Add an iframe permissions= attribute for implementing permission delegation

third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp

Index: third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
diff --git a/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp b/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
index 61b06a393572f1e03d12b0c31684176cb9adc66a..35e28708c5f0d2fbdfd684faf01bfe9dd0753374 100644
--- a/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
+++ b/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
@@ -39,6 +39,7 @@ inline HTMLIFrameElement::HTMLIFrameElement(Document& document)
     : HTMLFrameElementBase(iframeTag, document)
     , m_didLoadNonEmptyDocument(false)
     , m_sandbox(HTMLIFrameElementSandbox::create(this))
+    , m_permissions(HTMLIFrameElementPermissions::create(this))
     , m_referrerPolicy(ReferrerPolicyDefault)
 {
 }
@@ -48,6 +49,7 @@ DEFINE_NODE_FACTORY(HTMLIFrameElement)
 DEFINE_TRACE(HTMLIFrameElement)
 {
     visitor->trace(m_sandbox);
+    visitor->trace(m_permissions);
     HTMLFrameElementBase::trace(visitor);
     DOMTokenListObserver::trace(visitor);
 }
@@ -61,6 +63,11 @@ DOMTokenList* HTMLIFrameElement::sandbox() const
     return m_sandbox.get();
 }
 
+DOMTokenList* HTMLIFrameElement::permissions() const
+{
+    return m_permissions.get();
+}
+
 bool HTMLIFrameElement::isPresentationAttribute(const QualifiedName& name) const
 {
     if (name == widthAttr || name == heightAttr || name == alignAttr || name == frameborderAttr)
@@ -109,6 +116,8 @@ void HTMLIFrameElement::parseAttribute(const QualifiedName& name, const AtomicSt
         m_allowFullscreen = !value.isNull();
         if (m_allowFullscreen != oldAllowFullscreen)
             frameOwnerPropertiesChanged();
+    } else if (name == permissionsAttr) {
+        m_permissions->setValue(value);
     } else {
         if (name == srcAttr)
             logUpdateAttributeIfIsolatedWorldAndInDocument("iframe", srcAttr, oldValue, value);
@@ -149,6 +158,25 @@ bool HTMLIFrameElement::isInteractiveContent() const
 
 void HTMLIFrameElement::valueWasSet()
 {
+    // TODO(raymes): How can we distinguish between these two calls? Should we
+    // change DOMTokenListObserver to take a function pointer or to pass the
+    // DOMTokenList* to valueWasSet()?

[esprehn, 2016/06/01 05:05:57]

I think you want to split it into two observers instead? DOMTokenListObserver is
garbage collected, so you could create a SandboxObserver, and a
PermissionsObserver and as long as they have a Member<HTMLIframeElement> all the
lifetimes work out.

[raymes, 2016/06/06 06:48:29]

Done.

+    sandboxValueWasSet();
+    permissionsValueWasSet();
+}
+
+void HTMLIFrameElement::permissionsValueWasSet()
+{
+    String invalidTokens;
+    m_delegatedPermissions = m_permissions->parseDelegatedPermissions(invalidTokens);
+    if (!invalidTokens.isNull())
+        document().addConsoleMessage(ConsoleMessage::create(OtherMessageSource, ErrorMessageLevel, "Error while parsing the 'permissions' attribute: " + invalidTokens));
+    setSynchronizedLazyAttribute(permissionsAttr, m_permissions->value());
+    frameOwnerPropertiesChanged();
+}
+
+void HTMLIFrameElement::sandboxValueWasSet()
+{
     String invalidTokens;
     setSandboxFlags(m_sandbox->value().isNull() ? SandboxNone : parseSandboxPolicy(m_sandbox->tokens(), invalidTokens));
     if (!invalidTokens.isNull())