remove allowpaymentrequest attribute from HTMLIFrameElement
Differential Revision: https://phabricator.services.mozilla.com/D90505
bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1665252
gecko-commit: d199f0766e990e9b908a69fa28cffb849ea248d6
gecko-reviewers: dom-workers-and-storage-reviewers, smaug, asuth
diff --git a/feature-policy/payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html b/feature-policy/payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html
index daa2aa1..df53af2 100644
--- a/feature-policy/payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html
+++ b/feature-policy/payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html
@@ -24,16 +24,5 @@
expect_feature_unavailable_default, 'payment');
}, header + ' disallows cross-origin navigation in an iframe.');
- async_test(t => {
- test_feature_availability(
- 'PaymentRequest()', t, same_origin_src,
- expect_feature_available_default, 'payment', 'allowpaymentrequest');
- }, header + ' allowpaymentrequest=true allows same-origin navigation in an iframe.');
-
- async_test(t => {
- test_feature_availability(
- 'PaymentRequest()', t, cross_origin_src,
- expect_feature_unavailable_default, 'payment', 'allowpaymentrequest');
- }, header + ' allowpaymentrequest=true disallows cross-origin navigation in an iframe.');
</script>
</body>
diff --git a/feature-policy/payment-allowed-by-feature-policy.https.sub.html b/feature-policy/payment-allowed-by-feature-policy.https.sub.html
index ae77daa..ccb6740 100644
--- a/feature-policy/payment-allowed-by-feature-policy.https.sub.html
+++ b/feature-policy/payment-allowed-by-feature-policy.https.sub.html
@@ -32,16 +32,5 @@
expect_feature_available_default);
}, header + ' allows cross-origin iframes.');
- async_test(t => {
- test_feature_availability(
- 'PaymentRequest()', t, same_origin_src,
- expect_feature_available_default, undefined, 'allowpaymentrequest');
- }, header + ' allowpaymentrequest=true allows same-origin iframes.');
-
- async_test(t => {
- test_feature_availability(
- 'PaymentRequest()', t, cross_origin_src,
- expect_feature_available_default, undefined, 'allowpaymentrequest');
- }, header + ' allowpaymentrequest=true allows cross-origin iframes.');
</script>
</body>
diff --git a/feature-policy/payment-default-feature-policy.https.sub.html b/feature-policy/payment-default-feature-policy.https.sub.html
index ad4bbdc..f73ac82 100644
--- a/feature-policy/payment-default-feature-policy.https.sub.html
+++ b/feature-policy/payment-default-feature-policy.https.sub.html
@@ -32,16 +32,5 @@
expect_feature_unavailable_default);
}, header + ' disallows cross-origin iframes.');
- async_test(t => {
- test_feature_availability(
- 'PaymentRequest()', t, same_origin_src,
- expect_feature_available_default, undefined, 'allowpaymentrequest');
- }, header + ' allowpaymentrequest=true allows same-origin iframes.');
-
- async_test(t => {
- test_feature_availability(
- 'PaymentRequest()', t, cross_origin_src,
- expect_feature_available_default, undefined, 'allowpaymentrequest');
- }, header + ' allowpaymentrequest=true allows cross-origin iframes.');
</script>
</body>
diff --git a/feature-policy/payment-disabled-by-feature-policy.https.sub.html b/feature-policy/payment-disabled-by-feature-policy.https.sub.html
index b82eb4f..0e479fd 100644
--- a/feature-policy/payment-disabled-by-feature-policy.https.sub.html
+++ b/feature-policy/payment-disabled-by-feature-policy.https.sub.html
@@ -30,16 +30,5 @@
expect_feature_unavailable_default,);
}, header + ' disallows cross-origin iframes.');
- async_test(t => {
- test_feature_availability(
- 'PaymentRequest()', t, same_origin_src,
- expect_feature_unavailable_default, undefined, 'allowpaymentrequest');
- }, header + ' allowpaymentrequest=true disallows same-origin iframes.');
-
- async_test(t => {
- test_feature_availability(
- 'PaymentRequest()', t, cross_origin_src,
- expect_feature_unavailable_default, undefined, 'allowpaymentrequest');
- }, header + ' allowpaymentrequest=true disallows cross-origin iframes.');
</script>
</body>
diff --git a/feature-policy/resources/featurepolicy.js b/feature-policy/resources/featurepolicy.js
index e2feee9..347cba1 100644
--- a/feature-policy/resources/featurepolicy.js
+++ b/feature-policy/resources/featurepolicy.js
@@ -13,9 +13,9 @@
// "/feature-policy/resources/feature-policy-payment.html",
// "/feature-policy/resources/feature-policy-usb.html".
// expect_feature_available: a callback(data, feature_description) to
-// verify if a feature is avaiable or unavailable as expected.
+// verify if a feature is available or unavailable as expected.
