spec.bs

<pre class="metadata">
Title: Fenced Frame
Shortname: fenced-frame
Repository: WICG/fenced-frame
Inline Github Issues: true
Group: WICG
Status: CG-DRAFT
Level: 1
URL: https://wicg.github.io/fenced-frame/
Boilerplate: omit conformance, omit feedback-header
Editor: Dominic Farolino, Google https://www.google.com/, domfarolino@gmail.com, https://domfarolino.com
Abstract: The fenced frame enforces a boundary between the embedding page and the cross-site embedded document such that user data visible to the two sites is not able to be joined together.
!Participate: <a href="https://github.com/WICG/fenced-frame">GitHub WICG/fenced-frame</a> (<a href="https://github.com/WICG/fenced-frame/issues/new">new issue</a>, <a href="https://github.com/WICG/fenced-frame/issues?state=open">open issues</a>)
!Commits: <a href="https://github.com/WICG/fenced-frame/commits/master/spec.bs">GitHub spec.bs commits</a>
Complain About: accidental-2119 yes, missing-example-ids yes
Indent: 2
Default Biblio Status: current
Markup Shorthands: markdown yes
Assume Explicit For: yes
WPT Display: open
</pre>

<pre class="link-defaults">
spec:dom; type:dfn; for:/; text:element
spec: url; for:/; type: dfn; text: url
</pre>
<pre class="biblio">
{
  "protected-audience": {
    "authors": [
      "Paul Jensen"
    ],
    "href": "https://wicg.github.io/turtledove/",
    "title": "Protected Audience API",
    "status": "CG-DRAFT",
    "publisher": "WICG",
    "deliveredBy": [
      "https://wicg.io/"
    ]
  },
  "shared-storage": {
    "authors": [
      "Cammie Barnes"
    ],
    "href": "https://wicg.github.io/shared-storage/",
    "title": "Shared Storage API",
    "status": "CG-DRAFT",
    "publisher": "WICG",
    "deliveredBy": [
      "https://wicg.io/"
    ]
  },
  "prerendering-revamped": {
    "authors": [
      "Domenic Denicola",
      "Dominic Farolino"
    ],
    "href": "https://wicg.github.io/nav-speculation/prerendering.html",
    "title": "Prerendering Revamped",
    "status": "CG-DRAFT",
    "publisher": "WICG",
    "deliveredBy": [
      "https://wicg.io/"
    ]
  },
  "cspee": {
    "authors": [
      "Mike West"
    ],
    "href": "https://w3c.github.io/webappsec-cspee/",
    "title": "Prerendering Revamped",
    "status": "CG-DRAFT",
    "publisher": "WICG",
    "deliveredBy": [
      "https://wicg.io/"
    ]
  }
}
</pre>
<pre class="anchors">
urlPrefix: https://www.ietf.org/rfc/rfc4122.txt
  type: dfn; text: urn uuid

spec: prerendering-revamped; urlPrefix: https://wicg.github.io/nav-speculation/prerendering.html
  type: dfn
    for: navigable
      text: loading mode; url: #navigable-loading-mode

spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
  type: dfn
    urlPrefix: browsers.html
      text: check a navigation response's adherence to its embedder policy; url: check-a-navigation-response's-adherence-to-its-embedder-policy
      text: queue a cross-origin embedder policy inheritance violation; url: queue-a-cross-origin-embedder-policy-inheritance-violation
      text: determine navigation params policy container; url: determining-navigation-params-policy-container
      text: cross-origin opener policy enforcement result; url: coop-enforcement-result
      text: determine the creation sandboxing flags; url: determining-the-creation-sandboxing-flags
      text: iframe sandboxing flag set; url: iframe-sandboxing-flag-set
      for: cross-origin opener policy enforcement result
        text: needs a browsing context group switch; url: coop-enforcement-bcg-switch
    urlPrefix: dom.html
      text: categories; url: concept-element-categories
      text: contexts in which this element can be used; url: concept-element-contexts
      text: embedded content; url: embedded-content-category
      text: content model; url: concept-element-content-model
      text: nothing; url: concept-content-nothing
      text: content attributes; url: concept-element-attributes
      text: global attributes; url: global-attributes
      text: dom interface; url: concept-element-dom
      text: accessibility considerations; url: concept-element-accessibility-considerations
      text: represents; url: represents
      text: event handler content attributes which may be specified on any HTML element; url: global-attributes:event-handler-content-attributes
    urlPrefix: common-dom-interfaces.html
      text: reflect; url: reflect
    urlPrefix: embedder-content-other.html
      text: width; url: attr-dim-width
      text: height; url: attr-dim-height
    urlPrefix: document-sequences.html
      text: browsing context group; url: browsing-context-group
      text: browsing context group set; url: browsing-context-group-set
      text: create a new browsing context and document; url: creating-a-new-browsing-context
      text: create a new browsing context group and document; url: creating-a-new-browsing-context-group
      text: document base url; url: document-base-url
      text: initialize the navigable; url: initialize-the-navigable
      text: node navigable; url: node-navigable
      text: system visibility state; url: system-visibility-state
      for: navigable
        text: active session history entry; url: nav-active-history-entry
        text: current session history entry; url: nav-current-history-entry
        text: parent; url: nav-parent
        text: ongoing navigation
      for: traversable navigable
        text: session history entries; url: tn-session-history-entries
      for: browsing context group
        text: cross-origin isolation mode; url: bcg-cross-origin-isolation
      for: cross-origin isolation mode
        text: none; url:cross-origin-isolation-none
    urlPrefix: browsing-the-web.html
      text: create and initialize a Document object; url: initialise-the-document-object
      text: create navigation params by fetching; url: create-navigation-params-by-fetching
      text: document state; url: she-document-state
      text: historyHandling; url: navigation-hh
      text: referrerPolicy; url: navigation-referrer-policy
      text: attempt to populate the history entry's document; url: attempt-to-populate-the-history-entry's-document
      text: navigation params; url: navigation-params
      text: snapshot source snapshot params; url: snapshotting-source-snapshot-params
      text: the navigation must be a replace; url: the-navigation-must-be-a-replace
      for: navigation params
        text: response; url: navigation-params-response
        text: navigable; url: navigation-params-navigable
        text: origin; url: navigation-params-origin
        text: COOP enforcement result; url: navigation-params-coop-enforcement-result
        text: final sandboxing flag set; url: navigation-params-sandboxing
      for: history handling behavior
        text: replace; url: hh-replace
      for: document state
        text: document; url: document-state-document
        text: history policy container; url: document-state-history-policy-container
        text: initiator origin; url: document-state-initiator-origin
      text: checking if unloading is user-canceled
      text: source snapshot params
      for: source snapshot params
        text: fetch client; url: source-snapshot-params-client
        text: source policy container; url: source-snapshot-params-policy-container
      text: session-history-entry
      for: session history entry
        text: step; url: she-step
      for: source snapshot params
        text: has transient activation; url: source-snapshot-params-activation
    urlPrefix: interaction.html
      text: activation notification; url: activation-notification
      text: consume user activation; url: consume-user-activation
      text: activation; url: activation
      text: click focusable; url: click-focusable
      text: focusable area; url: focusable-area
      text: sequential focus navigation; url: sequential-focus-navigation
      text: focus; url: dom-window-focus
      text: focus chain; url: focus-chain
      text: focus update steps; url: focus-update-steps
      text: focused; url: focused
      text: gain focus; url: gains-focus
      text: DOM anchor; url: dom-anchor
      text: get the focusable area; url: get-the-focusable-area
      text: currently focused area of a top-level traversable; url: currently-focused-area-of-a-top-level-traversable
      text: focused area; url: focused-area-of-the-document
      text: sequential navigation search algorithm; url: sequential-navigation-search-algorithm
    urlPefix: infrastructure.html
      text: immediately; url: immediately
    urlPrefix: nav-history-apis.html
      for: Window
        text: navigable; url: window-navigable
        text: opener; url: dom-opener
    urlPrefix: webappapis.html
      for: environment
        text: target browsing context; url: concept-environment-target-browsing-context
      text: navigation and traversal task source
    urlPrefix: document-sequences.html
      for: browsing context
        text: active document; url: active-document
    urlPrefix: interactive-elements.html
      text: accesskey attribute command; url: using-the-accesskey-attribute-to-define-a-command-on-other-elements
      text: previously focused element; url: previously-focused-element
    urlPrefix: popover.html
      text: hide popover algorithm; url: hide-popover-algorithm
    urlPrefix: form-control-infrastructure.html
      text: interactively validate the constraints; url: interactively-validate-the-constraints
    urlPrefix: custom-elements.html
      text: face validation anchor; url: face-validation-anchor
    urlPrefix: webappapis.html
      text: fire a click event; url: fire-a-click-event
    urlPrefix: urls-and-fetching.html
      text: about:srcdoc; url: about:srcdoc
spec: fetch; urlPrefix: https://fetch.spec.whatwg.org/
  type: dfn
    text: queue a cross-origin embedder policy CORP violation report; url: queue-a-cross-origin-embedder-policy-corp-violation-report
    text: should request be blocked due to a bad port; url: block-bad-port
    for: response
      text: has-cross-origin-redirects; url: response-has-cross-origin-redirects
spec: mixed-content; urlPrefix: https://w3c.github.io/webappsec-mixed-content/
  type: dfn
    text: should fetching request be blocked as mixed content; url: should-block-fetch
spec: RFC8941; urlPrefix: https://www.rfc-editor.org/rfc/rfc8941.html
  type: dfn
    text: structured header; url: #section-1
    for: structured header
      text: token; url: name-tokens
      text: boolean; url: boolean
spec: permissions-policy; urlPrefix: https://w3c.github.io/webappsec-permissions-policy
  type: dfn
    text: ASCII-serialized policy directive; url: serialized-policy-directive
    text: serialized permissions policy; url: serialized-permissions-policy
    text: supported features; url: supported-features
    text: the special value *; url: the-special-value
    text: permissions policy; url: permissions-policy
    text: policy directive; url: policy-directive
    text: declared origin; url: declared-origin
    for: permissions policy
      text: declared policy; url: permissions-policy-declared-policy
      text: inherited policy; url: permissions-policy-inherited-policy
    for: permissions
      text: matches; url: matches
spec: CSP; urlPrefix: https://w3c.github.io/webappsec-csp/
  type: dfn
    text: directive value; url: directive-value
    text: frame-src pre-request check; url: frame-src-pre-request
    text: frame-src post-request check; url: frame-src-post-request
    text: Get the effective directive for request; url: effective-directive-for-a-request
spec: CSPEE; urlPrefix: https://w3c.github.io/webappsec-cspee/
  type: dfn
    text: Is response to request blocked by context's required CSP?; url: process-response
    text: required csp; url: browsing-context-required-csp
spec: css2; urlPrefix: https://www.w3.org/TR/CSS21/visuren.html
  type: dfn
    for: css2
      text: viewport; url: viewport
spec: attribution-reporting; urlPrefix: https://wicg.github.io/attribution-reporting-api/
  type: dfn
    for: eligibility
      text: event-source; url: eligibility-event-source
      text: navigation-source; url: eligibility-navigation-source
      text: unset; url: eligibility-unset
spec: turtledove; urlPrefix: https://wicg.github.io/turtledove/
  type: dfn
    text: construct a pending fenced frame config; url: construct-a-pending-fenced-frame-config
</pre>

<style>
/* Put nice boxes around each algorithm. */
[data-algorithm]:not(.heading) {
  padding: .5em;
  border: thin solid #ddd; border-radius: .5em;
  margin: .5em calc(-0.5em - 1px);
}
[data-algorithm]:not(.heading) > :first-child {
  margin-top: 0;
}
[data-algorithm]:not(.heading) > :last-child {
  margin-bottom: 0;
}
[data-algorithm] [data-algorithm] {
  margin: 1em 0;
}

