forked from WICG/fenced-frame
-
Notifications
You must be signed in to change notification settings - Fork 0
/
spec.bs
242 lines (200 loc) · 9.1 KB
/
spec.bs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
<pre class="metadata">
Title: Fenced frame
Shortname: fenced-frame
Repository: WICG/fenced-frame
Inline Github Issues: true
Group: WICG
Status: CG-DRAFT
Level: 1
URL: https://wicg.github.io/fenced-frame/
Boilerplate: omit conformance, omit feedback-header
Editor: Dominic Farolino, Google https://www.google.com/, [email protected], https://domfarolino.com
Abstract: The fenced frame enforces a boundary between the embedding page and the cross-site embedded document such that user data visible to the two sites is not able to be joined together.
!Participate: <a href="https://github.com/WICG/fenced-frame">GitHub WICG/fenced-frame</a> (<a href="https://github.com/WICG/fenced-frame/issues/new">new issue</a>, <a href="https://github.com/WICG/fenced-frame/issues?state=open">open issues</a>)
!Commits: <a href="https://github.com/WICG/fenced-frame/commits/main/spec.bs">GitHub spec.bs commits</a>
Complain About: accidental-2119 yes, missing-example-ids yes
Indent: 2
Default Biblio Status: current
Markup Shorthands: markdown yes
Assume Explicit For: yes
</pre>
<pre class="link-defaults">
</pre>
<pre class="anchors">
spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
type: dfn
text: categories; url: dom.html#concept-element-categories
text: contexts in which this element can be used; url: dom.html#concept-element-contexts
text: embedded content; url: dom.html#embedded-content-category
text: content model; url: dom.html#concept-element-content-model
text: nothing; url: dom.html#concept-content-nothing
text: content attributes; url: dom.html#concept-element-attributes
text: global attributes; url: dom.html#global-attributes
text: dom interface; url: dom.html#concept-element-dom
text: accessibility considerations; url: dom.html#concept-element-accessibility-considerations
text: reflect; url: common-dom-interfaces.html#reflect
text: width; url: embedded-content-other.html#attr-dim-width
text: height; url: embedded-content-other.html#attr-dim-height
</pre>
<style>
.selected-text-file-an-issue {
position: fixed;
bottom: 0;
right: 0;
background: rgba(255, 255, 255, 0.8);
font-size: smaller;
padding: 4px 10px;
z-index: 4;
}
dfn var {
font-style: italic;
}
table {
margin: 1em 0;
}
/* WHATWG-style <hr>s, instead of WICG-style. Specific selector is necessary to override WICG styles. */
:not(.head) > :not(.head) + hr {
display: block;
background: none;
border: none;
padding: 0;
margin: 3em 0;
height: auto;
}
:not(.head) > :not(.head) + hr::before {
content: none;
}
/* WHATWG-style element definition class */
.element {
background: #EEFFEE;
}
dt {
margin-top: 12px;
color: black;
}
dl, dd {
padding-left: .5em;
}
/* domintro from https://resources.whatwg.org/standard.css */
.domintro {
position: relative;
color: green;
background: #DDFFDD;
margin: 2.5em 0 2em 0;
padding: 1.5em 1em 0.5em 2em;
}
.domintro dt, .domintro dt * {
color: black;
font-size: inherit;
}
.domintro dd {
margin: 0.5em 0 1em 2em; padding: 0;
}
.domintro dd p {
margin: 0.5em 0;
}
.domintro::before {
content: 'For web developers (non-normative)';
background: green;
color: white;
padding: 0.15em 0.25em;
font-style: normal;
position: absolute;
top: -0.8em;
left: -0.8em;
}
/* .XXX from https://resources.whatwg.org/standard.css */
.XXX {
color: #D50606;
background: white;
border: solid #D50606;
}
</style>
<script src="https://resources.whatwg.org/file-issue.js" async></script>
<h2 id=the-fencedframe-element>The <dfn element>fencedframe</dfn> element</h2>
<dl class="element">
<dt>[=Categories=]:</dt>
<dd>[=Flow content=].</dd>
<dd>[=Phrasing content=].</dd>
<dd>[=Embedded content=].</dd>
<dd>[=Interactive content=].</dd>
<dd>[=Palpable content=].</dd>
<dt>[=Contexts in which this element can be used=]:</dt>
<dd>Where [=embedded content=] is expected.</dd>
<dt>[=Content model=]:</dt>
<dd>[=Nothing=].</dd>
<dt>[=Content attributes=]:</dt>
<dd>[=Global attributes=]</dd>
<dd><{fencedframe/src}> — Address of the resource</dd>
<dd><code>[=width=]</code> — Horizontal dimension</dd>
<dd><code>[=height=]</code> — Vertical dimension</dd>
<dt>[=Accessibility considerations=]:</dt>
<dd><p class=XXX>TODO</p></dd>
<dt>[=DOM interface=]:</dt>
<dd>
<xmp class=idl>
[Exposed=Window]
interface HTMLFencedFrameElement : HTMLElement {
[HTMLConstructor] constructor();
[CEReactions] attribute USVString src;
[CEReactions] attribute DOMString width;
[CEReactions] attribute DOMString height;
};
</xmp>
</dd>
</dl>
The <{fencedframe}> element represents a <span class=XXX>TODO: Wire up the browsing context "mode" that is being worked on in <a href=https://wicg.github.io/nav-speculation/prerendering.html#prerendering-bcs-subsection>WICG/nav-speculation</a> so we can have something like a nested top-level browsing context.</span>
The <dfn element-attr for=fencedframe>src</dfn> attribute <span class=XXX>TODO</span>.
