Send reports for Permissions Policy violations in iframe to parent frame's endpoint

index.bs

@@ -822,6 +822,7 @@ partial interface HTMLIFrameElement {
       readonly attribute long? lineNumber;
       readonly attribute long? columnNumber;
       readonly attribute DOMString disposition;
+      readonly attribute DOMString? allowAttribute;
     };
   </pre>
 
@@ -855,6 +856,10 @@ partial interface HTMLIFrameElement {
       resulted only in this report being generated (with no further action taken
       by the user agent in response to the violation).
 
+    - <dfn for="PermissionsPolicyViolationReportBody">allowAttribute</dfn>: If
+      known, the value of <{iframe}> element's <{iframe/allow}> attribute, or 
+      null otherwise.
+
   <section>
     <h3 id="permissions-policy-report-only-http-header-field">\``Permissions-Policy-Report-Only`\` HTTP Header Field</h3>
     <p>The \`<dfn export http-header
@@ -980,15 +985,23 @@ partial interface HTMLIFrameElement {
     policy</a>, which may be empty.
     1. If |element| is not an <{iframe}> element, then return an empty [=policy
        directive=].
+    1. Let |allowAttribute| be the value of |element|'s <{iframe/allow}>
+       attribute.
     1. Let |container policy| be the result of running <a abstract-op>Parse policy
-      directive</a> given the value of |element|'s <{iframe/allow}> attribute,
-      the [=Document/origin=] of |element|'s [=node document=], and |element|'s
-      <a>declared origin</a>.
+      directive</a> given |allowAttribute|, the [=Document/origin=] of |element|'s
+      [=node document=], and |element|'s <a>declared origin</a>.
     1. If |element|'s <{iframe/allowfullscreen}> attribute is specified, and
        |container policy| does not [=map/contain=] an entry for the
        <code>fullscreen</code> [=policy-controlled feature|feature=].
       1. [=map/Set=] |container policy|[<code>fullscreen</code>] = <a>the
          special value <code>*</code></a>.
+    1. [=map/For each=] [=feature=] in |container policy|:
+      1. If [=feature=]'s <a>allowlist</a> does not [=list/contain=] <a>the special
+         value <code>*</code></a>, then [=list/for each=] [=origins=] in
+         <a>allowlist</a>:
+        1. Executing <a abstract-op>Is feature enabled in document for origin?</a>
+           on |feature|, |element|'s [=node document=], |origin|, True, True, and
+           |allowAttribute|.
     1. Return |container policy|.
 
     </div>
@@ -1121,13 +1134,14 @@ partial interface HTMLIFrameElement {
 
     <div class="algorithm" data-algorithm="is-feature-enabled">
     Given a [=policy-controlled feature|feature=] (|feature|), a {{Document}} object
-    (|document|), an [=origin=] (|origin|), and an optional boolean (|report|),
-    with a default value of True, this algorithm returns "<code>Disabled</code>"
-    if |feature| should be considered disabled, and "<code>Enabled</code>"
-    otherwise. If |report| is True, then it will also [=generate and queue a
-    report=] if the feature is not enabled in either |document|'s
-    [=Document/permissions policy=] or |document|'s [=Document/report-only
-    permissions policy=].
+    (|document|), an [=origin=] (|origin|), an optional boolean (|report|), with a
+    default value of True, an optional boolean (|potential|) with a default value of
+    False, and an optional string (|allowAttribute|), this algorithm returns
+    "<code>Disabled</code>" if |feature| should be considered disabled, and
+    "<code>Enabled</code>" otherwise. If |report| is True, then it will also
+    [=generate and queue a report=] if the feature is not enabled in either
+    |document|'s [=Document/permissions policy=] or |document|'s
+    [=Document/report-only permissions policy=].
 
