这是indexloc提供的服务,不要输入任何密码
Skip to content

Rename and document fenced frame config's required permissions #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Apr 27, 2023
Merged

Rename and document fenced frame config's required permissions #81

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
520634a
Rename exhaustive and effective permissions to required
domfarolino Apr 27, 2023
9809837
Wording
domfarolino Apr 27, 2023
8195b9a
Rename and re-note
domfarolino Apr 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 26 additions & 12 deletions spec.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,10 @@ spec: CSPEE; urlPrefix: https://w3c.github.io/webappsec-cspee/
type: dfn
text: Is response to request blocked by context's required CSP?; url: process-response
text: required csp; url: browsing-context-required-csp
spec: permissions-policy; urlPrefix: https://w3c.github.io/webappsec-permissions-policy
type: dfn
for: permissions policy
text: inherited policy; url: inherited-policy
</pre>

<style>
Expand Down Expand Up @@ -504,9 +508,6 @@ descriptor">name</dfn>, which is a string.
An <dfn export for=fencedframetype>exhaustive set of sandbox flags</dfn> is a [=sandboxing flag
set=].

An <dfn export for=fencedframetype>exhaustive set of permissions</dfn> is a [=list=] of
[=policy-controlled features=].

A <dfn export for=fencedframetype>fenced frame reporter</dfn> is <span class=XXX>TODO: Specify the type for this.</span>

<div algorithm>
Expand Down Expand Up @@ -583,14 +584,26 @@ A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/
: <dfn for="effective sandbox flags">visibility</dfn>
:: a [=visibility=]

: <dfn>effective permissions</dfn>
: <dfn>effective enabled permissions</dfn>
:: null, or a struct with the following fields:
: <dfn for="effective permissions">value</dfn>
:: an [=fencedframetype/exhaustive set of permissions=]
: <dfn for="effective enabled permissions">value</dfn>
:: a [=list=] of [=policy-controlled features=]

: <dfn for="effective permissions">visibility</dfn>
: <dfn for="effective enabled permissions">visibility</dfn>
:: a [=visibility=]

Note: When non-null, this is a [=list=] of [=policy-controlled features=] that the generator of
this config relies on exclusively being enabled inside the <{fencedframe}> that navigates to
this config. Specifically, each feature in this list <span class=allow-2119>must</span> be
enabled by the <{fencedframe}>'s [=fenced navigable container/fenced navigable=]'s
[=Document/permissions policy=]'s [=permissions policy/inherited policy=] when navigating to
this config for the navigation to succeed. The features in this list are not force-enabled, but
rather are used to check that the embedder environment that influences the aforementioned
[=permissions policy/inherited policy=] is relaxed enough to support these essential features.
If the [=inherited policy for a feature|inherited policy value=] for any of these features is
"`Disabled`", the navigation to this config will fail. Any [=policy-controlled feature=] *not*
in this list will not be "`Disabled`" in the <{fencedframe}> that navigates to this config.

: <dfn>fenced frame reporter</dfn>
:: null, or a struct with the following fields:
: <dfn for="fenced frame reporter">value</dfn>
Expand Down Expand Up @@ -639,8 +652,8 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
: <dfn>effective sandbox flags</dfn>
:: null, or an [=fencedframetype/exhaustive set of sandbox flags=]

: <dfn>effective permissions</dfn>
:: null, or an [=fencedframetype/exhaustive set of permissions=]
: <dfn>effective enabled permissions</dfn>
:: null, or a [=list=] of [=policy-controlled features=]

: <dfn>fenced frame reporter</dfn> TODO: including automatic beacon info
:: null, or a [=fencedframetype/fenced frame reporter=]
Expand Down Expand Up @@ -681,9 +694,10 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
:: |config|'s [=fenced frame config/effective sandbox flags=] if null, otherwise |config|'s
[=fenced frame config/effective sandbox flags=]'s [=effective sandbox flags/value=]

: [=fenced frame config instance/effective permissions=]
:: |config|'s [=fenced frame config/effective permissions=] if null, otherwise |config|'s
[=fenced frame config/effective permissions=]'s [=effective permissions/value=]
: [=fenced frame config instance/effective enabled permissions=]
:: |config|'s [=fenced frame config/effective enabled permissions=] if null, otherwise
|config|'s [=fenced frame config/effective enabled permissions=]'s [=effective enabled
permissions/value=]

: [=fenced frame config instance/fenced frame reporter=]
:: |config|'s <span class=XXX>TODO: Fill this in</span>
Expand Down