惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News - Newest:
Hacker News - Newest: "LLM"
Webroot Blog
Webroot Blog
S
Security @ Cisco Blogs
H
Heimdal Security Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
N
News and Events Feed by Topic
H
Hacker News: Front Page
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
SecWiki News
SecWiki News
N
News | PayPal Newsroom
T
Tor Project blog
W
WeLiveSecurity
A
Arctic Wolf
Security Archives - TechRepublic
Security Archives - TechRepublic
S
Secure Thoughts
月光博客
月光博客
AWS News Blog
AWS News Blog
D
Docker
C
CERT Recently Published Vulnerability Notes
MyScale Blog
MyScale Blog
Google Online Security Blog
Google Online Security Blog
大猫的无限游戏
大猫的无限游戏
T
The Blog of Author Tim Ferriss
I
InfoQ
人人都是产品经理
人人都是产品经理
Recent Announcements
Recent Announcements
Google DeepMind News
Google DeepMind News
Hacker News: Ask HN
Hacker News: Ask HN
Blog — PlanetScale
Blog — PlanetScale
博客园 - 【当耐特】
Engineering at Meta
Engineering at Meta
Stack Overflow Blog
Stack Overflow Blog
Recorded Future
Recorded Future
罗磊的独立博客
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
The Exploit Database - CXSecurity.com
D
DataBreaches.Net
S
Security Affairs
WordPress大学
WordPress大学
T
Threatpost
Microsoft Security Blog
Microsoft Security Blog
V
Vulnerabilities – Threatpost
The Hacker News
The Hacker News
S
SegmentFault 最新的问题
B
Blog RSS Feed
Project Zero
Project Zero
P
Proofpoint News Feed

Recent Commits to webappsec-permissions-policy:main

Add WebMCP link to features.md · w3c/webappsec-permissions-policy@c10c76d Add WebMCP link to features.md · w3c/webappsec-permissions-policy@10d8736 Add `monetization` feature (#571) · w3c/webappsec-permissions-policy@876a190 Add Permissions Policy for Digital Credentials Issuance (#573) · w3c/webappsec-permissions-policy@29efab0 [focus-without-user-activation] Add alternative solutions (#563) · w3c/webappsec-permissions-policy@298d386 Add proposed features from Chrome's Built-In AI APIs (#570) · w3c/webappsec-permissions-policy@4de8724 Replace `shared-autofill` with `autofill` and `manual-text` (#560) · w3c/webappsec-permissions-policy@6f3b837 Do not use request's window concept (#565) · w3c/webappsec-permissions-policy@20ab675 focus-without-user-activation: Add missing HTML closing quote in exam… · w3c/webappsec-permissions-policy@b5dde2c Merge pull request #559 from shhnjk/main · w3c/webappsec-permissions-policy@e9edeb5 Put PermissionsPolicyViolationReportBody/allowAttribute back · w3c/webappsec-permissions-policy@1c37e68 Update index.bs · w3c/webappsec-permissions-policy@7c8ed48 Nit · w3c/webappsec-permissions-policy@173adc5 Add `ch-ua-high-entropy-values` feature (#558) · w3c/webappsec-permissions-policy@8430c86 Send reports for Permissions Policy violations in iframe to parent fr… · w3c/webappsec-permissions-policy@314ffc9 Add `storage-access` feature · w3c/webappsec-permissions-policy@c73ef39 Add 'deferred-fetch' as proposed feature · w3c/webappsec-permissions-policy@dedd81f Add mediasession feature · w3c/webappsec-permissions-policy@8ef8664 Clarify picture-in-picture shipping status · w3c/webappsec-permissions-policy@1d05f5e
add allow and src attribute to potential permissions policy violation · w3c/webappsec-permissions-policy@bb175d2
shhnjk · 2025-02-01 · via Recent Commits to webappsec-permissions-policy:main

@@ -824,6 +824,7 @@ partial interface HTMLIFrameElement {

824824

readonly attribute long? columnNumber;

825825

readonly attribute DOMString disposition;

826826

readonly attribute DOMString? allowAttribute;

827+

readonly attribute DOMString? srcAttribute;

827828

};

828829

</pre>

829830

@@ -862,6 +863,11 @@ partial interface HTMLIFrameElement {

862863

<{iframe}> element, the value of the <{iframe/allow}> attribute of that

863864

element, or omitted otherwise.

864865866+

- <dfn for="PermissionsPolicyViolationReportBody">allowAttribute</dfn>: For

867+

reports of potential violations, which can be attributed to a specific

868+

<{iframe}> element, the value of the <{iframe/src}> attribute of that

869+

element, or omitted otherwise.

