Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Elaborate on FencedFrameConfig #67

Merged
merged 42 commits into from
Apr 18, 2023
Merged

Elaborate on FencedFrameConfig #67

Changes from 1 commit
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
253c468
in progress
Apr 6, 2023
7a8c42c
config skeleton
Apr 7, 2023
6c88d0e
add config instance
Apr 7, 2023
652b055
fix indent error
Apr 7, 2023
eb4b785
move things around
Apr 7, 2023
fe49697
Dfn style
domfarolino Apr 7, 2023
d4314ce
reformat
Apr 7, 2023
b0230c8
more
Apr 7, 2023
82d464d
describe nested configs instantiation
Apr 7, 2023
95e5cda
more
Apr 10, 2023
be5bb1f
intro summary text
Apr 10, 2023
166bff4
change config instantiation formatting
Apr 10, 2023
0d24a58
move TODO to github issue
Apr 10, 2023
06ee8f5
more
Apr 10, 2023
ac16848
more
Apr 11, 2023
98aa564
fix compile error?
Apr 11, 2023
214e86b
100 max column width
Apr 11, 2023
e86d78a
elaborate on fenced frame config mapping
Apr 12, 2023
4a2d08e
describe fenced frame config mapping
Apr 12, 2023
3269b83
fix urn uuids]
Apr 12, 2023
cb828dc
update algorithm def
Apr 12, 2023
d417e29
add error check boilerplate for window.fence apis
Apr 13, 2023
218fdd1
finish description of getNestedConfigs
Apr 13, 2023
51b819e
add nested config mapping
Apr 13, 2023
767a341
boilerplate for reportevent and automatic beacons
Apr 13, 2023
f388f39
update Fence getter + blurb
Apr 13, 2023
fb0c9d9
add some types and format todos
Apr 13, 2023
82cba61
fix reportevent
Apr 13, 2023
eff0092
elaborate on exfiltration budget metadata
Apr 13, 2023
f8463bb
Dom cleanup
domfarolino Apr 14, 2023
e9cd240
remove unnecessary exports
Apr 14, 2023
a69e4d0
address more comments
Apr 14, 2023
ba85f30
change * to |
Apr 14, 2023
1118d60
update config mapping lookup algorithm
Apr 14, 2023
900d922
small fixes
Apr 14, 2023
36f45db
update redact config signature
Apr 14, 2023
6a0a43b
address more comments
Apr 14, 2023
1fbcbd4
address comments
Apr 17, 2023
640b841
change visibilities
Apr 17, 2023
208b004
use map/key and map/value
Apr 17, 2023
9755313
Small type adjustments, TODOs, and style
domfarolino Apr 17, 2023
656609f
Assert mapped_url is non-null
domfarolino Apr 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 29 additions & 15 deletions spec.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -418,12 +418,14 @@ collection of fields that can be loaded into <{fencedframe}> elements and that s
resulting environments. [=Fenced frame configs=] can only be constructed by web platform APIs, not
initialized or modified arbitrarily. Their fields also contain "[=visibilities=]", which dictate
whether the field should be "redacted" when inspected through the {{FencedFrameConfig}} interface.
Config-generating APIs must specify values for all fields of their fenced frame configs in order to
ensure that they have considered the privacy implications of each field, though they may choose to
set the values to null.
Config-generating APIs (like <a href=https://wicg.github.io/turtledove/>FLEDGE</a> and <a
href=https://wicg.github.io/shared-storage/>Shared Storage</a>) must specify values for all fields
of their fenced frame configs in order to ensure that they have considered the privacy implications
of each field, though they may choose to set the values to null.

Each time a fenced frame config is loaded into a <{fencedframe}> element, it is instantiated as a
new [=fenced frame config instance=], which governs that particular context.
Each time a <{fencedframe}> navigates to a [=fenced frame config=], it is instantiated as a new
[=fenced frame config instance=], which governs that particular context inside the [=fenced
navigable container/fenced navigable=].

<h4 id=fenced-frame-config-struct>The [=fenced frame config=] [=struct=]</h4>

Expand All @@ -443,9 +445,11 @@ An <dfn export for=fencedframetype>interest group descriptor</dfn> is a struct w
for="interest group descriptor">owner</dfn>, which is a string, and <dfn export for="interest group
descriptor">name</dfn>, which is a string.

An <dfn export for=fencedframetype>exhaustive set of sandbox flags</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
An <dfn export for=fencedframetype>exhaustive set of sandbox flags</dfn> is a [=sandboxing flag
set=].

An <dfn export for=fencedframetype>exhaustive set of permissions</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
An <dfn export for=fencedframetype>exhaustive set of permissions</dfn> is a [=list=] of
[=policy-controlled features=].

A <dfn export for=fencedframetype>fenced frame reporter</dfn> is <span class=XXX>TODO: Specify the type for this.</span>

Expand All @@ -470,7 +474,7 @@ A <dfn export for=fencedframetype>fenced frame reporter</dfn> is <span class=XXX
An <dfn export for=fencedframetype>exfiltration budget metadata</dfn> is a struct containing an
<dfn export for="exfiltration budget metadata">origin</dfn>, which is an [=origin=]; and an <dfn
export for="exfiltration budget metadata">amount to debit</dfn>, which is a non-negative valid
floating point number <span class=XXX>TODO: ref to float</span>.
floating point number.