// The file under the path "src" defines what "data" is sent back as a
-// pistMessage. Inside the callback, some tests (e.g., EXPECT_EQ,
+// postMessage. Inside the callback, some tests (e.g., EXPECT_EQ,
// EXPECT_TRUE, etc) are run accordingly to test a feature's
// availability.
// Example: expect_feature_available_default(data, feature_description).
@@ -24,8 +24,8 @@
// feature (https://wicg.github.io/feature-policy/#features).
// See examples at:
// https://github.com/WICG/feature-policy/blob/master/features.md
-// allow_attribute: Optional argument, only used for testing fullscreen or
-// payment: either "allowfullscreen" or "allowpaymentrequest" is passed.
+// allow_attribute: Optional argument, only used for testing fullscreen:
+// "allowfullscreen"
function test_feature_availability(
feature_description, test, src, expect_feature_available, feature_name,
allow_attribute) {
diff --git a/html/dom/elements-embedded.js b/html/dom/elements-embedded.js
index 27b5b61..c4b572c 100644
--- a/html/dom/elements-embedded.js
+++ b/html/dom/elements-embedded.js
@@ -30,7 +30,6 @@
sandbox: "settable tokenlist",
allowFullscreen: "boolean",
allowUserMedia: "boolean",
- allowPaymentRequest: "boolean",
width: "string",
height: "string",
referrerPolicy: {type: "enum", keywords: ["", "no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "strict-origin", "origin-when-cross-origin", "strict-origin-when-cross-origin", "unsafe-url"]},
diff --git a/lint.ignore b/lint.ignore
index 38ec5e1..8431077 100644
--- a/lint.ignore
+++ b/lint.ignore
@@ -183,7 +183,6 @@
SET TIMEOUT: navigation-timing/*
SET TIMEOUT: old-tests/submission/Microsoft/history/history_000.htm
SET TIMEOUT: paint-timing/resources/subframe-painting.html
-SET TIMEOUT: payment-request/allowpayment/setting-allowpaymentrequest-timing.https.sub.html
SET TIMEOUT: portals/resources/portals-adopt-predecessor-portal.html
SET TIMEOUT: preload/single-download-preload.html
SET TIMEOUT: resize-observer/resources/iframe.html
diff --git a/payment-request/allowpayment/allowpaymentrequest-attribute-same-origin-bc-containers.https.html b/payment-request/allowpayment/allowpaymentrequest-attribute-same-origin-bc-containers.https.html
deleted file mode 100644
index e667542..0000000
--- a/payment-request/allowpayment/allowpaymentrequest-attribute-same-origin-bc-containers.https.html
+++ /dev/null
@@ -1,11 +0,0 @@
-<!doctype html>
-<title>PaymentRequest allowpaymentrequest attribute same origin browsing context containers</title>
-<script src=/resources/testharness.js></script>
-<script src=/resources/testharnessreport.js></script>
-<div id=log></div>
-<script>
-const expectSuccess = {'iframe': true, 'frame': true, 'object': true, 'embed': true};
-const setAllowPayment = true;
-const testCrossOrigin = false;
-</script>
-<script src=common.sub.js></script>
diff --git a/payment-request/allowpayment/basic.https.html b/payment-request/allowpayment/basic.https.html
deleted file mode 100644
index af2c8e1..0000000
--- a/payment-request/allowpayment/basic.https.html
+++ /dev/null
@@ -1,14 +0,0 @@
-<!doctype html>
-<title>PaymentRequest <iframe allowpaymentrequest> basic</title>
-<script src=/resources/testharness.js></script>
-<script src=/resources/testharnessreport.js></script>
-<iframe id="iframe" allow="payment"></iframe>
-<script>
-async_test((t) => {
- const paymentArgs = [[{supportedMethods: 'foo'}], {total: {label: 'label', amount: {currency: 'USD', value: '5.00'}}}];
-
- onload = t.step_func_done(() => {
- new window[0].PaymentRequest(...paymentArgs);
- });
-});
-</script>
diff --git a/payment-request/allowpayment/setting-allowpaymentrequest-timing.https.sub.html b/payment-request/allowpayment/setting-allowpaymentrequest-timing.https.sub.html
deleted file mode 100644
index f9962e4..0000000
--- a/payment-request/allowpayment/setting-allowpaymentrequest-timing.https.sub.html
+++ /dev/null
@@ -1,42 +0,0 @@
-<!doctype html>
-<title>PaymentRequest setting allow="payment" after document creation, before response</title>
-<meta name="timeout" content="long">
-<script src=/resources/testharness.js></script>
-<script src=/resources/testharnessreport.js></script>
-<div id="log"></div>
-<script>
-// Set allow="payment" attribute in a timeout after <iframe> has been inserted to the document.
-// The iframe's response is delayed so it happens after the attribute is set.
