惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
雷峰网
雷峰网
Recent Announcements
Recent Announcements
月光博客
月光博客
G
Google Developers Blog
腾讯CDC
S
Secure Thoughts
大猫的无限游戏
大猫的无限游戏
T
Tenable Blog
云风的 BLOG
云风的 BLOG
W
WeLiveSecurity
博客园 - 【当耐特】
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
博客园 - 聂微东
The Cloudflare Blog
阮一峰的网络日志
阮一峰的网络日志
人人都是产品经理
人人都是产品经理
P
Privacy International News Feed
MyScale Blog
MyScale Blog
K
Kaspersky official blog
T
The Blog of Author Tim Ferriss
Attack and Defense Labs
Attack and Defense Labs
Spread Privacy
Spread Privacy
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
aimingoo的专栏
aimingoo的专栏
I
Intezer
Vercel News
Vercel News
小众软件
小众软件
Simon Willison's Weblog
Simon Willison's Weblog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
N
Netflix TechBlog - Medium
P
Proofpoint News Feed
Latest news
Latest news
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Tor Project blog
S
Security Affairs
P
Proofpoint News Feed
博客园 - 三生石上(FineUI控件)
博客园 - Franky
C
Cyber Attacks, Cyber Crime and Cyber Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
美团技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
Security @ Cisco Blogs
L
LINUX DO - 热门话题
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
D
Docker
L
Lohrmann on Cybersecurity
F
Full Disclosure

Recent Commits to webappsec-permissions-policy:main

Add WebMCP link to features.md · w3c/webappsec-permissions-policy@c10c76d Add WebMCP link to features.md · w3c/webappsec-permissions-policy@10d8736 Add `monetization` feature (#571) · w3c/webappsec-permissions-policy@876a190 Add Permissions Policy for Digital Credentials Issuance (#573) · w3c/webappsec-permissions-policy@29efab0 [focus-without-user-activation] Add alternative solutions (#563) · w3c/webappsec-permissions-policy@298d386 Add proposed features from Chrome's Built-In AI APIs (#570) · w3c/webappsec-permissions-policy@4de8724 Replace `shared-autofill` with `autofill` and `manual-text` (#560) · w3c/webappsec-permissions-policy@6f3b837 focus-without-user-activation: Add missing HTML closing quote in exam… · w3c/webappsec-permissions-policy@b5dde2c Merge pull request #559 from shhnjk/main · w3c/webappsec-permissions-policy@e9edeb5 Put PermissionsPolicyViolationReportBody/allowAttribute back · w3c/webappsec-permissions-policy@1c37e68 Update index.bs · w3c/webappsec-permissions-policy@7c8ed48 Nit · w3c/webappsec-permissions-policy@173adc5 add allow and src attribute to potential permissions policy violation · w3c/webappsec-permissions-policy@bb175d2 Add `ch-ua-high-entropy-values` feature (#558) · w3c/webappsec-permissions-policy@8430c86 Send reports for Permissions Policy violations in iframe to parent fr… · w3c/webappsec-permissions-policy@314ffc9 Add `storage-access` feature · w3c/webappsec-permissions-policy@c73ef39 Add 'deferred-fetch' as proposed feature · w3c/webappsec-permissions-policy@dedd81f Add mediasession feature · w3c/webappsec-permissions-policy@8ef8664 Clarify picture-in-picture shipping status · w3c/webappsec-permissions-policy@1d05f5e
Do not use request's window concept (#565) · w3c/webappsec-permissions-policy@20ab675
domenic · 2025-07-19 · via Recent Commits to webappsec-permissions-policy:main
Original file line numberDiff line numberDiff line change

@@ -1313,16 +1313,19 @@ partial interface HTMLIFrameElement {

13131313

Given a [=policy-controlled feature|feature=] (|feature|) and a <a for="/">request</a> (|request|),

13141314

this algorithm returns <code>true</code> if the request should be allowed to

13151315

use |feature|, and <code>false</code> otherwise.

1316-

1. Set |window| to |request|’s <a for="request">window</a>.

1317-

1. If |window| is not a {{Window}}, return <code>false</code>.

1316+

1. Let |client| be |request|’s [=request/client=].

1317+

1. If |client| is null, return <code>false</code>.

1318+

1. If |client|'s [=environment settings object/global object=] is not a {{Window}}, return

1319+

<code>false</code>.

13181320

<div class="issue">Permissions Policy within non-Window contexts

13191321

({{WorkerGlobalScope}} or {{WorkletGlobalScope}}) is being figured out in

13201322

<a href="https://github.com/w3c/webappsec-permissions-policy/issues/207">issue

13211323

#207</a>. After that’s resolved, update this algorithm to allow fetches

13221324

initiated within these contexts to use policy-controlled features.

13231325

*Until* that’s resolved, disallow all policy-controlled features (e.g.,

13241326

sending Client Hints to third parties) in these contexts.</div>

1325-

1. Set |document| to |window|’s <a>associated `Document`</a>.

1327+

1. Set |document| to |client|’s [=environment settings object/global object=]’s

1328+

<a>associated `Document`</a>.

13261329

1. Let |origin| be |request|’s <a for="request">origin</a>.

13271330

1. Let |result| be the result of executing <a abstract-op>Is feature

13281331

enabled in document for origin?</a> on |feature|, |document|, and |origin|.