From 9f6b91cb14a0f497ee5b3e7118ee65e687eaea78 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Wed, 6 Jul 2016 21:47:42 +0200 Subject: [PATCH] Make allowfullscreen and allowusermedia match implementations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fullscreen sandboxing was never implemented and it appears there are no immediate plans for it by either Google or Mozilla. So let’s remove it. Fixes #1240. This also removes sandboxing for getUserMedia() as that meant to follow the example set by fullscreen. A feature that can be allowed in nested browsing contexts, is not by default, and does not require sandboxing to be enabled for it to be allowed. Furthermore, the way allowfullscreen works in implementations is by dynamically checking the attribute. That requires moving to an “allowed to use” algorithm rather than using a fullscreen enabled flag. The fullscreen enabled flag was determined upon creation of the document and frozen afterwards. This new model allows setting the attribute at any point. (Note that this is different from how sandboxing works, which is frozen upon creation, but now they are no longer tied that matters less.) Fixes #1481. (Aside, the fullscreen enabled flag logic got broken in 688df431630fe7d9a0518e402c1f1543d0f493a0, but that no longer matters.) This change also aligns the recently introduced allowusermedia with that model since implementers likely want that to remain matching allowfullscreen. --- source | 120 +++++++++++++++++++++------------------------------------ 1 file changed, 44 insertions(+), 76 deletions(-) diff --git a/source b/source index efd1fa3d8a9..b685f67ccca 100644 --- a/source +++ b/source @@ -3253,7 +3253,6 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d

The High Resolution Time specification provides the HTMLIFrameElement : HTMLElement { has a nested browsing context, the user agent must parse the sandboxing directive using the attribute's value as the input and the iframe element's nested browsing context's - iframe sandboxing flag set as the output. If the iframe has - an allowfullscreen attribute, set the allow - fullscreen flag; if the iframe has an allowusermedia attribute, set the allow user media - flag.

+ iframe sandboxing flag set as the output.

When an iframe element's sandbox attribute is removed while it has a nested browsing context, the user agent must @@ -28248,7 +28243,7 @@ interface HTMLIFrameElement : HTMLElement { -

+

The allowfullscreen attribute is a boolean attribute. When specified, it indicates that Document objects in @@ -28275,14 +28270,34 @@ interface HTMLIFrameElement : HTMLElement { -

-

The allowusermedia attribute is a boolean attribute. When specified, it indicates that Document objects in the iframe element's browsing context are to be allowed to use getUserMedia() (if it's not blocked for other reasons, e.g. there is another ancestor iframe without this attribute set).

+
+

To determine whether a Document object document + is allowed to use the feature indicated by attribute name allowattribute, + run these steps:

+ +
    +

  1. If document has no browsing context, + then return false.

    2. + +

  2. If document's browsing context has + no browsing context container, then return true.

    3. + +

  3. If document's browsing context has a + browsing context container that is an iframe element with an + allowattribute attribute specified, and whose node document is + allowed to use the feature indicated by allowattribute, then return + true.

    4. + +

  4. Return false.

    5. +
+
+

The iframe element supports dimension attributes for cases where the @@ -79895,25 +79910,6 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp -

The sandboxed fullscreen browsing context flag
- -
- -

This flag prevents content from using the requestFullscreen() method.

- -
- -
The sandboxed user media browsing context flag
- -
- -

This flag prevents content from using the getUserMedia() method.

- -
- -
The sandboxed document.domain browsing context flag
@@ -79970,8 +79966,9 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp -

When the user agent is to parse a sandboxing directive, given a string input, a sandboxing flag set output, and - optionally an allow fullscreen flag and allow user media flag, it must run the following steps:

+

When the user agent is to parse a sandboxing directive, given a string + input, a sandboxing flag set output, it must run the following + steps:

    @@ -80037,12 +80034,6 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

    The sandboxed storage area URLs flag.

    -

  1. The sandboxed fullscreen browsing context flag, unless the allow fullscreen flag was passed to the parse a sandboxing - directive algorithm.

    2. - -

  2. The sandboxed user media browsing context flag, unless the allow user media flag was passed to the parse a sandboxing - directive algorithm.

    3. -

  3. The sandboxed document.domain browsing context flag.

    4. @@ -80098,50 +80089,27 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

    To implement the sandboxing for a Document object document, - run these steps:

    - -
      -
    1. -

      Populate document's active sandboxing flag set with the union of the - flags that are present in the following sandboxing flag - sets:

      - -
        -

      • If document's browsing context is a - top-level browsing context, then: the flags set on the browsing - context's popup sandboxing flag set.

        • - -

      • If document's browsing context is a - nested browsing context, then: the flags set on the browsing - context's iframe sandboxing flag set.

        • - -

      • If document's browsing context is a - nested browsing context, then: the flags set on the browsing - context's parent browsing context's active document's - active sandboxing flag set.

        • + populate document's active sandboxing flag set with the union of the flags + that are present in the following sandboxing flag + sets:

        -

      • The flags set on document's resource's forced sandboxing flag - set, if it has one.

        • -
      -
      2. +
        +

      • If document's browsing context is a + top-level browsing context, then: the flags set on the browsing + context's popup sandboxing flag set.

        • -

      • If the active sandboxing flag set of - document's browsing context or any of its - ancestor browsing contexts (if any) have the - sandboxed fullscreen browsing context flag set, then abort these steps.

        • +

      • If document's browsing context is a + nested browsing context, then: the flags set on the browsing context's + iframe sandboxing flag set.

        • -

      • If document's browsing context has a - browsing context container that is an iframe element with an allowfullscreen attribute specified, and whose - node document has the fullscreen enabled flag set, then set - document's fullscreen enabled flag.

        • +

      • If document's browsing context is a + nested browsing context, then: the flags set on the browsing context's + parent browsing context's active document's active sandboxing + flag set.

        • -

      • If document's browsing context has a - browsing context container that is an iframe element with an allowusermedia attribute specified, and whose - node document has the user media enabled flag set, then set - document's user media enabled flag.

        • -
    +

  4. The flags set on document's resource's forced sandboxing flag set, + if it has one.

    5. +