Initial Implementation of Iframe Attribute for Feature Policy (Part 4)

third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "platform/feature_policy/FeaturePolicy.h"
 
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/json/JSONValues.h"
 #include "platform/network/HTTPParsers.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "platform/wtf/PtrUtil.h"
 
 namespace blink {
 
+namespace {
+
+void AddAllowFeatureToList(
+    WebFeaturePolicyFeature feature,
+    Vector<WebParsedFeaturePolicyDeclaration>& whitelists) {
+  WebParsedFeaturePolicyDeclaration whitelist;
+  whitelist.feature = feature;
+  whitelist.matches_all_origins = true;
+  whitelists.push_back(whitelist);
+}
+
+void OverridePolicy(int index,
+                    Vector<WebParsedFeaturePolicyDeclaration>& whitelists,
+                    RefPtr<SecurityOrigin> origin) {
+  whitelists[index].matches_all_origins = false;
+  whitelists[index].origins = Vector<WebSecurityOrigin>(1UL, {origin});
+}
+
+}  // namespace
+
 WebParsedFeaturePolicy ParseFeaturePolicy(const String& policy,
                                           RefPtr<SecurityOrigin> origin,
                                           Vector<String>* messages) {
   return ParseFeaturePolicy(policy, origin, messages,
                             GetDefaultFeatureNameMap());
 }
 
 WebParsedFeaturePolicy ParseFeaturePolicy(const String& policy,
                                           RefPtr<SecurityOrigin> origin,
                                           Vector<String>* messages,
@@ skipping 29 matching lines @@
           messages->push_back("Whitelist is not an array of strings.");
         continue;
       }
 
       WebParsedFeaturePolicyDeclaration whitelist;
       whitelist.feature = feature;
       Vector<WebSecurityOrigin> origins;
       String target_string;
       for (size_t j = 0; j < targets->size(); ++j) {
         if (targets->at(j)->AsString(&target_string)) {
           if (DeprecatedEqualIgnoringCase(target_string, "self")) {

[iclelland, 2017/04/25 17:19:54]

Is there a simple replacement for the recently-deprecated method? I suppose we
could just lowercase target_string and then compare to 'self'; we'd just have to
make sure that the lowercasing method is utf8-safe

[lunalu1, 2017/04/25 18:31:42]

Replaced by EqualIgnoringASCIICase

             if (!origin->IsUnique())
               origins.push_back(origin);
           } else if (target_string == "*") {
             whitelist.matches_all_origins = true;
           } else {
             WebSecurityOrigin target_origin =
                 WebSecurityOrigin::CreateFromString(target_string);
             if (!target_origin.IsNull() && !target_origin.IsUnique())
               origins.push_back(target_origin);
           }
         } else {
           if (messages)
             messages->push_back("Whitelist is not an array of strings.");
         }
       }
       whitelist.origins = origins;
       whitelists.push_back(whitelist);
     }
   }
   return whitelists;
 }
 
-// TODO(lunalu): also take information of allowfullscreen and
-// allowpaymentrequest into account when constructing the whitelist.
 WebParsedFeaturePolicy GetContainerPolicyFromAllowedFeatures(
     const WebVector<WebFeaturePolicyFeature>& features,
+    bool allowfullscreen,
+    bool allowpayment,
     RefPtr<SecurityOrigin> origin) {
   Vector<WebParsedFeaturePolicyDeclaration> whitelists;
+  // If allowfullscreen attribute is present, enable the feature for all

[iclelland, 2017/04/25 17:19:55]

I still think we could make this simpler -- could it be structured something
like this? (this is extremely sketchy, but just the general outline):

bool override_payment = false;
bool override_fullscreen = false;
for (feature : features) {
  if (feature == kPayment) override_payment = true;
  if (feature == kFullscreen) override_fullscreen = true;
  // Add "allow" feature to whitelists for |origin| here
}
if (allowpayment && !override_payment) AddAllowFeatureToList(kPayment,
whitelists);
if (allowfullscreen && !override_fullscreen) AddAllowFeatureToList(kFullscreen,
whitelists);