.selected-text-file-an-issue {
  position: fixed;
  bottom: 0;
  right: 0;
  background: rgba(255, 255, 255, 0.8);
  font-size: smaller;
  padding: 4px 10px;
  z-index: 4;
}

dfn var {
  font-style: italic;
}

table {
  margin: 1em 0;
}

/* WHATWG-style <hr>s, instead of WICG-style. Specific selector is necessary to override WICG styles. */
:not(.head) > :not(.head) + hr {
  display: block;
  background: none;
  border: none;
  padding: 0;
  margin: 3em 0;
  height: auto;
}
:not(.head) > :not(.head) + hr::before {
  content: none;
}

/* WHATWG-style element definition class */
.element {
  background: #EEFFEE;
}
dt {
  margin-top: 12px;
  color: black;
}
dl, dd {
  padding-left: .5em;
}

/* domintro from https://resources.whatwg.org/standard.css */
.domintro {
  position: relative;
  color: green;
  background: #DDFFDD;
  margin: 2.5em 0 2em 0;
  padding: 1.5em 1em 0.5em 2em;
}

.domintro dt, .domintro dt * {
  color: black;
  font-size: inherit;
}
.domintro dd {
  margin: 0.5em 0 1em 2em; padding: 0;
}
.domintro dd p {
  margin: 0.5em 0;
}
.domintro::before {
  content: 'For web developers (non-normative)';
  background: green;
  color: white;
  padding: 0.15em 0.25em;
  font-style: normal;
  position: absolute;
  top: -0.8em;
  left: -0.8em;
}

/* .XXX from https://resources.whatwg.org/standard.css */
.XXX {
  color: #D50606;
  background: white;
  border: solid #D50606;
}

/* Table styling definitions from https://resources.whatwg.org/standard.css */
table { border-collapse: collapse; border-style: hidden hidden none hidden; margin: 1.25em 0; }
table thead, table tbody { border-bottom: solid; }
table tbody th { text-align: left; }
table tbody th:first-child { border-left: solid; }
table td, table th { border-left: solid; border-right: solid; border-bottom: solid thin; vertical-align: top; padding: 0.2em; }

</style>

<script src="https://resources.whatwg.org/file-issue.js" async></script>

<h2 id=introduction>Introduction</h2>

*This section is non-normative.*

In a web that has its cookies and storage partitioned by top-frame site, there are occasions — such
as interest group based advertising as provided by the [[Protected-Audience]] API, or [Conversion
Lift
Measurements](https://github.com/w3c/web-advertising/blob/main/support_for_advertising_use_cases.md#conversion-lift-measurement))
— when it would be useful to display content from different partitions in the same page. This can
only be done in a privacy-preserving way if the {{Document}}s that contain data from different
partitions are isolated from each other, unable to communicate despite being re visually composed on
the same page. <{iframe}> elements are not suitable for this, since they offer many intentional
communication channels with their embedder. This specification introduces the <{fencedframe}>
element, a new element to embed {{Document}}s on a page that explicitly prevents communication
between the {{Document}} and its embedder.

This specification defines the new element, its integration with the rest of the web platform,
including [[#html-integration]] and [[#interaction-with-other-specs]], and its supporting primitives
like {{FencedFrameConfig}}, which is the major input to the <{fencedframe}> in place of normal
[=URLs=] and "`src`" attributes. Given that this specification defines a new element and its
integration with the rest of the platform, it should be read as largely a monkeypatch to the
[[HTML]], with its end goal to be merged into that standard, provided there is adequate
cross-browser support.

<h2 id=the-fencedframe-element>The <dfn element export>fencedframe</dfn> element</h2>

<dl class="element">
 <dt>[=Categories=]:</dt>
 <dd>[=Flow content=].</dd>
 <dd>[=Phrasing content=].</dd>
 <dd>[=Embedded content=].</dd>
 <dd>[=Interactive content=].</dd>
 <dd>[=Palpable content=].</dd>
 <dt>[=Contexts in which this element can be used=]:</dt>
 <dd>Where [=embedded content=] is expected.</dd>
 <dt>[=Content model=]:</dt>
 <dd>[=Nothing=].</dd>
 <dt>[=Content attributes=]:</dt>
 <dd>[=Global attributes=]</dd>
 <dd><code>[=width=]</code> — Horizontal dimension</dd>
 <dd><code>[=height=]</code> — Vertical dimension</dd>
 <dd><code><{fencedframe/allow}></code> — [=Permissions policy=] to be applied to the <{fencedframe}>'s contents</dd>
 <dt>[=Accessibility considerations=]:</dt>
 <dd><p class=XXX>TODO</p></dd>
 <dt>[=DOM interface=]:</dt>
 <dd>
<xmp class=idl>
[Exposed=Window]
interface HTMLFencedFrameElement : HTMLElement {
  [HTMLConstructor] constructor();

  [CEReactions] attribute FencedFrameConfig? config;
  [CEReactions] attribute DOMString width;
  [CEReactions] attribute DOMString height;
  [SameObject, PutForwards=value] readonly attribute DOMTokenList sandbox;
  [CEReactions] attribute DOMString allow;
};
</xmp>
</dd>
</dl>

The <{fencedframe}> element [=represents=] its [=fenced navigable container/fenced navigable=].

Descendants of <{fencedframe}> elements represent nothing.

Each <{fencedframe}> has a <dfn for=fencedframe>config</dfn>, which is either a
{{FencedFrameConfig}} or null. It is initially null.

Each <{fencedframe}> has a <dfn for=fencedframe>fencedframe sandboxing flag set</dfn>, which is a
[=sandboxing flag set=]. Which flags in a [=fencedframe/fencedframe sandboxing flag set=] are set
at any particular time is determined by the <{fencedframe}> element's <{fencedframe/sandbox}>
attribute.

