Add an iframe permissions= attribute for implementing permission delegation

third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp

Index: third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
diff --git a/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp b/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
index 61b06a393572f1e03d12b0c31684176cb9adc66a..f2504d24da24ee7e1b521a6464464f8417e2218a 100644
--- a/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
+++ b/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
@@ -33,12 +33,59 @@
 
 namespace blink {
 
+namespace {
+
+class SandboxObserver : public GarbageCollected<SandboxObserver>, public DOMTokenListObserver {
+    USING_GARBAGE_COLLECTED_MIXIN(SandboxObserver);
+public:
+    SandboxObserver(HTMLIFrameElement* element) : m_element(element) {}
+
+    void valueWasSet() override
+    {
+        m_element->sandboxValueWasSet();
+    }
+
+    DEFINE_INLINE_VIRTUAL_TRACE()
+    {
+        visitor->trace(m_element);
+        DOMTokenListObserver::trace(visitor);
+    }
+
+private:
+    Member<HTMLIFrameElement> m_element;
+};
+
+class PermissionsObserver : public GarbageCollected<PermissionsObserver>, public DOMTokenListObserver {
+    USING_GARBAGE_COLLECTED_MIXIN(PermissionsObserver);
+public:
+    PermissionsObserver(HTMLIFrameElement* element) : m_element(element)
+    {
+    }
+
+    void valueWasSet() override
+    {
+        m_element->permissionsValueWasSet();
+    }
+
+    DEFINE_INLINE_VIRTUAL_TRACE()
+    {
+        visitor->trace(m_element);
+        DOMTokenListObserver::trace(visitor);
+    }
+
+private:
+    Member<HTMLIFrameElement> m_element;
+};
+
+} // namespace
+
 using namespace HTMLNames;
 
 inline HTMLIFrameElement::HTMLIFrameElement(Document& document)
     : HTMLFrameElementBase(iframeTag, document)
     , m_didLoadNonEmptyDocument(false)
-    , m_sandbox(HTMLIFrameElementSandbox::create(this))
+    , m_sandbox(HTMLIFrameElementSandbox::create(new SandboxObserver(this)))
+    , m_permissions(HTMLIFrameElementPermissions::create(new PermissionsObserver(this)))
     , m_referrerPolicy(ReferrerPolicyDefault)
 {
 }
@@ -48,8 +95,8 @@ DEFINE_NODE_FACTORY(HTMLIFrameElement)
 DEFINE_TRACE(HTMLIFrameElement)
 {
     visitor->trace(m_sandbox);
+    visitor->trace(m_permissions);
     HTMLFrameElementBase::trace(visitor);
-    DOMTokenListObserver::trace(visitor);
 }
 
 HTMLIFrameElement::~HTMLIFrameElement()
@@ -61,6 +108,11 @@ DOMTokenList* HTMLIFrameElement::sandbox() const
     return m_sandbox.get();
 }
 
+DOMTokenList* HTMLIFrameElement::permissions() const
+{
+    return m_permissions.get();
+}
+
 bool HTMLIFrameElement::isPresentationAttribute(const QualifiedName& name) const
 {
     if (name == widthAttr || name == heightAttr || name == alignAttr || name == frameborderAttr)
@@ -109,6 +161,8 @@ void HTMLIFrameElement::parseAttribute(const QualifiedName& name, const AtomicSt
         m_allowFullscreen = !value.isNull();
         if (m_allowFullscreen != oldAllowFullscreen)
             frameOwnerPropertiesChanged();
+    } else if (name == permissionsAttr) {
+        m_permissions->setValue(value);
     } else {
         if (name == srcAttr)
             logUpdateAttributeIfIsolatedWorldAndInDocument("iframe", srcAttr, oldValue, value);
@@ -147,7 +201,17 @@ bool HTMLIFrameElement::isInteractiveContent() const
     return true;
 }
 
-void HTMLIFrameElement::valueWasSet()
+void HTMLIFrameElement::permissionsValueWasSet()

[dominicc (has gone to gerrit), 2016/06/17 04:55:06]

Um, I might have missed something but it looks like you're actually shipping
this feature when it is accessed by setAttribute.

Could you add a layout test to webexposed that checks that setting the
permissions attribute with setAttribute doesn't have any special side effects,
like printing console messages?

I hope/assume that nothing is using m_delegatedPermissions without testing that
the runtime enabled feature is actually enabled. It looks like there's an ==
operator that might consult it; what does that do?

[raymes, 2016/06/22 06:43:32]

Thanks for catching this - I had assumed that something would automatically
handle this when I added the annotation (as with JS access) but I guess not
(sorry I haven't done much in blink).
Done.
No nothing is actually using this. The equality operator is just for checking
whether to propagate changes, but they won't be used for anything. In another CL
I will be using this stuff in the chrome side but there will be a flag check for
that. I've added in a flag check here too and a webexposed test.

+{
+    String invalidTokens;
+    m_delegatedPermissions = m_permissions->parseDelegatedPermissions(invalidTokens);
+    if (!invalidTokens.isNull())
+        document().addConsoleMessage(ConsoleMessage::create(OtherMessageSource, ErrorMessageLevel, "Error while parsing the 'permissions' attribute: " + invalidTokens));
+    setSynchronizedLazyAttribute(permissionsAttr, m_permissions->value());
+    frameOwnerPropertiesChanged();
+}
+
+void HTMLIFrameElement::sandboxValueWasSet()
 {
     String invalidTokens;
     setSandboxFlags(m_sandbox->value().isNull() ? SandboxNone : parseSandboxPolicy(m_sandbox->tokens(), invalidTokens));