870+865871

<section>

866872

<h3 id="permissions-policy-report-only-http-header-field">\``Permissions-Policy-Report-Only`\` HTTP Header Field</h3>

867873

<p>The \`<dfn export http-header

@@ -1194,8 +1200,9 @@ partial interface HTMLIFrameElement {

11941200

## <dfn abstract-op id="check-potential-violation-in-container">Check potential violation of permissions policy in container</dfn> ## {#algo-check-potential-violation-in-container}

1195120111961202

<div class="algorithm" data-algorithm="check-potential-violation-in-container">

1197-

Given a <a>navigable container</a> (|container|), this algorithm sends potential

1198-

violation reports.

1203+

Given a <a>navigable container</a> (|container|), a string-or-null

1204+

(|allowAttribute|), and a string-or-null (|srcAttribute|), this algorithm

1205+

sends potential violation reports.

11991206

1. Let |document| be |container|'s <a>node document</a>.

12001207

2. Let |settings| be |document|'s <a>environment settings

12011208

object</a>.

@@ -1209,7 +1216,8 @@ partial interface HTMLIFrameElement {

12091216

|document|'s [=Document/permissions policy=].

12101217

2. Call <a abstract-op>Generate report for potential violation

12111218

of permissions policy on settings</a> given |feature|,

1212-

|settings|, "<code>Enforce</code>", and |endpoint|.

1219+

|settings|, "<code>Enforce</code>", |endpoint|, |allowAttribute|,

1220+

and |srcAttribute|.

12131221

2. Else, if the result of running <a abstract-op>Define an inherited

12141222

policy for feature in container at origin</a> on |feature|,

12151223

|container|, |container|'s <a>declared origin</a> and True is

@@ -1220,8 +1228,8 @@ partial interface HTMLIFrameElement {

12201228

permissions policy=].

12211229

2. Call <a abstract-op>Generate report for potential violation

12221230

of permissions policy on settings</a> given |feature|,

1223-

|settings|, "<code>Report</code>", and |report-only

1224-

endpoint|.

1231+

|settings|, "<code>Report</code>", |report-only endpoint|,

1232+

|allowAttribute|, and |srcAttribute|.

1225123312261234

</div>

12271235

</section>

@@ -1264,9 +1272,9 @@ partial interface HTMLIFrameElement {

1264127212651273

<div class="algorithm" data-algorithm="report-potential-permissions-policy-violation">

12661274

Given a [=policy-controlled feature|feature=] (|feature|), an <a>environment settings object</a>

1267-

(|settings|), a string (|disposition|), a string-or-null (|endpoint|), and a string-or-null

1268-

(|allowAttribute|), this algorithm generates a <a>report</a> about the <a>violation</a> of the

1269-

policy for |feature|.

1275+

(|settings|), a string (|disposition|), a string-or-null (|endpoint|), a string-or-null

1276+

(|allowAttribute|), and a string-or-null (|srcAttribute|), this algorithm generates a

1277+

<a>report</a> about the <a>violation</a> of the policy for |feature|.

1270127812711279

1. Let |body| be a new {{PermissionsPolicyViolationReportBody}}, initialized

12721280

as follows:

@@ -1283,6 +1291,8 @@ partial interface HTMLIFrameElement {

12831291

:: |disposition|

12841292

: [=PermissionsPolicyViolationReportBody/allowAttribute=]

12851293

:: |allowAttribute|

1294+

: [=PermissionsPolicyViolationReportBody/allowAttribute=]

1295+

:: |srcAttribute|

1286129612871297

1. If the user agent is currently executing script, and can extract the

12881298

source file's URL, line number, and column number from |settings|, then

@@ -1344,11 +1354,13 @@ partial interface HTMLIFrameElement {

13441354

And in the same section, in step 10, set the new {{Document}}'s

13451355

[=Document/report-only permissions policy=] to |reportOnlyPermissionsPolicy|.

134613561347-

And in the same section, in step 19 before the return, insert the following step:

1357+

In <a

1358+

href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#iframe-load-event-steps">iframe

1359+

load event steps</a>, after step 6, insert the following step:

134813601349-

19. If navigationParams's navigable's container is not null, call <a

1350-

abstract-op>Check potential violation of permissions policy in

1351-

container</a> given navigationParams's navigable's container.

1361+

7. Call <a abstract-op>Check potential violation of permissions policy in

1362+

container</a> given |element|, |element|'s allow attribute, and

1363+

|element|'s src attribute.

13521364

</section>

13531365

</section>

13541366