<div algorithm=determine-sandbox-flags-patch>
  Modify the [=determine the creation sandboxing flags=] algorithm. Rewrite the second step in the
  union to be the following 2 steps:

  * If |embedder| is an <{iframe}> element, then: the flags set on |embedder|'s [=iframe sandboxing
    flag set=].

  * If |embedder| is a <{fencedframe}> element, then: the flags set on |embedder|'s [=fencedframe/
    fencedframe sandboxing flag set=].
</div>

<div algorithm=insertion>
  When a <{fencedframe}> element |element| is [=node is inserted into a document|inserted into a
  document=] whose [=Document/browsing context=] is non-null, run these steps:

  1. Let |nested traversable| be the result of [=create a new nested traversable|creating a new
     nested traversable=] for |element|.

  1. Set |nested traversable|'s [=navigable/loading mode=] to "`fencedframe`".

  1. If |element| has a <{fencedframe/sandbox}> attribute, then [=parse a sandboxing directive=]
     given the attribute's value and |element|'s [=fencedframe/fencedframe sandboxing flag set=].

  Issue: It's not necessary to call the <a
  href=https://html.spec.whatwg.org/multipage/browsing-the-web.html#url-and-history-update-steps>URL
  and history update steps</a> as we do during usual <a
  href=https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element:url-and-history-update-steps>child
  navigable creation</a> or <a
  href=https://html.spec.whatwg.org/multipage/nav-history-apis.html#apis-for-creating-and-navigating-browsing-contexts-by-name:url-and-history-update-steps>top-level
  traversable creation</a>, but we still need a mechanism to initialize
  {{History}}.{{History/length}} in the new navigable. This is an existing issue in the HTML
  Standard: <a
  href=https://github.com/whatwg/html/issues/9030>https://github.com/whatwg/html/issues/9030</a>.
</div>

<div algorithm=destroy>
  When a <{fencedframe}> element is [=removed from a document=], the user agent <p class=XXX>TODO:
  destroy the nested traversable</p>.
</div>

The <dfn attribute for=HTMLFencedFrameElement>config</dfn> IDL attribute getter steps are to return
[=this=]'s [=fencedframe/config=].

<div algorithm=config-setter>
  The {{HTMLFencedFrameElement/config}} IDL attribute setter steps are:

  1. If [=this=] is not [=connected=]:

    1. [=Assert=]: [=this=]'s [=fenced navigable container/fenced navigable=] is null.

       Note: This holds because when the element has been removed from the DOM, its removal steps
       immediately destroy the [=fenced navigable container/fenced navigable=].

  1. Let |navigation url or urn| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/url=] if
     the given {{FencedFrameConfig}}'s [=fencedframeconfig/url=] is not null, and the given
     {{FencedFrameConfig}}'s [=fencedframeconfig/urn=] otherwise.

  1. If |navigation url or urn| is failure, then return.

  1. Let |shared storage context| be the given {{FencedFrameConfig}}'s [=fencedframeconfig/
     sharedStorageContext=].

  1. [=Navigate=] |element|'s [=fenced navigable container/fenced navigable=] to
     |navigation url or urn| using |element|'s [=Node/node document=], with [=historyHandling=] set
     to "<a for="history handling behavior">`replace`</a>", [=referrerPolicy=] set to
     <a>"`no-referrer`"</a>, and |shared storage context|.

     Note: See [[#navigation-changes]] for the <{fencedframe}>-specific changes to the ordinary
     navigation flow.

  <wpt>
    /fenced-frame/header-referrer.https.html
  </wpt>
</div>

The <dfn element-attr for=fencedframe>allow</dfn> attribute, when specified, determines the
[=container policy=] that will be used when the [=Document/permissions policy=] for a {{Document}}
in the <{fencedframe}>'s [=fenced navigable container/fenced navigable=] is initialized. Its value
must be a [=serialized permissions policy=]. [[!PERMISSIONS-POLICY]]

The <dfn element-attr for=fencedframe>sandbox</dfn> attribute, when specified, enables a set of
extra restrictions on any content hosted by the <{fencedframe}>. Its value must be an [=unordered
set of unique space-separated tokens=] that are [=ASCII case-insensitive=]. The allowed values are:

* <{iframe/sandbox/allow-downloads}>
* <{iframe/sandbox/allow-forms}>
* <{iframe/sandbox/allow-modals}>
* <{iframe/sandbox/allow-orientation-lock}>
* <{iframe/sandbox/allow-pointer-lock}>
* <{iframe/sandbox/allow-popups}>
* <{iframe/sandbox/allow-popups-to-escape-sandbox}>
* <{iframe/sandbox/allow-presentation}>
* <{iframe/sandbox/allow-same-origin}>
* <{iframe/sandbox/allow-scripts}>
* <{iframe/sandbox/allow-top-navigation}>
* <{iframe/sandbox/allow-top-navigation-by-user-activation}>
* <{iframe/sandbox/allow-top-navigation-to-custom-protocols}>

The IDL attributes <dfn attribute for=HTMLFencedFrameElement>allow</dfn> and <dfn attribute
for=HTMLFencedFrameElement>sandbox</dfn> must [=reflect=] the respective content attribute of the
same name.

The supported tokens for {{HTMLFencedFrameElement/sandbox}}'s {{DOMTokenList}} are the allowed
values defined in the <{fencedframe/sandbox}> attribute and supported by the user agent.

<div algorithm=fencedframe-attribute-change>
The following [=attribute change steps=], given |element|, |localName|, <var ignore>oldValue</var>,
|value|, and |namespace| are used for all <{fencedframe}> elements:

1. [=Assert=]: |namespace| is the [=HTML namespace=].

1. If |localName| is <{fencedframe/sandbox}>, then:

   1. If |value| is null, then [=set/empty=] |element|'s [=fencedframe/fencedframe sandboxing flag
      set=].

   1. Otherwise, run [=parse a sandboxing directive=] given the |value| and |element|'s
      [=fencedframe/fencedframe sandboxing flag set=].

