Initial Implementation of Iframe Attribute for Feature Policy (Part 4)

third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp

Index: third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp
diff --git a/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp b/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp
index dfd49ab048e6bb220a28780cf7cafeabb6b5bac9..a8308a5bd70944c0282f722901862b39524c495e 100644
--- a/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp
+++ b/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp
@@ -12,6 +12,26 @@
 
 namespace blink {
 
+namespace {
+
+void AddAllowFeatureToList(
+    WebFeaturePolicyFeature feature,
+    Vector<WebParsedFeaturePolicyDeclaration>& whitelists) {
+  WebParsedFeaturePolicyDeclaration whitelist;
+  whitelist.feature = feature;
+  whitelist.matches_all_origins = true;
+  whitelists.push_back(whitelist);
+}
+
+void OverridePolicy(int index,
+                    Vector<WebParsedFeaturePolicyDeclaration>& whitelists,
+                    RefPtr<SecurityOrigin> origin) {
+  whitelists[index].matches_all_origins = false;
+  whitelists[index].origins = Vector<WebSecurityOrigin>(1UL, {origin});
+}
+
+}  // namespace
+
 WebParsedFeaturePolicy ParseFeaturePolicy(const String& policy,
                                           RefPtr<SecurityOrigin> origin,
                                           Vector<String>* messages) {
@@ -84,18 +104,45 @@ WebParsedFeaturePolicy ParseFeaturePolicy(const String& policy,
   return whitelists;
 }
 
-// TODO(lunalu): also take information of allowfullscreen and
-// allowpaymentrequest into account when constructing the whitelist.
 WebParsedFeaturePolicy GetContainerPolicyFromAllowedFeatures(
     const WebVector<WebFeaturePolicyFeature>& features,
+    bool allowfullscreen,
+    bool allowpayment,
     RefPtr<SecurityOrigin> origin) {
   Vector<WebParsedFeaturePolicyDeclaration> whitelists;
+  // If allowfullscreen attribute is present, enable the feature for all

[iclelland, 2017/04/25 17:19:55]

I still think we could make this simpler -- could it be structured something
like this? (this is extremely sketchy, but just the general outline):

bool override_payment = false;
bool override_fullscreen = false;
for (feature : features) {
  if (feature == kPayment) override_payment = true;
  if (feature == kFullscreen) override_fullscreen = true;
  // Add "allow" feature to whitelists for |origin| here
}
if (allowpayment && !override_payment) AddAllowFeatureToList(kPayment,
whitelists);
if (allowfullscreen && !override_fullscreen) AddAllowFeatureToList(kFullscreen,
whitelists);

+  // origins; similarly for allowpaymentrequest.
+  if (allowpayment)
+    AddAllowFeatureToList(WebFeaturePolicyFeature::kPayment, whitelists);
+  if (allowfullscreen)
+    AddAllowFeatureToList(WebFeaturePolicyFeature::kFullscreen, whitelists);
+  bool should_override_payment_policy = false;
+  bool should_override_fullscreen_policy = false;
   for (const WebFeaturePolicyFeature feature : features) {
+    // Container policy should override "allowfullscreen" and
+    // "allowpaymentrequest" policies.
+    if (allowpayment && feature == WebFeaturePolicyFeature::kPayment) {
+      should_override_payment_policy = true;
+      continue;
+    }
+    if (allowfullscreen && feature == WebFeaturePolicyFeature::kFullscreen) {
+      should_override_fullscreen_policy = true;
+      continue;
+    }
     WebParsedFeaturePolicyDeclaration whitelist;
     whitelist.feature = feature;
     whitelist.origins = Vector<WebSecurityOrigin>(1UL, {origin});
     whitelists.push_back(whitelist);
   }
+  if (should_override_payment_policy) {
+    OverridePolicy(0, whitelists, origin);
+  }
+  if (should_override_fullscreen_policy) {
+    // Index for fullscreen policy is 1 if payment policy exists in the
+    // whitelists; 0 otherwise.
+    OverridePolicy(allowpayment ? 1 : 0, whitelists, origin);
+  }
+
   return whitelists;
 }