Refer to feature policy spec (#107)

clelland · foolip · commit 97ff61868192 · 2018-07-11T16:18:29.000+02:00
This change defines Fullscreen as a policy-controlled feature, referencing the feature policy spec. It makes use of the currently- monkey-patched "Allowed to use" algorithm in HTML to allow the document's policy to control whether an element is permitted to go fullscreen. Fixes: #106 Tests: #107 (comment)
diff --git a/fullscreen.bs b/fullscreen.bs
@@ -204,8 +204,8 @@ if all of the following are true, and false otherwise:
 <ul>
  <li><p><var>element</var> is <a>connected</a>.
 
- <li><p><var>element</var>'s <a>node document</a> is <a>allowed to use</a> the feature indicated by
- attribute name <code>allowfullscreen</code>.
+ <li><p><var>element</var>'s <a>node document</a> is <a>allowed to use</a> the "<code><a
+ data-lt="fullscreen-feature">fullscreen</a></code>" feature.
  <!-- cross-process, recursive -->
 </ul>
 
@@ -310,8 +310,9 @@ these steps:
 exercise to the reader. Input welcome on potential improvements.
 
 <p>The <dfn attribute for=Document><code>fullscreenEnabled</code></dfn> attribute's getter must
-return true if the <a>context object</a> is <a>allowed to use</a> the feature indicated by attribute
-name <code>allowfullscreen</code> and <a>fullscreen is supported</a>, and false otherwise.
+return true if the <a>context object</a> is <a>allowed to use</a> the "<code><a
+data-lt="fullscreen-feature">fullscreen</a></code>" feature and <a>fullscreen is supported</a>, and
+false otherwise.
 
 <p>The <dfn attribute for=Document><code>fullscreen</code></dfn> attribute's getter must return
 false if <a>context object</a>'s <a>fullscreen element</a> is null, and true otherwise.
@@ -629,6 +630,25 @@ iframe:fullscreen {
 
 
 
+<h2 id=feature-policy-integration>Feature Policy Integration</h2>
+
+<p>This specification defines a <a>policy-controlled feature</a> identified by the string
+"<code><dfn data-lt="fullscreen-feature">fullscreen</dfn></code>". Its <a>default allowlist</a> is
+<code>'self'</code>.
+
+<div class="note">
+<p>A <a>document</a>'s <a>feature policy</a> determines whether any content in that document is allowed to
+go fullscreen. If disabled in any document, no content in the document will be <a>allowed to use</a>
+fullscreen.
+
+<p>The <{iframe/allowfullscreen}> attribute of the HTML <{iframe}> element affects the <a>container
+policy</a> for any document nested in that iframe. Unless overridden by the <{iframe/allow}>
+attribute, setting <{iframe/allowfullscreen}> on an iframe is equivalent to <code>&lt;iframe
+allow="fullscreen *"&gt;</code>, as described in
+[[FEATURE-POLICY#iframe-allowfullscreen-attribute]].
+</div>
+
+
 <h2 id=security-and-privacy-considerations>Security and Privacy Considerations</h2>
 
 <p>User agents should ensure, e.g. by means of an overlay, that the end user is aware something is
@@ -638,8 +658,12 @@ user agent or even operating system environment when fullscreen. See also the de
 {{Element/requestFullscreen()}}.
 
 <p>To enable content in a <a>nested browsing context</a> to go fullscreen, it needs to be
-specifically allowed via the <code>allowfullscreen</code> attribute of the HTML <{iframe}> element.
-This prevents e.g. content from third parties to go fullscreen without explicit permission.
+specifically allowed via feature policy, either through the <{iframe/allowfullscreen}> attribute of
+the HTML <{iframe}> element, or an appropriate declaration in the <{iframe/allow}> attribute of the
+HTML <{iframe}> element, or through a `<a http-header><code>Feature-Policy</code></a>` HTTP header
+delivered with the <a>document</a> through which it is nested.
+
+<p>This prevents e.g. content from third parties to go fullscreen without explicit permission.
 
 
 
@@ -655,6 +679,7 @@ Darin Fisher,
 <i>fantasai</i>,
 Giuseppe Pascale,
 Glenn Maynard,
+Ian Clelland,
 Ian Hickson,
 Ignacio Solla,
 João Eiras,