</div>

<h3 id=dimension-attributes>Dimension attributes</h3>

This section details monkeypatches to [[!HTML]]'s <a
href="https://html.spec.whatwg.org/multipage/embedded-content-other.html#dimension-attributes">Dimension
attributes</a> section. That section will be updated to include <{fencedframe}> in the list of
elements whose own <dfn element-attr for=fencedframe>width</dfn> and <dfn element-attr
for=fencedframe>height</dfn> dimension attributes have the same author requirements that apply to
the general <code>[=width=]</code> and <code>[=height=]</code> dimension attributes defined in
[[HTML]].

Furthermore, the IDL attributes <dfn attribute for=HTMLFencedFrameElement>width</dfn> and <dfn
attribute for=HTMLFencedFrameElement>height</dfn> must [=reflect=] the respective content attributes
of the same name.

<h3 id=fenced-frame-config-map>Fenced frame config mapping</h3>

Each [=traversable navigable=] has a <dfn for="traversable navigable" export>fenced frame config
mapping</dfn>, which is a [=fenced frame config mapping=].

Note: This mapping is consulted during [=navigate|navigation=], and written to by what we
colloquially refer to as *URN-generating APIs* or *config-generating APIs*, that generate both [=urn
uuids=] and [=fenced frame configs=] for use in navigating <{fencedframe}> and <{iframe}> elements.
See for example, the [[Protected-Audience]] API and [[Shared-Storage]] specifications.

A <dfn>fenced frame config mapping</dfn> has three submappings:

<dl dfn-for="fenced frame config mapping">
  : <dfn>pending config mapping</dfn>
  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame
     configs=]

  : <dfn>finalized config mapping</dfn>
  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame
     configs=]

  : <dfn>nested config mapping</dfn>
  :: a [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced frame
     configs=]
</dl>

Note: The purpose of pending configs is to enable config-generating APIs to resolve configs
asynchronously in a way that doesn't create timing side channels, i.e., the pending config is
returned to the web platform in a constant amount of time, before any computation whose duration
depends on cross-site data. Because the privacy of this depends on the web platform not being able
to discern when a pending config is finalized, it is important that all visibilities and values of
transparent fields do not change from the pending config to the finalized config, given that they
can be inspected through {{FencedFrameConfig}}'s getters. Therefore, a {{FencedFrameConfig}} that is
created and exposed to the web platform is effectively immutable even if the [=fenced frame config=]
represented by the [=fencedframe/config=]'s [=fencedframeconfig/urn=] is technically "pending", and
will finish resolving completely later.

Each [=fenced frame config mapping=] has a <dfn for="fenced frame config mapping">maximum number of
configs</dfn>, which is implementation-defined. The [=fenced frame config mapping/maximum number of
configs=] may be a non-negative number or infinity.

Note: It is important to specify the behavior of
[=fenced frame config mapping/maximum number of configs=] because its semantics can interact with
config-generating APIs in a privacy sensitive way.

At a high level, in order to store a [=fenced frame config=] in the
[=traversable navigable/fenced frame config mapping=], the creator of the config must first store a
pending config, and then turn the pending config into a finalized config. Those procedures are as
follows:

<div algorithm>
  To <dfn for="fenced frame config mapping" export>store a pending config</dfn> in a [=fenced frame
  config mapping=] |mapping| given a [=fenced frame config=] |config|, run these steps:

  1. Let |pendingMapping| be |mapping|'s [=fenced frame config mapping/pending config mapping=].

  1. If the [=map/size=] of |pendingMapping| + the [=map/size=] of |mapping|'s [=fenced frame config
     mapping/finalized config mapping=] ≥ |mapping|'s [=fenced frame config mapping/maximum number
     of configs=], return failure.

  1. Let |urn| be a randomly generated [=urn uuid=].

  1. [=Assert=]: |urn| does not [=map/exist=] in |pendingMapping|.

  1. [=map/Set=] |pendingMapping|[|urn|] to |config|.
  
  1. Return |urn|.
</div>

<div algorithm>
  To <dfn for="fenced frame config mapping" export>finalize a pending config</dfn> in a [=fenced
  frame config mapping=] |mapping| given a [=urn uuid=] |urn| and [=fenced frame config=]
  |config|, run these steps:

  1. Let |pendingMapping| be |mapping|'s [=fenced frame config mapping/pending config mapping=].

  1. Let |finalizedMapping| be |mapping|'s [=fenced frame config mapping/finalized config mapping=].

  1. If |pendingMapping|[|urn|] does not [=map/exist=], return failure.

  1. [=map/Remove=] |pendingMapping|[|urn|].

  1. [=map/Set=] |finalizedMapping|[|urn|] to |config|.
</div>

<div algorithm>
  To <dfn for="fenced frame config mapping" export>store nested configs</dfn> in a [=fenced frame
  config mapping=] |mapping| given a [=fenced frame config instance/nested configs=]
  |nestedConfigs|, run these steps:

  1. Let |nestedMapping| be |mapping|'s [=fenced frame config mapping/nested config mapping=].

  1. If |nestedConfigs| is null, return.

  1. [=map/iterate|For each=] |urn| → |config| of |nestedConfigs|:

    1. [=map/Set=] |nestedMapping|[|urn|] to |config|.
    
