin</a> on |feature|, |container|'s <a>node document</a>, and

1053-

|container|'s <a>node document</a>'s origin is

1059+

origin</a> on |feature|, |container|'s <a>node document</a>,

1060+

|container|'s <a>node document</a>'s origin, and |report-only| is

10541061

"<code>Disabled</code>", return "<code>Disabled</code>".

10551062

1. If the result of executing <a abstract-op>Get feature value for

1056-

origin</a> on |feature|, |container|'s <a>node document</a>, and

1057-

|origin| is "<code>Disabled</code>", return "<code>Disabled</code>".

1063+

origin</a> on |feature|, |container|'s <a>node document</a>, |origin|,

1064+

and |report-only| is "<code>Disabled</code>", return

1065+

"<code>Disabled</code>".

10581066

1. Let |container policy| be the result of running <a abstract-op>Process

10591067

permissions policy attributes</a> on |container|.

10601068

1. If |feature| [=map/exists=] in |container policy|:

@@ -1075,10 +1083,12 @@ partial interface HTMLIFrameElement {

1075108310761084

<div class="algorithm" data-algorithm="get-feature-value-for-origin">

10771085

Given a [=policy-controlled feature|feature=] (|feature|), a {{Document}} object

1078-

(|document|), and an [=origin=] (|origin|), this algorithm

1079-

returns "<code>Disabled</code>" if |feature| should be considered

1080-

disabled, and "<code>Enabled</code>" otherwise.

1081-

1. Let |policy| be |document|'s [=Document/permissions policy=].

1086+

(|document|), an [=origin=] (|origin|), and a boolean (|report-only|),

1087+

this algorithm returns "<code>Disabled</code>" if |feature| should be

1088+

considered disabled, and "<code>Enabled</code>" otherwise.

1089+

1. Let |policy| be |document|'s [=Document/report-only permissions

1090+

policy=] if |report-only| is True, or |document|'s

1091+

[=Document/permissions policy=] otherwise.

10821092

1. If |policy|'s <a for="permissions policy">inherited policy</a> for

10831093

|feature| is "<code>Disabled</code>", return "<code>Disabled</code>".

10841094

1. If |feature| is present in |policy|'s <a for="permissions policy">declared

@@ -1180,6 +1190,41 @@ partial interface HTMLIFrameElement {

1180119011811191

</div>

11821192

</section>

1193+

<section>

1194+

## <dfn abstract-op id="check-potential-violation-in-container">Check potential violation of permissions policy in container</dfn> ## {#algo-check-potential-violation-in-container}

1195+1196+

<div class="algorithm" data-algorithm="check-potential-violation-in-container">

1197+

Given a <a>navigable container</a> (|container|), this algorithm sends potential

1198+

violation reports.

1199+

1. Let |document| be |container|'s <a>node document</a>.

1200+

2. Let |settings| be |document|'s <a>environment settings

1201+

object</a>.

1202+

3. [=set/For each=] <a>supported feature</a> |feature|:

1203+

1. If the result of running <a abstract-op>Define an inherited

1204+

policy for feature in container at origin</a> on |feature|,

1205+

|container| and |container|'s <a>declared origin</a> is

1206+

"<code>Disabled</code>":

1207+

1. Let |endpoint| be the result of calling <a abstract-op>Get

1208+

the reporting endpoint for a feature</a> given |feature| and

1209+

|document|'s [=Document/permissions policy=].

1210+

2. Call <a abstract-op>Generate report for potential violation

1211+

of permissions policy on settings</a> given |feature|,

1212+

|settings|, "<code>Enforce</code>", and |endpoint|.

1213+

2. Else, if the result of running <a abstract-op>Define an inherited

1214+

policy for feature in container at origin</a> on |feature|,

1215+

|container|, |container|'s <a>declared origin</a> and True is

1216+

"<code>Disabled</code>":

1217+

1. Let |report-only endpoint| be the result of calling <a

1218+

abstract-op>Get the reporting endpoint for a feature</a>

1219+

given |feature| and |document|'s [=Document/report-only

1220+

permissions policy=].

1221+

2. Call <a abstract-op>Generate report for potential violation

1222+

of permissions policy on settings</a> given |feature|,

1223+

|settings|, "<code>Report</code>", and |report-only

1224+

endpoint|.

1225+1226+

</div>

1227+

</section>

11831228

<section>

11841229

## <dfn export abstract-op id="report-permissions-policy-violation">Generate report for violation of permissions policy on settings</dfn> ## {#algo-report-permissions-policy-violation}

11851230

@@ -1214,6 +1259,42 @@ partial interface HTMLIFrameElement {

1214125912151260

</div>

12161261

</section>

1262+

<section>

1263+

## <dfn export abstract-op id="report-potential-permissions-policy-violation">Generate report for potential violation of permissions policy on settings</dfn> ## {#algo-report-potential-permissions-policy-violation}

1264+1265+

<div class="algorithm" data-algorithm="report-potential-permissions-policy-violation">

1266+

Given a [=policy-controlled feature|feature=] (|feature|), an <a>environment settings object</a>

1267+

(|settings|), a string (|disposition|), a string-or-null (|endpoint|), and a string-or-null

1268+

(|allowAttribute|), this algorithm generates a <a>report</a> about the <a>violation</a> of the

1269+

policy for |feature|.

1270+1271+

1. Let |body| be a new {{PermissionsPolicyViolationReportBody}}, initialized

1272+

as follows:

1273+1274+

: [=PermissionsPolicyViolationReportBody/featureId=]

1275+

:: |feature|'s string representation.

1276+

: [=PermissionsPolicyViolationReportBody/sourceFile=]

1277+

:: null

1278+

: [=PermissionsPolicyViolationReportBody/lineNumber=]

1279+

:: null

1280+

: [=PermissionsPolicyViolationReportBody/columnNumber=]

1281+

:: null

1282+

: [=PermissionsPolicyViolationReportBody/disposition=]

1283+

:: |disposition|

1284+

: [=PermissionsPolicyViolationReportBody/allowAttribute=]

1285+

:: |allowAttribute|

1286+1287+

1. If the user agent is currently executing script, and can extract the

1288+

source file's URL, line number, and column number from |settings|, then

1289+

set |body|'s [=PermissionsPolicyViolationReportBody/sourceFile=],

1290+

[=PermissionsPolicyViolationReportBody/lineNumber=], and

1291+

[=PermissionsPolicyViolationReportBody/columnNumber=] accordingly.

1292+1293+

1. Execute [=generate and queue a report=] with |body|,

1294+

"potential-permissions-policy-violation", |endpoint|, and |settings|.

1295+1296+

</div>

1297+

</section>

12171298

<section>

12181299

## <dfn export abstract-op id="should-request-be-allowed-to-use-feature">Should request be allowed to use feature?</dfn> ## {#algo-should-request-be-allowed-to-use-feature}

12191300

@@ -1261,7 +1342,13 @@ partial interface HTMLIFrameElement {

12611342

navigationParams's origin, navigationParams's response, and True.

1262134312631344

And in the same section, in step 10, set the new {{Document}}'s

1264-

[=Document/report-only permissions policy=] to |reportOnlyPermissionsPolicy|.

1345+

[=Document/report-only permissions policy=] to |reportOnlyPermissionsPolicy|.

1346+1347+

And in the same section, in step 19 before the return, insert the following step:

1348+1349+

19. If navigationParams's navigable's container is not null, call <a

1350+

abstract-op>Check potential violation of permissions policy in

1351+

container</a> given navigationParams's navigable's container.

12651352

</section>

12661353

</section>

12671354