From 48109109158c740cff33b15ff8f2fbcfbbd8ceab Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Tue, 9 Apr 2024 17:55:30 +0000 Subject: [PATCH 1/5] disable embedder-initiated --- spec.bs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/spec.bs b/spec.bs index 6a45958..ecff16f 100644 --- a/spec.bs +++ b/spec.bs @@ -516,6 +516,16 @@ The config IDL attribute getter 1. If |navigation url or urn| is failure, then return. + 1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s + [=browsing context/fenced frame config instance=]. + + 1. If |instance| is not null: + 1. If |instance|'s [=fenced frame config instance/untrusted network status=] is not + [=untrusted network status/enabled=], then return. + + Note: Embedder-initiated navigations of fenced frame roots are not allowed after the + embedder's network has been disabled. + 1. Let |shared storage context| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/ sharedStorageContext=]. From 22774454cb0c7964648a6e02ef0f9a82ae952cad Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Mon, 19 Aug 2024 03:02:50 +0000 Subject: [PATCH 2/5] address comments --- spec.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec.bs b/spec.bs index ecff16f..89ed7ed 100644 --- a/spec.bs +++ b/spec.bs @@ -523,8 +523,8 @@ The config IDL attribute getter 1. If |instance|'s [=fenced frame config instance/untrusted network status=] is not [=untrusted network status/enabled=], then return. - Note: Embedder-initiated navigations of fenced frame roots are not allowed after the - embedder's network has been disabled. + 1. If |instance|'s [=fenced frame config instance/has disabled untrusted network=] is true, + then return. 1. Let |shared storage context| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/ sharedStorageContext=]. From 51bbd5191e5f0bc6885ebdd25d8c020733938caa Mon Sep 17 00:00:00 2001 From: Andrew Verge Date: Fri, 22 Nov 2024 11:05:09 -0500 Subject: [PATCH 3/5] address comment from domfarolino --- spec.bs | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/spec.bs b/spec.bs index 89ed7ed..9a996e0 100644 --- a/spec.bs +++ b/spec.bs @@ -510,22 +510,18 @@ The config IDL attribute getter Note: This holds because when the element has been removed from the DOM, its removal steps immediately destroy the [=fenced navigable container/fenced navigable=]. + 1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s + [=browsing context/fenced frame config instance=]. + + 1. If |instance| is not null, then if |instance|'s [=fenced frame config instance/untrusted + network status=] is not [=untrusted network status/enabled=], then return. + 1. Let |navigation url or urn| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/url=] if the given {{FencedFrameConfig}}'s [=fencedframeconfig/url=] is not null, and the given {{FencedFrameConfig}}'s [=fencedframeconfig/urn=] otherwise. 1. If |navigation url or urn| is failure, then return. - 1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s - [=browsing context/fenced frame config instance=]. - - 1. If |instance| is not null: - 1. If |instance|'s [=fenced frame config instance/untrusted network status=] is not - [=untrusted network status/enabled=], then return. - - 1. If |instance|'s [=fenced frame config instance/has disabled untrusted network=] is true, - then return. - 1. Let |shared storage context| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/ sharedStorageContext=]. From 69f187dadbe1eebe2bb294c41a06db8bb3a3d6f3 Mon Sep 17 00:00:00 2001 From: Andrew Verge Date: Wed, 15 Jan 2025 11:01:48 -0500 Subject: [PATCH 4/5] Add TODO to link network revocation WPTs --- spec.bs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/spec.bs b/spec.bs index 9a996e0..7715b93 100644 --- a/spec.bs +++ b/spec.bs @@ -2120,6 +2120,9 @@ exempt specific URLs from network revocation. Issue: This will require a RFC to add a test-only function to the WPT web driver. (WICG/fenced-frame#192) +Once that web driver changes is made, existing Chromium-internal web platform tests for +{{Fence/disableUntrustedNetwork()}} need to be upstreamed and linked here. +(WICG/fenced-frame#207)
To revoke network for a partition nonce using a [=fenced frame config From 82f21b35a0cdc2b0d72fee0f5e783a4b331c56fa Mon Sep 17 00:00:00 2001 From: Andrew Verge Date: Tue, 21 Jan 2025 08:29:16 -0500 Subject: [PATCH 5/5] Apply suggestion from domfarolino --- spec.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec.bs b/spec.bs index 7715b93..8499b2a 100644 --- a/spec.bs +++ b/spec.bs @@ -513,8 +513,8 @@ The config IDL attribute getter 1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s [=browsing context/fenced frame config instance=]. - 1. If |instance| is not null, then if |instance|'s [=fenced frame config instance/untrusted - network status=] is not [=untrusted network status/enabled=], then return. + 1. If |instance| is not null, and its [=fenced frame config instance/untrusted network status=] + is not [=untrusted network status/enabled=], then return. 1. Let |navigation url or urn| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/url=] if the given {{FencedFrameConfig}}'s [=fencedframeconfig/url=] is not null, and the given