    1. Set |nestedMapping|[|urn|]'s [=fenced frame config/is ad component=] to true.
</div>

<div algorithm>
  To <dfn for="fenced frame config mapping" export>find a config</dfn> in a [=fenced frame config
  mapping=] |mapping| given a [=urn uuid=] |urn|, run these steps:

  1. Let |nestedMapping| be |mapping|'s [=fenced frame config mapping/nested config mapping=].

  1. Let |pendingMapping| be |mapping|'s [=fenced frame config mapping/pending config mapping=].

  1. Let |finalizedMapping| be |mapping|'s [=fenced frame config mapping/finalized config mapping=].

  1. If |nestedMapping|[|urn|] [=map/exists=], return its value.

  1. If |pendingMapping|[|urn|] [=map/exists=], wait until it does not [=map/exist=].

  1. If |finalizedMapping|[|urn|] [=map/exists=], return its value.

  1. Return failure.
</div>

<h3 id=fenced-frame-config-section>Fenced frame configs</h3>

<h4 id=fenced-frame-config-intro>Introduction</h4>

*This section is non-normative.*

A key feature of the <{fencedframe}> element is that web platform APIs can configure the behavior
of the frame in a way that limits the ability of other execution contexts to modify or inspect this
configuration, for security and privacy reasons. For example, the [[Protected-Audience]] API
performs on-device ad auctions over cross-site data, and it is important that the ad that wins the
auction can be loaded into a frame, without the API caller knowing *which ad* won the auction or
being able to manipulate the environment in which the ad loads.

We achieve this using the concept of a "[=fenced frame config=]". A [=fenced frame config=] is a
collection of fields that can be loaded into <{fencedframe}> elements and that specifies the
resulting environments. [=Fenced frame configs=] can only be created by specific web platform APIs,
and not constructed or modified by script. Their fields also contain "[=visibilities=]", which
dictate whether the field should be "redacted" when inspected through the {{FencedFrameConfig}}
interface. Config-generating APIs like the [[Protected-Audience]] and [[Shared-Storage]] APIs must
specify values for all fields of their [=fenced frame configs=] in order to ensure that they have
considered the privacy implications of each field, though they may choose to set the values to null.

Each time a <{fencedframe}> navigates to a [=fenced frame config=], it is instantiated as a new
[=fenced frame config instance=], which governs the particular [=browsing context group=] inside the
[=fenced navigable container/fenced navigable=].

<h4 id=fenced-frame-config-use-cases>Use cases</h4>

Rendering an ad created through an ad auction:

An ad auction API runs an auction and determines a winning ad. Details about the winning ad must be
hidden from the embedder, and the embedding context is not allowed to influence the environment of
the <{fencedframe}>. Either of those would allow for information to flow across the fenced frame
boundary, which can allow for colluding parties to join cross-site data and build a profile on the
user. To prevent that, the ad auction API [=construct a pending fenced frame config|constructs=] a
[=fenced frame config=] whose underlying [=fenced frame config/mapped url|URL=] is opaque to the
embedding context. The [=fenced frame config=] is also constructed with restrictions on what the
[=fenced frame config/container size=] and [=fenced frame config/content size=] of the frame must 
be and what the [=fenced frame config/effective enabled permissions|permissions policy=] of the 
frame must be, as those can be used as fingerprinting vectors.

Displaying a personalized payment button:

An e-commerce site embeds a <{fencedframe}> that has a "Pay now" button. The e-commerce site stores
information about the user's credit card on the browser as first-party storage. At first, the
{{Document}} hosted in the <{fencedframe}> has no first-party cookie/storage access, so information
can freely flow in and out without risk of the credit card information being joined with cross-site
data. Because of that, the fenced frame can be constructed directly from the web platform using the
{{FencedFrameConfig}} constructor without compromising privacy. The button at this point has no
personalized data in it since it can't access the credit card data yet. The {{Document}} can only
read that credit card data once it turns off all network access, preventing the data from flowing
out of the fenced frame and preventing it from being joined with cross-site data to build a user
profile. Once it does that, the button will then display the last 4 digits of the user's credit card
number, as it is saved in the browser, inside the first-party storage partition for the ecommerce
platform's origin.

<h4 id=fenced-frame-config-struct>The [=fenced frame config=] [=struct=]</h4>

We now establish some preliminary types:

A <dfn export for=fencedframeconfig>visibility</dfn> is either "<dfn export
for=visibility>`opaque`</dfn>" or "<dfn export for=visibility>`transparent`</dfn>".

A <dfn export for=fencedframetype>size</dfn> is a [=struct=] with the following [=struct/items=]:

<dl export dfn-for="size">
  : <dfn>width</dfn>
  :: a non-negative integer

  : <dfn>height</dfn>
  :: a non-negative integer
</dl>

<span class=XXX>TODO: Consider different numeric types for these members.</span>

An <dfn export for=fencedframetype>interest group descriptor</dfn> is a [=struct=] with the
following [=struct/items=]:

<dl export dfn-for="interest group descriptor">
  : <dfn>owner</dfn>
  :: an [=origin=]

  : <dfn>name</dfn>
  :: a [=string=]
</dl>

The <dfn export for=fencedframetype>default fenced frame effective sandboxing flags</dfn> are a
[=sandboxing flag set=] with the following flags:

* The [=sandboxed downloads browsing context flag=]
* The [=sandboxed modals flag=]
* The [=sandboxed navigation browsing context flag=]
* The [=sandboxed orientation lock browsing context flag=]
* The [=sandboxed pointer lock browsing context flag=]
* The [=sandboxed presentation browsing context flag=]
* The [=sandboxed top-level navigation without user activation browsing context flag=]

A <dfn export for=fencedframetype>pending event</dfn> is a [=struct=] with the following
[=struct/items=]:

<dl export dfn-for="pending event">
  : <dfn>destination</dfn>
  :: a {{FenceReportingDestination}}

  : <dfn>event</dfn>
  :: a [=fencedframetype/destination event=]

  : <dfn>request initiator</dfn>
  :: an [=origin=]

  : <dfn>initiator referrer policy</dfn>
  :: a [=referrer policy=]
</dl>

A <dfn export for=fencedframetype>reporting destination info</dfn> is a [=struct=] with the
following [=struct/items=]:

<dl export dfn-for="reporting destination info">
  : <dfn>reporting url declarer origin</dfn>
  :: an [=origin=]

  : <dfn>reporting url map</dfn>
  :: a [=map=] whose [=map/keys=] are [=strings=] and whose [=map/values=] are [=URLs=]

  : <dfn>reporting macro map</dfn>
  :: null, or a [=map=] whose [=map/keys=] are [=strings=] and whose [=map/values=] are [=strings=]
</dl>

A <dfn export for=fencedframetype>fenced frame reporting map</dfn> is a [=map=] whose [=map/keys=]
are {{FenceReportingDestination}}s and whose [=map/values=] are either:
 * [=lists=] of [=fencedframetype/pending events=] (which are used to represent events that need to
   be reported asynchronously, because the metadata has not been finalized yet); or
 * [=fencedframetype/reporting destination infos=] (which are used
   to represent the actual metadata once it is finalized).

