This PR patches that so that the permissions that are set when a fenced frame loads are only the permissions in the "effective enabled permissions". This will ensure that all the permissions required to load are set (since that is checked at navigation time), but will not allow extra permissions to be enabled (including permissions set in the allow attribute of the fenced frame).
The current permisisons policy spec patches correctly have the load blocking algorithm where we won’t load a fenced frame if any of the effective enabled permissions are not set. The patches do not, however, handle setting the permissions policies correctly. The spec allows the create a permissions policy algorithm to simply inherit from its embedder, which allows for information to leak across a fenced boundary.
This PR patches that so that the permissions that are set when a fenced frame loads are only the permissions in the "effective enabled permissions". This will ensure that all the permissions required to load are set (since that is checked at navigation time), but will not allow extra permissions to be enabled (including permissions set in the
allowattribute of the fenced frame).See document for more information.
Preview | Diff