|
617 | 617 | act as follows:
|
618 | 618 | p>
|
619 | 619 | <ol data-link-for="PaymentDetailsBase" class="algorithm">
|
620 |
| - <li data-tests= |
621 |
| - "allowpaymentrequest/active-document-cross-origin.https.sub.html, allowpaymentrequest/active-document-same-origin.https.html, allowpaymentrequest/removing-allowpaymentrequest.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest-timing.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest.https.sub.html"> |
622 |
| - If the <a>current settings objecta>'s <a data-cite= |
| 620 | + <li>If the <a>current settings objecta>'s <a data-cite= |
623 | 621 | "HTML#responsible-document">responsible documenta> is not
|
624 |
| - <a>allowed to usea> the feature indicated by attribute name |
625 |
| - <a>allowpaymentrequesta>, then <a>throwa> a |
626 |
| - "<a>SecurityErrora>" <a>DOMExceptiona>. |
| 622 | + <a>allowed to usea> the "<a data-lt="payment-feature">paymenta>" |
| 623 | + feature, then <a>throwa> a "<a>SecurityErrora>" |
| 624 | + <a>DOMExceptiona>. |
627 | 625 | li>
|
628 | 626 | <li>Let <var>serializedMethodDatavar> be an empty list.
|
629 | 627 | li>
|
|
3475 | 3473 | <h2>
|
3476 | 3474 | <code>PaymentRequestcode> and <code>iframecode> elements
|
3477 | 3475 | h2>
|
3478 |
| - <p data-tests= |
3479 |
| - "allowpaymentrequest/active-document-cross-origin.https.sub.html, allowpaymentrequest/active-document-same-origin.https.html, allowpaymentrequest/allowpaymentrequest-attribute-cross-origin-bc-containers.https.html, allowpaymentrequest/allowpaymentrequest-attribute-same-origin-bc-containers.https.html, allowpaymentrequest/basic.https.html, allowpaymentrequest/no-attribute-cross-origin-bc-containers.https.html, allowpaymentrequest/no-attribute-same-origin-bc-containers.https.html, allowpaymentrequest/removing-allowpaymentrequest.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest-timing.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest.https.sub.html"> |
| 3476 | + <p> |
3480 | 3477 | To indicate that a cross-origin <a>iframea> is allowed to invoke the
|
3481 | 3478 | payment request API, the <a>allowpaymentrequesta> attribute can be
|
3482 |
| - specified on the <a>iframea> element. |
| 3479 | + specified on the <a>iframea> element. See <a href= |
| 3480 | + "#feature-policy">a> for details of how <a>allowpaymentrequesta> |
| 3481 | + and <a data-cite="feature-policy">Feature Policya> interact. |
| 3482 | + p> |
| 3483 | + section> |
| 3484 | + <section id="feature-policy"> |
| 3485 | + <h2> |
| 3486 | + Feature Policy integration |
| 3487 | + h2> |
| 3488 | + <p> |
| 3489 | + This specification defines a policy-controlled feature identified by |
| 3490 | + the string "<code><dfn data-lt="payment-feature" data-nodefault= |
| 3491 | + "">paymentdfn>code>". Its <a href= |
| 3492 | + "feature-policy#default-allowlist">default allowlista> is |
| 3493 | + '<code>selfcode>'. |
3483 | 3494 | p>
|
| 3495 | + <div class="note"> |
| 3496 | + <p> |
| 3497 | + A <a data-cite="html#concept-document">documenta>’s <a data-cite= |
| 3498 | + "html/multipage/dom.html#concept-document-feature-policy">feature |
| 3499 | + policya> determines whether any content in that document is allowed |
| 3500 | + to construct <a>PaymentRequesta> instances. If disabled in any |
| 3501 | + document, no content in the document will be <a>allowed to usea> |
| 3502 | + the <a>PaymentRequesta> constructor (trying to create an instance |
| 3503 | + will throw). |
| 3504 | + p> |
| 3505 | + <p> |
| 3506 | + The <a>allowpaymentrequesta> attribute of the HTML <a>iframea> |
| 3507 | + element affects the <a data-cite= |
| 3508 | + "feature-policy#container-policy">container policya> for any |
| 3509 | + document nested in that iframe. Unless overridden by the |
| 3510 | + <code><a data-cite= |
| 3511 | + "html/multipage/iframe-embed-object.html#attr-iframe-allow">allowa>code> |
| 3512 | + attribute, setting <a>allowpaymentrequesta> on an iframe is |
| 3513 | + equivalent to <code><iframe allow="fullscreen *">code>, as |
| 3514 | + described in <a href= |
| 3515 | + "feature-policy#iframe-allowpaymentrequest-attribute">Feature Policy |
| 3516 | + §iframe-allowpaymentrequest-attributea>. |
| 3517 | + p> |
| 3518 | + div> |
3484 | 3519 | section>
|
3485 | 3520 | <section>
|
3486 | 3521 | <h2>
|
|
0 commit comments