     Note: The default value of True for |report| means that most permissions
     policy checks will generate a violation report if the feature is not
@@ -1149,18 +1163,30 @@ partial interface HTMLIFrameElement {
         1. Let |settings| be |document|'s <a>environment settings object</a>.
         1. If |result| is "<code>Disabled</code>":
             1. Let |endpoint| be the result of calling <a abstract-op>Get the
-                reporting endpoint for a feature</a> given |feature| and
-                |policy|.
-            1. Call <a abstract-op>Generate report for violation of permissions
-                policy on settings</a> given |feature|, |settings|,
-                "<code>Enforce</code>", and |endpoint|.
+               reporting endpoint for a feature</a> given |feature| and
+               |policy|.
+            1. If |potential| is True:
+                1. Call <a abstract-op>Generate report for potential violation
+                   of permissions policy on settings</a> given |feature|,
+                   |settings|, "<code>enforce</code>", |endpoint|, and
+                   |allowAttribute|.
+            1. Else:
+                1. Call <a abstract-op>Generate report for violation of
+                   permissions policy on settings</a> given |feature|, |settings|,
+                   "<code>enforce</code>", and |endpoint|.
         1. Else, if |report-only result| is "<code>Disabled</code>":
             1. Let |report-only endpoint| be the result of calling <a
-                abstract-op>Get the reporting endpoint for a feature</a> given
+               abstract-op>Get the reporting endpoint for a feature</a> given
                |feature| and |report-only policy|.
-            1. Call <a abstract-op>Generate report for violation of permissions
-                policy on settings</a> given |feature|, |settings|,
-                "<code>Report</code>", and |report-only endpoint|.
+            1. If |potential| is True:
+                1. Call <a abstract-op>Generate report for potential violation of
+                   permissions policy on settings</a> given |feature|, |settings|,
+                   "<code>report</code>", |report-only endpoint|, and
+                   |allowAttribute|.
+            1. Else:
+                1. Call <a abstract-op>Generate report for violation of permissions
+                   policy on settings</a> given |feature|, |settings|,
+                   "<code>report</code>", and |report-only endpoint|.
     1. Return result
 
     </div>
@@ -1213,6 +1239,46 @@ partial interface HTMLIFrameElement {
 
     </div>
   </section>
+  <section>
+    ## <dfn export abstract-op id="report-potential-permissions-policy-violation">Generate report for potential violation of permissions policy on settings</dfn> ## {#algo-report-potential-permissions-policy-violation}
+
+    <div class="algorithm" data-algorithm="report-potential-permissions-policy-violation">
+    Given a [=policy-controlled feature|feature=] (|feature|), an <a>environment settings object</a>
+    (|settings|), a string (|disposition|), a string-or-null (|endpoint|), and a string-or-null
+    (|allowAttribute|), this algorithm generates a <a>report</a> about the <a>violation</a> of the
+    policy for |feature|.
+
+    1. Let |body| be a new {{PermissionsPolicyViolationReportBody}}, initialized
+      as follows:
+
+        :   [=PermissionsPolicyViolationReportBody/featureId=]
+        ::  |feature|'s string representation.
+        :   [=PermissionsPolicyViolationReportBody/sourceFile=]
+        ::  null
+        :   [=PermissionsPolicyViolationReportBody/lineNumber=]
+        ::  null
+        :   [=PermissionsPolicyViolationReportBody/columnNumber=]
+        ::  null
+        :   [=PermissionsPolicyViolationReportBody/disposition=]
+        ::  |disposition|
+        :   [=PermissionsPolicyViolationReportBody/allowAttribute=]
+        ::  |allowAttribute|
+
+    1. If the user agent is currently executing script, and can extract the
+      source file's URL, line number, and column number from |settings|, then
+      set |body|'s [=PermissionsPolicyViolationReportBody/sourceFile=],
+      [=PermissionsPolicyViolationReportBody/lineNumber=], and
+      [=PermissionsPolicyViolationReportBody/columnNumber=] accordingly.
+
+    1. If |allowAttribute| is not null, then set |body|'s
+       [=PermissionsPolicyViolationReportBody/allowAttribute=] to
+       |allowAttribute|.
+
+    1. Execute [=generate and queue a report=] with |body|,
+      "potential-permissions-policy-violation", |endpoint|, and |settings|.
+
+    </div>
+  </section>
   <section>
     ## <dfn export abstract-op id="should-request-be-allowed-to-use-feature">Should request be allowed to use feature?</dfn> ## {#algo-should-request-be-allowed-to-use-feature}