Name Description Size
Feature.cpp 1865
Feature.h 1395
FeaturePolicy.cpp 10359
FeaturePolicy.h FeaturePolicy ~~~~~~~~~~~~~ Each document and each HTMLIFrameElement have a FeaturePolicy object which is used to allow or deny features in their contexts. FeaturePolicy is composed by a set of directives configured by the 'Feature-Policy' HTTP Header and the 'allow' attribute in HTMLIFrameElements. Both header and attribute are parsed by FeaturePolicyParser which returns an array of Feature objects. Each Feature object has a feature name and one of these policies: - eNone - the feature is fully disabled. - eAll - the feature is allowed. - eAllowList - the feature is allowed for a list of origins. An interesting element of FeaturePolicy is the inheritance: each context inherits the feature-policy directives from the parent context, if it exists. When a context inherits a policy for feature X, it only knows if that feature is allowed or denied (it ignores the list of allowed origins for instance). This information is stored in an array of inherited feature strings because we care only to know when they are denied. FeaturePolicy can be reset if the 'allow' or 'src' attributes change in HTMLIFrameElements. 'src' attribute is important to compute correcly the features via FeaturePolicy 'src' keyword. When FeaturePolicy must decide if feature X is allowed or denied for the current origin, it checks if the parent context denied that feature. If not, it checks if there is a Feature object for that feature named X and if the origin is allowed or not. From a C++ point of view, use FeaturePolicyUtils to obtain the list of features and to check if they are allowed in the current context. dom.security.featurePolicy.header.enabled pref can be used to disable the HTTP header support. 7669
FeaturePolicyParser.cpp static 4649
FeaturePolicyParser.h 1007
FeaturePolicyUtils.cpp IMPORTANT: Do not change this list without review from a DOM peer _AND_ a DOM Security peer! 10163
FeaturePolicyUtils.h 2816
fuzztest 3
moz.build 925
test 2