New issue
Advanced search Search tips

Issue 729658 link

Starred by 1 user
Status: Fixed
Owner:
iclell...@chromium.org
Closed: Jun 2017
Cc:
loonyb...@chromium.org
foolip@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 3
Type: Bug

Blocking:
issue 666761



Sign in to add a comment

Feature Policy code doesn't distinguish between frame owner types

Project Member Reported by iclell...@chromium.org, Jun 5 2017 
Feature policy container policies may be different depending on the type of frame owner. Current code doesn't care, and constructs container policies identically regardless of frame owner type.

 -- Within <frame> tags, fullscreen needs to be disabled regardless of declared policy. (See spec at https://fullscreen.spec.whatwg.org/#model)
 -- Iframes support additional attributes which other frame owner elements do not.

Comment 1 by lunalu@chromium.org, Jun 12 2017

Cc: -lunalu@chromium.org loonyb...@chromium.org

Comment 2 by brucedaw...@chromium.org, Jun 13 2017 

For some reason this got applied to  crbug.com/683729  instead of to this bug, so I'm manually copying it over to the correct bug.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/53ecf9341f32b7f3746e6f721da9d4dc6839fb98

commit 53ecf9341f32b7f3746e6f721da9d4dc6839fb98
Author: iclelland <iclelland@chromium.org>
Date: Tue Jun 13 21:45:02 2017

Move container policy logic to frame owner classes.

This specifically allows <frame> tags to have an exemption from supporting the
Fullscreen API, even in same-origin contexts, and even when the declared policy
would otherwise enable Fullscreen.

BUG= 729658 

Review-Url: https://codereview.chromium.org/2923563003
Cr-Commit-Position: refs/heads/master@{#479165}

[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/BUILD.gn
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/html/HTMLFrameElement.cpp
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/html/HTMLFrameElement.h
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/html/HTMLFrameElementBase.h
[add] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/html/HTMLFrameElementTest.cpp
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/html/HTMLIFrameElement.h
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/html/HTMLIFrameElementTest.cpp
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/core/html/HTMLPlugInElement.h
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h
[modify] https://crrev.com/53ecf9341f32b7f3746e6f721da9d4dc6839fb98/third_party/WebKit/Source/platform/feature_policy/FeaturePolicyTest.cpp

Comment 3 by iclell...@chromium.org, Jun 22 2017

Status: Fixed (was: Started)

Sign in to add a comment