-// The allow="payment" permission is *not* set when the browsing context is created
-// (when the <iframe> is inserted), because there's no attribute at that time,
-// and the flag stays as not set when the attribute is added because per spec
-// the flag is only set when a browsing context is created and when it's navigated.
-
-async_test((t) => {
- const iframe = document.createElement('iframe');
- // no allow="payment" attribute
-
- const path = location.pathname.substring(0, location.pathname.lastIndexOf('/') + 1);
- iframe.src = "https://{{domains[www1]}}:{{ports[https][0]}}" + path + "echo-PaymentRequest.html?pipe=trickle(d3)";
- iframe.onload = t.step_func(() => {
- iframe.contentWindow.postMessage('What is the result of new PaymentRequest(...)?', '*');
- });
-
- window.onmessage = t.step_func((e) => {
- // Ignore messages that are not part of the test.
- if (e.source != iframe.contentWindow) return;
-
- assert_equals(e.data.message, 'Exception');
- assert_equals(4, e.data.details.length);
- // The last entry is the error stacktrace. Ignore it in comparison.
- assert_array_equals(e.data.details.slice(0, 3), [true /* ex instanceof DOMException */, DOMException.SECURITY_ERR, 'SecurityError']);
- t.done();
- });
-
- document.body.appendChild(iframe);
-
- setTimeout(() => {
- iframe.allow = "payment";
- }, 10);
-});
-</script>
diff --git a/payment-request/payment-is-showing.https.html b/payment-request/payment-is-showing.https.html
index d5e04a8..fed6eaf 100644
--- a/payment-request/payment-is-showing.https.html
+++ b/payment-request/payment-is-showing.https.html
@@ -41,7 +41,7 @@
*/
async function attachIframe(src = "blank.html") {
const iframe = document.createElement("iframe");
- iframe.allowPaymentRequest = true;
+ iframe.allow = "payment";
iframe.src = src;
document.body.appendChild(iframe);
await new Promise(resolve => {
diff --git a/payment-request/payment-response/rejects_if_not_active-manual.https.html b/payment-request/payment-response/rejects_if_not_active-manual.https.html
index 28bb533..6f2e9e9 100644
--- a/payment-request/payment-response/rejects_if_not_active-manual.https.html
+++ b/payment-request/payment-response/rejects_if_not_active-manual.https.html
@@ -56,7 +56,7 @@
const text = button.textContent.trim();
promise_test(async t => {
const iframe = document.createElement("iframe");
- iframe.allowPaymentRequest = true;
+ iframe.allow = "payment";
document.body.appendChild(iframe);
// We first got to page1.html, grab a PaymentResponse instance.
@@ -87,7 +87,7 @@
const text = button.textContent.trim();
promise_test(async t => {
const iframe = document.createElement("iframe");
- iframe.allowPaymentRequest = true;
+ iframe.allow = "payment";
document.body.appendChild(iframe);
// We first got to page1.html, grab a PaymentResponse instance.
diff --git a/payment-request/rejects_if_not_active-manual.https.html b/payment-request/rejects_if_not_active-manual.https.html
index 8e214cb..bab6a8c 100644
--- a/payment-request/rejects_if_not_active-manual.https.html
+++ b/payment-request/rejects_if_not_active-manual.https.html
@@ -54,7 +54,7 @@
function testAbortShowIfDocumentIsNotActive() {
promise_test(async t => {
const iframe = document.createElement("iframe");
- iframe.allowPaymentRequest = true;
+ iframe.allow = "payment";
document.body.appendChild(iframe);
// We first got to page1.html, grab a PaymentRequest instance.
const request1 = await getLoadedPaymentRequest(
@@ -96,7 +96,7 @@
promise_test(async t => {
// We nest two iframes and wait for them to load.
const outerIframe = document.createElement("iframe");
- outerIframe.allowPaymentRequest = true;
+ outerIframe.allow = "payment";
document.body.appendChild(outerIframe);
// Load the outer iframe (we don't care about the awaited request)
await getLoadedPaymentRequest(
@@ -106,7 +106,7 @@
// Now we create the inner iframe
const innerIframe = outerIframe.contentDocument.createElement("iframe");
- innerIframe.allowPaymentRequest = true;
+ innerIframe.allow = "payment";
// nest them
outerIframe.contentDocument.body.appendChild(innerIframe);
diff --git a/payment-request/rejects_if_not_active.https.html b/payment-request/rejects_if_not_active.https.html
index 1c666ae..89c3407 100644
--- a/payment-request/rejects_if_not_active.https.html
+++ b/payment-request/rejects_if_not_active.https.html
@@ -51,7 +51,7 @@
promise_test(async t => {
const iframe = document.createElement("iframe");
- iframe.allowPaymentRequest = true;
+ iframe.allow = "payment";
document.body.appendChild(iframe);
// Make a request in the iframe.
const request = await getLoadedPaymentRequest(