Note: This representation is meant to allow config-generating APIs to reduce latency by resolving
the values of reporting destinations asynchronously, after they've already constructed and returned
the fenced frame config (and even after the config has been loaded, and event reports have been
generated inside the fenced frame). When the config-generating API declares the [=fencedframetype/
fenced frame reporting map=], they can mark certain destinations as pending using an empty
[=list=], and then maintain a reference to the map for later. If the fenced frame attempts to
[=report an event=] to a destination while it is still pending, it stores the event in this
[=list=] for later handling. When the config-generating API or its callback eventually [=finalizes
a reporting destination=] through the reference it kept, it will handle all of the pending events
stored in the [=list=]. If the destination is never finalized, then the pending events will never
be sent.

<div algorithm>
  In order to <dfn export>finalize a reporting destination</dfn>, given a [=fencedframetype/fenced
  frame reporting map=] |reporting map|, a {{FenceReportingDestination}} |destination|, an
  [=origin=] |reporting url declarer origin|, a [=map=] |destination map| whose [=map/keys=] are
  [=strings=] and whose [=map/values=] are [=urls=], and |macro map|, which is either null or a
  [=map=] whose [=map/keys=] are [=strings=] and whose [=map/values=] are [=strings=], run these
  steps:

  1. [=Assert=] that |reporting map|[|destination|] is a [=list=] (i.e., that |destination|'s
     metadata has not yet been finalized).

  1. Let |pending event list| be |reporting map|[|destination|].

  1. [=map/Set=] |reporting map|[|destination|] to a [=struct=] with the following [=struct/items=]:
       : [=reporting destination info/reporting url declarer origin=]
       :: |reporting url declarer origin|

       : [=reporting destination info/reporting url map=]
       :: |destination map|

       : [=reporting destination info/reporting macro map=]
       :: |macro map|

  1. [=list/For each=] |pending event| of |pending event list|:

     1. [=Send a beacon=] with |destination map|, |pending event|'s [=pending event/event=],
        |pending event|'s [=pending event/request initiator=], and |pending event|'s [=pending
        event/initiator referrer policy=].
</div>

A <dfn export for=fencedframetype>fenced frame reporting metadata</dfn> is a [=struct=] with the
following [=struct/items=]:

<dl export dfn-for="fenced frame reporting metadata">
  : <dfn>fenced frame reporting map</dfn>
  :: a [=fencedframetype/fenced frame reporting map=]

  : <dfn>direct seller is seller</dfn>
  :: a [=boolean=], initially true

  : <dfn>allowed reporting origins</dfn>
  :: null or a [=list=] of [=origins=]. An origin must be present in this list to be the
     destination of a [=fencedframetype/destination URL event=] report.

  : <dfn>attempted custom url report to disallowed origin</dfn>
  :: a [=boolean=], initially false
</dl>

An <dfn export for=fencedframetype>automatic beacon event type</dfn> is either "<dfn
for="automatic beacon event type">`reserved.top_navigation_start`</dfn>", "<dfn
for="automatic beacon event type">`reserved.top_navigation_commit`</dfn>", or "<dfn
for="automatic beacon event type">`reserved.top_navigation`</dfn>".

Advisement: <code>[=automatic beacon event type/reserved.top_navigation=]</code> is an earlier
naming of <code>[=automatic beacon event type/reserved.top_navigation_commit=]</code>. While they
both do the same thing, <code>[=automatic beacon event type/reserved.top_navigation=]</code> will be
removed in the future and should not be used for new code.

A <dfn export for=fencedframetype>fenced frame reporter</dfn> is a [=struct=] with the following
[=struct/items=]:
<dl export dfn-for="fenced frame reporter">
  : <dfn>fenced frame reporting metadata reference</dfn>
  :: a mutable reference to a [=fencedframetype/fenced frame reporting metadata=]
     <span class=XXX>TODO: Handle pointers/references in a more spec-y way</span>
</dl>

A <dfn for=fencedframetype>destination enum event</dfn> is a [=struct=] with the following
[=struct/items=]:
<dl dfn-for="destination enum event">
  : <dfn>type</dfn>
  :: a [=string=]

  : <dfn>data</dfn>
  :: a [=string=]

  : <dfn>attributionReportingEnabled</dfn>
  :: a [=boolean=]

  : <dfn>attributionReportingContextOrigin</dfn>
  :: an [=origin=]
</dl>

A <dfn for=fencedframetype>destination URL event</dfn> is a [=URL=].

An <dfn for=fencedframetype>automatic beacon event</dfn> is a [=struct=] with the following
[=struct/items=]:
<dl dfn-for="automatic beacon event">
  : <dfn>type</dfn>
  :: an [=fencedframetype/automatic beacon event type=]

  : <dfn>data</dfn>
  :: a [=string=]

  : <dfn>attributionReportingEnabled</dfn>
  :: a [=boolean=]

  : <dfn>attributionReportingContextOrigin</dfn>
  :: an [=origin=]
</dl>

A <dfn for=fencedframetype>destination event</dfn> is either a
[=fencedframetype/destination enum event=], a [=fencedframetype/destination URL event=], or a
[=fencedframetype/automatic beacon event=].

