Initial Implementation of Iframe Attribute for Feature Policy (Part 1)

third_party/WebKit/Source/core/html/HTMLIFrameElementAllow.cpp

Index: third_party/WebKit/Source/core/html/HTMLIFrameElementAllow.cpp
diff --git a/third_party/WebKit/Source/core/html/HTMLIFrameElementAllow.cpp b/third_party/WebKit/Source/core/html/HTMLIFrameElementAllow.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..6a3f0a64e53113de33a9cc67fa52b613d3223283
--- /dev/null
+++ b/third_party/WebKit/Source/core/html/HTMLIFrameElementAllow.cpp
@@ -0,0 +1,66 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "core/html/HTMLIFrameElementAllow.h"
+
+#include "core/html/HTMLIFrameElement.h"
+#include "platform/feature_policy/FeaturePolicy.h"
+
+using blink::WebFeaturePolicyFeature;
+
+namespace blink {
+
+HTMLIFrameElementAllow::HTMLIFrameElementAllow(HTMLIFrameElement* element)
+    : DOMTokenList(this), m_element(element) {}
+
+HTMLIFrameElementAllow::~HTMLIFrameElementAllow() {}
+
+DEFINE_TRACE(HTMLIFrameElementAllow) {
+  visitor->trace(m_element);
+  DOMTokenList::trace(visitor);
+  DOMTokenListObserver::trace(visitor);
+}
+
+HashSet<WebFeaturePolicyFeature>
+HTMLIFrameElementAllow::parseAllowedFeatureNames(
+    String& invalidTokensErrorMessage) const {
+  HashSet<WebFeaturePolicyFeature> allowedFeatureNames;
+  unsigned numTokenErrors = 0;
+  StringBuilder tokenErrors;
+  const SpaceSplitString& tokens = this->tokens();
+
+  for (size_t i = 0; i < tokens.size(); ++i) {
+    WebFeaturePolicyFeature feature =
+        FeaturePolicy::getWebFeaturePolicyFeature(tokens[i]);
+    if (feature == WebFeaturePolicyFeature::NotFound) {
+      tokenErrors.append(numTokenErrors ? ", '" : "\'");

[Rick Byers, 2017/02/09 20:59:59]

why escape the single-quote in one place but not the other?  AFAIK no escape is
necessary when inside double quotes like this.

This code is basically copied from the similar code for 'sandbox', right?  If
there an opportunity (here or elsewhere) to avoid the duplication and share some
common helper code somewhere?  If that's strictly more complicated than what
you've done then leaving it as-is is fine.  But whenever we copy/paste we should
ask ourselves if it really is the simplest way to express what we want.

[lunalu1, 2017/02/09 23:19:04]

Good point! We can have a helper function that process the error messages.

+      tokenErrors.append(tokens[i]);
+      tokenErrors.append('\'');
+      ++numTokenErrors;
+    } else {
+      allowedFeatureNames.insert(feature);
+    }
+  }
+
+  if (numTokenErrors) {
+    tokenErrors.append(numTokenErrors > 1 ? " are invalid feature names."
+                                          : " is an invalid feature name.");
+    invalidTokensErrorMessage = tokenErrors.toString();
+  }
+
+  return allowedFeatureNames;
+}
+
+bool HTMLIFrameElementAllow::validateTokenValue(const AtomicString& tokenValue,
+                                                ExceptionState&) const {
+  return FeaturePolicy::getWebFeaturePolicyFeature(tokenValue.getString()) !=
+         WebFeaturePolicyFeature::NotFound;
+}
+
+void HTMLIFrameElementAllow::valueWasSet() {
+  DCHECK(m_element);
+  m_element->allowValueWasSet();
+}
+
+}  // namespace blink