+  // origins; similarly for allowpaymentrequest.
+  if (allowpayment)
+    AddAllowFeatureToList(WebFeaturePolicyFeature::kPayment, whitelists);
+  if (allowfullscreen)
+    AddAllowFeatureToList(WebFeaturePolicyFeature::kFullscreen, whitelists);
+  bool should_override_payment_policy = false;
+  bool should_override_fullscreen_policy = false;
   for (const WebFeaturePolicyFeature feature : features) {
+    // Container policy should override "allowfullscreen" and
+    // "allowpaymentrequest" policies.
+    if (allowpayment && feature == WebFeaturePolicyFeature::kPayment) {
+      should_override_payment_policy = true;
+      continue;
+    }
+    if (allowfullscreen && feature == WebFeaturePolicyFeature::kFullscreen) {
+      should_override_fullscreen_policy = true;
+      continue;
+    }
     WebParsedFeaturePolicyDeclaration whitelist;
     whitelist.feature = feature;
     whitelist.origins = Vector<WebSecurityOrigin>(1UL, {origin});
     whitelists.push_back(whitelist);
   }
+  if (should_override_payment_policy) {
+    OverridePolicy(0, whitelists, origin);
+  }
+  if (should_override_fullscreen_policy) {
+    // Index for fullscreen policy is 1 if payment policy exists in the
+    // whitelists; 0 otherwise.
+    OverridePolicy(allowpayment ? 1 : 0, whitelists, origin);
+  }
+
   return whitelists;
 }
 
 const FeatureNameMap& GetDefaultFeatureNameMap() {
   DEFINE_STATIC_LOCAL(FeatureNameMap, default_feature_name_map, ());
   if (default_feature_name_map.IsEmpty()) {
     default_feature_name_map.Set("fullscreen",
                                  WebFeaturePolicyFeature::kFullscreen);
     default_feature_name_map.Set("payment", WebFeaturePolicyFeature::kPayment);
     if (RuntimeEnabledFeatures::featurePolicyExperimentalFeaturesEnabled()) {
       default_feature_name_map.Set("vibrate",
                                    WebFeaturePolicyFeature::kVibrate);
       default_feature_name_map.Set("camera", WebFeaturePolicyFeature::kCamera);
       default_feature_name_map.Set("eme", WebFeaturePolicyFeature::kEme);

[iclelland, 2017/04/25 17:19:55]

This one is new with this CL -- ddorwin@ asked for the feature name string to be
spelled "encrypted-media" in https://github.com/WICG/feature-policy/issues/40 --
can you change it to that here?

       default_feature_name_map.Set("microphone",
                                    WebFeaturePolicyFeature::kMicrophone);
       default_feature_name_map.Set("speaker",
                                    WebFeaturePolicyFeature::kSpeaker);
       default_feature_name_map.Set("cookie",
                                    WebFeaturePolicyFeature::kDocumentCookie);
       default_feature_name_map.Set("domain",
                                    WebFeaturePolicyFeature::kDocumentDomain);
       default_feature_name_map.Set("docwrit",

[iclelland, 2017/04/25 17:19:55]

typo: "docwrite"

                                    WebFeaturePolicyFeature::kDocumentWrite);
       default_feature_name_map.Set("geolocation",
                                    WebFeaturePolicyFeature::kGeolocation);
       default_feature_name_map.Set("midi",
                                    WebFeaturePolicyFeature::kMidiFeature);
       default_feature_name_map.Set("notifications",
                                    WebFeaturePolicyFeature::kNotifications);
       default_feature_name_map.Set("push", WebFeaturePolicyFeature::kPush);
       default_feature_name_map.Set("sync-script",
                                    WebFeaturePolicyFeature::kSyncScript);
       default_feature_name_map.Set("sync-xhr",
                                    WebFeaturePolicyFeature::kSyncXHR);
       default_feature_name_map.Set("webrtc", WebFeaturePolicyFeature::kWebRTC);
     }
   }
   return default_feature_name_map;
 }
 
 }  // namespace blink