script: Implement document's active sandboxing flag set (#39079)

Implements document's active sandboxing flags. These are currently populated only from CSP-derived sandboxing flags for a new document, when defined in the CSP. Testing: 1 new pass, and some new wpt's are added to test points in the spec where these flags influence behaviour. Signed-off-by: Shane Handley <shanehandley@fastmail.com>
2025-09-30 00:29:14 +01:00 · 2025-09-05 15:02:23 +10:00 · 2025-09-05 15:02:23 +10:00 · 989c0d8994
commit 989c0d8994
parent f722419861
10 changed files with 156 additions and 15 deletions
--- a/components/script/dom/html/htmlformelement.rs
+++ b/components/script/dom/html/htmlformelement.rs
@ -6,6 +6,7 @@ use std::borrow::ToOwned;
 use std::cell::Cell;

 use constellation_traits::{LoadData, LoadOrigin, NavigationHistoryBehavior};
+use content_security_policy::sandboxing_directive::SandboxingFlagSet;
 use dom_struct::dom_struct;
 use encoding_rs::{Encoding, UTF_8};
 use headers::{ContentType, HeaderMapExt};
@ -739,10 +740,18 @@ impl HTMLFormElement {
        if self.constructing_entry_list.get() {
            return;
        }
-        // Step 3
+        // Step 3. Let form document be form's node document.
        let doc = self.owner_document();
+
+        // Step 4. If form document's active sandboxing flag set has its sandboxed forms browsing
+        // context flag set, then return.
+        if doc.has_active_sandboxing_flag(SandboxingFlagSet::SANDBOXED_FORMS_BROWSING_CONTEXT_FLAG)
+        {
+            return;
+        }
+
        let base = doc.base_url();
-        // TODO: Handle browsing contexts (Step 4, 5)
+        // TODO: Handle browsing contexts (Step 5)
        // Step 6
        if submit_method_flag == SubmittedFrom::NotFromForm {
            // Step 6.1
--- a/components/script/dom/html/htmlmediaelement.rs
+++ b/components/script/dom/html/htmlmediaelement.rs
@ -10,6 +10,7 @@ use std::time::{Duration, Instant};
 use std::{f64, mem};

 use compositing_traits::{CrossProcessCompositorApi, ImageUpdate, SerializableImageData};
+use content_security_policy::sandboxing_directive::SandboxingFlagSet;
 use dom_struct::dom_struct;
 use embedder_traits::{MediaPositionState, MediaSessionEvent, MediaSessionPlaybackState};
 use euclid::default::Size2D;
@ -717,11 +718,8 @@ impl HTMLMediaElement {
        }

        if ready_state == ReadyState::HaveEnoughData {
-            // TODO: Check sandboxed automatic features browsing context flag.
-            // FIXME(nox): I have no idea what this TODO is about.
-
            // FIXME(nox): Review this block.
-            if self.autoplaying.get() && self.Paused() && self.Autoplay() {
+            if self.eligible_for_autoplay() {
                // Step 1
                self.paused.set(false);
                // Step 2
@ -968,6 +966,31 @@ impl HTMLMediaElement {
        }
    }

+    /// <https://html.spec.whatwg.org/multipage/#eligible-for-autoplay>
+    fn eligible_for_autoplay(&self) -> bool {
+        // its can autoplay flag is true;
+        self.autoplaying.get() &&
+
+        // its paused attribute is true;
+        self.Paused() &&
+
+        // it has an autoplay attribute specified;
+        self.Autoplay() &&
+
+        // its node document's active sandboxing flag set does not have the sandboxed automatic
+        // features browsing context flag set; and
+        {
+            let document = self.owner_document();
+
+            !document.has_active_sandboxing_flag(
+                SandboxingFlagSet::SANDBOXED_AUTOMATIC_FEATURES_BROWSING_CONTEXT_FLAG,
+            )
+        }
+
+        // its node document is allowed to use the "autoplay" feature.
+        // TODO: Feature policy: https://html.spec.whatwg.org/iframe-embed-object.html#allowed-to-use
+    }
+
    // https://html.spec.whatwg.org/multipage/#concept-media-load-resource
    fn resource_fetch_algorithm(&self, resource: Resource) {
        if let Err(e) = self.setup_media_player(&resource) {