diff --git a/index.bs b/index.bs index 67afe7e..8a3a3e0 100644 --- a/index.bs +++ b/index.bs @@ -25,6 +25,8 @@ Markup Shorthands: css no, markdown yes
spec: ECMAScript; urlPrefix: https://tc39.github.io/ecma262/# + type: dfn + text: realm; url: sec-code-realms type: interface text: TypeError; url: sec-native-error-types-used-in-this-standard-typeerror spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/ @@ -39,12 +41,15 @@ spec: promises-guide; urlPrefix: https://www.w3.org/2001/tag/doc/promises-guide# spec: html type: dfn text: browsing context + text: current settings object text: environment settings object text: event handler text: event handler event type text: origin text: parent browsing context text: queue a task + text: same origin + text: the environment settings object's realm text: top-level browsing context spec: ui-events type: dfn @@ -369,33 +374,76 @@ spec: webidl- @@ -468,28 +544,7 @@ spec: webidl will be asking the user's permission if the caller tries to access the feature. The user might grant, deny or dismiss the request. -- Permission Store +
+ Permission Stores
- User agents MAY use a form of storage to - keep track of web site permissions. When they do, they MUST have a - permission storage identifier which is linked to a - {{PermissionStorage}} instance or one of its subtypes. -
-- To get a permission storage identifier for a - {{PermissionName}} name and an environment settings - object settings, the UA MUST return a tuple consisting - of: + A permission + store maps {{PermissionName}}s to instances of + {{PermissionStorage}} or one of its subtypes. A permission + store has one or more associated origins, and SHOULD + have only one. For example, when a user grants permission + for https://foo.com/ to use a capability, some browsers will also give + access to any origin with a domain ending in ".foo.com". This is discouraged + but allowed. +
++ The user agent MAY maintain any number of permission stores to + record what capabilities users have granted web sites permission to access. + If the UA maintains any permission stores, the UA MUST create a new + permission store for each realm and may create new + permission stores for other reasons, for example to serve a + particular origin or origin within a top-level browsing + context. The UA may initialize new permission stores as empty or + as a copy of the mappings of any other permission store associated + with the same origin.
--
+ +- - name -
-- - settings' origin -
-- optional UA-specific data like whether settings' - browsing context has a parent browsing context, or - settings' top-level browsing context's origin -
-+++ Different browsers provide different levels of persistence for + permissions. These can be modeled by different arrangements of permission + stores. +
++
+- + A browser that saves permissions persistently would create a + permission store for each origin and for each + realm. Each realm's store would be created as a copy of its + origin's store. create a permission storage entry would write to + the origin's store and all realms' stores with the same origin. +
+- + A browser that gives the user the option to save permissions + persistently or not, would also create a permission store for + each origin and for each realm. If the user chooses to + save the permission, this browser would behave as the one above. If the + user chooses not to save the permission, this browser would select no + stores at all in create a permission storage entry. +
+- + A browser that gives the user the option to save permissions + either persistently or just within the current realm, would also create + a permission store for each origin and for each + realm. If the user chooses to save the permission, this browser + would behave as the ones above. If the user chooses not to save the + permission, this browser would select just the current realm's store in + create a permission storage entry. +
+- + A browser that treats permissions granted to iframes as only granted to + the iframe's origin when it's embedded in the same top-level origin, + would create permission stores for each pair of (top-level origin, + embedded origin), and for each realm. Each realm's store would be + created as a copy of the (top-level origin, realm's origin) permission + store. create a permission storage entry would write to the + (top-level origin, realm's origin) store and all realms' stores that had + matching origins and top-level origins, but not to permission stores + that merely had the same realm origin. +
+dictionary PermissionStorage { // PermissionStorage is just an explanatory device. @@ -405,38 +453,66 @@ spec: webidl };- The steps to retrieve a permission storage entry of a - permission storage identifier are as follows: + The steps to retrieve the permission storage of a + {{PermissionName}} name are as follows:
-
- If the user agent has a {{PermissionStorage}} associated - with the permission storage identifier in its permission store, - it MUST return the {{PermissionStorage}}. +
- Let settings be the current settings object.
+- + Let store be the permission store associated with + settings' realm.
-- Otherwise, it MUST return
undefined
. +- + If store exists and maps name to a value, return + this value. +
+- + Otherwise, return a default value based on the user agent's defined + heuristics. For example,
{state: {{"prompt"}}}
can be a + default value, but it can also be based on frequency of visits.- The steps to create a permission storage entry for a - permission storage identifier are as follows: + The steps to create a permission storage entry mapping a + {{PermissionName}} name to a {{PermissionStorage}} + storage are as follows:
-
- If the user agent has a {{PermissionStorage}} associated - with the permission storage identifier in its permission store, - it MUST overwrite it to the given {{PermissionStorage}}. +
- Let settings be the current settings object.
+- + Let stores be a UA-selected subset of the permission + stores associated with the same origin as settings. + If stores is non-empty, it MUST include the permission store + associated with settings' realm.
-- Otherwise, it MUST write the new {{PermissionStorage}} to its - permission store. +
- + Write a mapping from name to storage into each + permission store in stores, overwriting any existing + mapping with the same name. + + Issue(91): This isn't quite sufficient for complex {{PermissionStorage}} + subclasses, which may need to modify the old storage instead of just + overwriting it.
The steps to delete a permission storage entry of a - permission storage identifier are as follows: + {{PermissionName}} name are as follows:
-
- If the user agent has a {{PermissionStorage}} associated - with the permission storage identifier in its permission store, - it MUST remove it. +
- Let settings be the current settings object.
+- + Let stores be a collection of zero or more permission + stores associated with the same origin as settings. + If stores is non-empty, it SHOULD include the permission store + used in the retrieve the permission storage algorithm for + settings. +
+- + Remove all the mappings for name from permission stores + in stores.
- The steps to retrieve the permission storage for a given - {{PermissionName}} name are as follows: -
--
+- - Get a permission storage identifier for name and - the current environment settings object, and let - identifier be the result. -
-- Run the steps to retrieve a permission storage entry of - identifier. -
-- If the result of those steps are not
-undefined
, return - it and abort these steps. -- Otherwise, the user agent MUST return a default value based - on user agent's defined heuristics. For example,
-{state: - {{"prompt"}}}
can be a default value, but it can also be based on - frequency of visits. -[Exposed=(Window,Worker)] interface PermissionStatus : EventTarget { @@ -719,10 +774,8 @@ spec: webidl steps.
permissionDesc.name
and the current
- environment settings object, and create a permission
- storage entry mapping this identifier to storage.
+ Create a permission storage entry mapping
+ permissionDesc.name
to storage.
permission.name
and the current
- environment settings object, and let identifier be
- the result.
- permission.name
.
permissionDesc.name
's permission revocation
algorithm.