Update spec.bs

WICG · Aug 1, 2024 · a6ff9a6 · a6ff9a6
1 parent 7889258
commit a6ff9a6
Showing 1 changed file with 29 additions and 2 deletions.
diff --git a/spec.bs b/spec.bs
@@ -227,6 +227,10 @@ spec: permissions-policy; urlPrefix: https://w3c.github.io/webappsec-permissions
     text: the special value *; url: the-special-value
     text: permissions policy; url: permissions-policy
     text: policy directive; url: policy-directive
+    for: allowlist
+      text: src-origin; url: src-origin
+    for: declared policy
+      text: declarations; url: declared-policy-declarations
     for: permissions policy
       text: declared policy; url: permissions-policy-declared-policy
       text: inherited policy; url: permissions-policy-inherited-policy
@@ -2890,9 +2894,9 @@ content in the <{fencedframe}> or its embedder, exactly one of two things will h
 
 <div algorithm=create-and-initialize-document-patch>
   Modify [[!HTML]]'s [=create and initialize a Document object=] algorithm to insert one step after
-  step 2 that reads:
+  step 3 that reads:
 
-  3. If |navigationParams|'s [=navigation params/fenced frame config instance=] is not null:
+  4. If |navigationParams|'s [=navigation params/fenced frame config instance=] is not null:
 
     1. [=Assert=]: |browsingContext| does not equal |navigationParams|'s [=navigation
        params/navigable=]'s [=navigable/active browsing context=].
@@ -2909,6 +2913,10 @@ content in the <{fencedframe}> or its embedder, exactly one of two things will h
     1. Set |browsingContext|'s [=browsing context/fenced frame config instance=] to
        |navigationParams|'s [=navigation params/fenced frame config instance=].
 
+    1. Set |permissionsPolicy| to the result of running [=substitute the src-origin allowlist in
+       permissions declarations=] given |permissionsPolicy| and |navigationParams|'s [=navigation
+       params/fenced frame config instance=]'s [=fenced frame config/mapped url=]'s [=url/origin=].
+
   Add a new step after step 9 that reads:
 
   10. Let |automaticBeaconsAllowed| be the result of running [=header list/get a structured field
@@ -3409,7 +3417,26 @@ algorithms to achieve the outcomes described in the above explanatory content.
      and |origin| is [=same origin=] with |document|'s origin, return "Enabled".
 </div>
 
+<div algorithm>
+  To <dfn>substitute the src-origin allowlist in permissions declarations</dfn> given a
+  [=permissions policy=] |permissionsPolicy| and an [=url/origin=] |originToSubstitute|, run these
+  steps:
+
+  1. [=list/For each=] |feature| → |allowlist| of |permissionsPolicy|'s [=permissions
+     policy/declared policy=]'s [=declared policy/declarations=]:
+
+     1. If |allowlist|'s [=allowlist/src-origin=] is not null:
+
+        1. Set |allowlist|'s [=allowlist/src-origin=] to |originToSubstitute|.
+
+        1. Set |permissionsPolicy|'s [=permissions policy/declared policy=]'s [=declared
+           policy/declarations=][|feature|] to |allowlist|.
+
+  1. Return |permissionsPolicy|.
+</div>
+
 <wpt>
+  /fenced-frame/allow-attribute-src.https.html
   /fenced-frame/default-enabled-features-allow-all.https.html
   /fenced-frame/default-enabled-features-allow-none.https.html
   /fenced-frame/default-enabled-features-allow-self.https.html