The {{HTMLFencedFrameElement/src}} IDL attribute must [=reflect=] the respective content attribute of the same name.
<h3 id=dimension-attributes>Dimension attributes</h3>
This section details monkeypatches to [[!HTML]]'s <a href="https://html.spec.whatwg.org/multipage/embedded-content-other.html#dimension-attributes">Dimension attributes</a> section. This section will be updated to include <{fencedframe}> in the list of elements that the <code>[=width=]</code> and <code>[=height=]</code> dimension attributes apply to.
<h3 id=new-csp-directive>New fenced-frame-src [[!CSP]] [=directive=]</h3>
Fenced frames are a different element from an iframe. Therefore, using the <b><i>[=frame-src=]</i></b> directive wouldn't give web sites enough control over their CSP rules. Introduce a new [[!CSP]] [=directive=]: <b><i>fenced-frame-src</i></b>. The monkey-patched specification is printed below:
<h4 id="directive-fenced-frame-src">`fenced-frame-src`</h4>
The <dfn>fenced-frame-src</dfn> directive restricts the URLs which may be loaded into
a <span class="XXX">TODO: create a new browsing context, nested navigable, to be used here instead of the <a>nested browsing context</a> that is currently in use for other request destinations</span>. The syntax for the directive's name and value
is described by the following ABNF:
<pre>
directive-name = "fenced-frame-src"
directive-value = <a grammar>serialized-source-list</a>
</pre>
<div id="fenced-frame-src-example" class="example">
Given a page with the following Content Security Policy:
<pre>
<a http-header>Content-Security-Policy</a>: <a>fenced-frame-src</a> https://example.com/
</pre>
Fetches for the following code will return a [=network error=], as the URL
provided does not match `fenced-frame-src`'s <a>source list</a>:
<pre highlight="html">
<fencedframe src="https://example.org/">
</fencedframe>
</pre>
</div>
The <a href="https://w3c.github.io/webappsec-csp/#frame-src-pre-request">Pre-request check</a> and <a href="https://w3c.github.io/webappsec-csp/#frame-src-post-request">Post-request check</a> will be the same as the <a href="https://w3c.github.io/webappsec-csp/#directive-frame-src">frame-src</a>'s check.
<h4 id="default-src-amendment">Amending [=default-src=]</h4>
The [=default-src=] directive's Example 7 and Example 8 will be amended. Where it says:
<pre>
<a http-header>Content-Security-Policy</a>: <a>connect-src</a> <a grammar>'self'</a>;
...
<a>worker-src</a> <a grammar>'self'</a>
</pre>
It will now say:
<pre>
<a http-header>Content-Security-Policy</a>: <a>connect-src</a> <a grammar>'self'</a>;
...
<a>fenced-frame-src</a> <a grammar>'self'</a>;
...
<a>worker-src</a> <a grammar>'self'</a>
</pre>
<h4 id="fallback-list-amendment"> Amending The Directive Fallback List</h4>
In the <a href="https://w3c.github.io/webappsec-csp/#directive-fallback-list">directive fallback list</a>, in step 1, add a new entry to the list:
: "`fenced-frame-src`"
::
1. Return `<< "fenced-frame-src", "frame-src", "child-src", "default-src" >>`.
<h3 id=new-request-destination>New fencedframe [=request=] [=request/destination=]</h3>
Every distinct element should have its own request destination to allow for special handling when making requests (fenced frame request behavior deviates from iframe behavior in enough ways to justify having a separate destination). Update the associated request [=request/destination=] list to include a new entry, "<code>fencedframe</code>". It will have the [=request/initiator=] "", the CSP directive <code>fenced-frame-src</code>, and the features HTML's <code><fencedframe></code>.
Add "<code>fencedframe</code>" to the [=non-subresource request=] list and to the [=navigation request=] list.
Add "<code>fencedframe</code>" to the {{RequestDestination}} enum.
In the [=fetch=] algorithm, step 13.2, where it says:
> A user agent should set value to the first matching statement, if any, switching on request’s [=request/destination=]:
Add "<code>fencedframe</code>" to the switch cases alongside "<code>document</code>", "<code>frame</code>", and "<code>iframe</code>".