An <dfn export for=fencedframetype>exfiltration budget metadata reference</dfn> is a struct
containing an <dfn export for="exfiltration budget metadata reference">origin</dfn>, which is an
Expand All @@ -480,7 +484,10 @@ reference</dfn>, which is a mutable reference to a non-negative valid floating p

An <dfn export for=fencedframetype>embedder shared storage context</dfn> is a string.

A <dfn export>partition nonce</dfn> is <span class=XXX>TODO: Specify the type for this.</span>
A <dfn export>partition nonce</dfn> is an [=implementation-defined=] value.

Note: This is similar to the <a href=https://fetch.spec.whatwg.org/#network-partition-key>network
partition key</a> used by <a href=https://fetch.spec.whatwg.org/>Fetch</a>.

A <dfn export>fenced frame config</dfn> is a struct with the following [=struct/items=]:

Expand Down Expand Up @@ -650,7 +657,7 @@ A <dfn export>fenced frame config instance</dfn> is a struct with the following
frame config=]. <span class=XXX>TODO: Write this in the proper syntax</span>

: [=fenced frame config instance/partition nonce=]
:: a random [=partition nonce=] <span class=XXX>TODO: Specify what this means</span>
:: a random, unique [=partition nonce=]

: [=fenced frame config instance/embedder shared storage context=]
:: |config|'s [=fenced frame config/embedder shared storage context=]
Expand Down Expand Up @@ -681,6 +688,9 @@ maps to an internal [=fenced frame config=] [=struct=].

Issue: Fix the "indistinguishable" IDL bug with the unions above.</span>

Each {{FencedFrameConfig}} has a <dfn for=fencedframeconfig>url</dfn>, which is a [=URL=] or null,
domfarolino marked this conversation as resolved.
Show resolved Hide resolved
initially null.

1. <span class=XXX>TODO: add more fields to {{FencedFrameConfig}}</span>

<div algorithm="url getter">
Expand Down Expand Up @@ -742,6 +752,9 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
1. Let |instance| be [=this=]'s [=relevant global object=]'s [=associated Document=]'s [=node
navigable=]'s [=navigable/traversable navigable=]'s [=fenced frame config instance=].

<span class=XXX>This and the below references should point to an actual member on [=traversable
navigable=], not just the type.</span>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I put this as a TODO here that we should follow-up on quickly, but feel free to address this before we land if you want. Basically I think inside this section we should introduce a new member called "fenced frame config instance" or whatever is similar to what we have on DocumentLoader where this can live. That way here and elsewhere we have a concrete thing to initialize, assign, and address wherever we need.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree. Where should it live? If we didn't have to deal with urn iframes I think it could just be attached to the fenced content navigable or whatever, but we probably have to attach it to the root.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That reminds me: this part about fenced frame config mappings is probably wrong for urn iframes (though it is wrong in the same way that our implementation is "wrong"):

Each [=traversable navigable=] has a <dfn for="traversable navigable" export>fenced frame config
mapping</dfn>, which is a new [=fenced frame config mapping=].

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the fenced navigable is indeed a traversable navigable, per https://wicg.github.io/fenced-frame/#fenced-navigable-container-fenced-navigable. That's the root, essentially content::Page / content::FencedFrame so the member should probably live there, and iframes can climb the tree to reference it. That's basically what the implementation does, right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The config mapping does go in the Page in the implementation, but that is semi-broken for urn iframes because it means that you can load configs that shouldn't really be in scope (e.g., you can in principle take a single urn and then create arbitrarily deep nested urn iframes using that urn).

The config instance goes in the root FTN in the implementation because it's more important for that degeneracy not to exist there. But when urn iframes are gone, it would go in the FrameTree. (Maybe the config mapping should also go there.)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yeah... hmm OK I think for now we should make it a normal member of "navigable" (basically FTN) with some strong Note saying that once URN iframes are gone this will exclusively live on "traversable navigable".


1. If |instance| is null, then return.

1. If |instance|'s [=fenced frame config instance/mapped url=] is null, then the behavior is
Expand All @@ -760,7 +773,8 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
</div>

<div algorithm>
The <dfn method for=Fence>setReportEventDataForAutomaticBeacons(<var ignore>event</var>)</dfn> method steps are:
The <dfn method for=Fence>setReportEventDataForAutomaticBeacons(<var ignore>event</var>)</dfn>
method steps are:

1. Let |instance| be [=this=]'s [=relevant global object=]'s [=associated Document=]'s [=node
navigable=]'s [=navigable/traversable navigable=]'s [=fenced frame config instance=].
Expand Down Expand Up @@ -795,12 +809,12 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.

1. If |instance|'s [=fenced frame config instance/nested configs=] is null, then return.

1. Let |results| be a sequence of {{FencedFrameConfig}}s.
1. Let |results| be an empty [=list=] of {{FencedFrameConfig}}s.

1. For each [=urn uuid=] |urn| and [=fenced frame config=] |config| in |instance|'s
[=fenced frame config instance/nested configs=]:
1. [=map/For each=] |urn| |config| of |instance|'s [=fenced frame config instance/nested
configs=]:

1. <span class="XXX"> construct a {{FencedFrameConfig}} from |config| and |urn|</span>.
1. <span class="XXX">TODO: construct a {{FencedFrameConfig}} from |config| and |urn|</span>.

1. Return |results|.
</div>
Expand Down