<div algorithm>
  In order to <dfn>send a beacon</dfn> with a [=fencedframetype/reporting destination info=]
  |destination info|, a [=fencedframetype/destination event=] |event|, an [=origin=]
  |request initiator|, and a [=referrer policy=] |initiator referrer policy| run these steps:

  1. Let |destination url| be an empty [=string=].

  1. Let |attributionReportingEligibility| be "<code>[=eligibility/unset=]</code>".

  1. Let |processResponse| be null.

  1. Let |useParallelQueue| be false.

  1. If |event| is either a [=fencedframetype/destination enum event=] or an
     [=fencedframetype/automatic beacon event=], then:

     1. Let |destination map| be |destination info|'s
        [=reporting destination info/reporting url map=].

     1. Let |eventType| be either |event|'s [=destination enum event/type|destination type=], or
        [=automatic beacon event/type|automatic type=], depending on which variant |event| is.

     1. If |destination map|[|eventType|] does not [=map/exist=], return.

     1. Set |destination url| to |destination map|[|eventType|].

    1. If |event|'s [=destination enum event/attributionReportingEnabled=] is true
        and |event|'s [=destination enum event/attributionReportingContextOrigin=] [=check if an origin is suitable|is suitable=]:

        1. If |event|'s {{FenceEvent/eventType}} matches one of the [=fencedframetype/automatic
           beacon event type=] values, set |attributionReportingEligibility| to
           "<code>[=eligibility/navigation-source=]</code>".

        1. Otherwise, set |attributionReportingEligibility| to "<code>[=eligibility/event-source=]</code>".

        1. Set |processResponse| to these steps given a [=response=] |response|:
           1. Let |fenced| be true.
           1. Run [=process an attribution eligible response=] with |event|'s
              [=destination enum event/attributionReportingContextOrigin=], |attributionReportingEligibility|, |fenced|, and |response|.

        1. Set |useParallelQueue| to true.

  1. Otherwise:

     1. [=Assert=]: |event| is a [=fencedframetype/destination URL event=].

     1. Let |macro map| be |destination info|'s [=reporting destination info/reporting macro map=].

     1. If |macro map| is null, return.

     1. Set |destination url| to |event|.

     1. Let |destination url| be the result of [=fencedframeutil/substituting macros=] with
        |macro map| into |destination url|.
  
  1. Optionally, return.

    Note: This [=implementation-defined=] condition is intended to allow user agents to drop the
    beacon for a number of reasons, for example user opt-out or |destination url|'s [=site=] not
    being <a href="https://github.com/privacysandbox/attestation">enrolled</a>.

  1. Let |request| be a new [=request=] with the following properties:

    : [=request/method=]
    :: <code>`POST`</code> if |event| is a [=fencedframetype/destination enum event=], otherwise
       <code>`GET`</code>.

    : [=request/URL=]
    :: |destination url|

    : [=request/header list=]
    :: A new [=header list=] containing a [=header=] whose [=header/name=] is `"Content-Type"` and
       [=header/value=] is `"text/plain"`.

    : [=request/body=]
    :: If |event| is a [=fencedframetype/destination enum event=], a [=body=] whose [=body/source=]
       is |event|'s [=destination enum event/data=], otherwise null.

    : [=request/client=]
    :: null

    : [=request/service-workers mode=]
    :: `"all"`

       Issue: The default is `"all"`, so we technically don't have to set anything here. We do in order
       to remind ourselves that it might be more appropriate to skip service workers here, like some
       [other
       beacons](https://wicg.github.io/attribution-reporting-api/#ref-for-request-service-workers-mode).

    : [=request/origin=]
    :: |request initiator| if |event| is a [=fencedframetype/destination URL event=], and
       |destination info|'s [=reporting destination info/reporting url declarer origin=] otherwise.

       Note: The reporting destination for a [=fencedframetype/destination URL event=] is determined
       by the {{Document}} that calls {{Fence/reportEvent()}}, as opposed to a [=fencedframetype/
       destination enum event=] or [=fencedframetype/automatic beacon event=] whose reporting
       destinations are determined in the worklet that created the [=fenced frame config=] that
       loaded this {{Document}}. We set the [=request/origin=] to the [=origin=] of the {{Document}}
       or worklet that determined the reporting destination to prevent cross-site request forgery.

    : [=request/referrer=]
    :: |request initiator|

    : [=request/referrer policy=]
    :: |initiator referrer policy|

    : [=request/mode=]
    :: `"cors"`

    : [=request/credentials mode=]
    :: `"omit"`

    : [=request/Attribution Reporting eligibility=]
    :: |attributionReportingEligibility|

  1. [=Fetch=] |request| with [=fetch/processResponse=] being |processResponse| if it is not null
     and [=fetch/useParallelQueue=] being |useParallelQueue|.

    Note: This algorithm can be invoked from while [=in parallel=] or while on a {{Document}}'s main
    thread. To handle the [=in parallel=] invocation correctly, we invoke [=fetch=]
    with [=fetch/useParallelQueue=] set to true when the <span class=allow-2119>optional</span>
    [=response=]-handling algorithm is used, otherwise there is no need to do this even when this
    algorithm is running [=in parallel=] in other instances.
</div>

<div algorithm>
  In order to <dfn>report an event</dfn> using a [=fencedframetype/fenced frame reporter=]
  |reporter| with a {{FenceReportingDestination}} |destination|, an [=origin=] |request initiator|,
  a [=referrer policy=] |initiator referrer policy|, and a [=fencedframetype/destination event=]
  |event|, run these steps:

  1. Let |metadata| be |reporter|'s
     [=fenced frame reporter/fenced frame reporting metadata reference=].

  1. If |destination| is `"direct-seller"`:

     1. If |metadata|'s [=fenced frame reporting metadata/direct seller is seller=] is true, set
        |destination| to `"seller"`.

     1. Otherwise, set |destination| to `"component-seller"`.

  1. If |event| is a [=fencedframetype/destination URL event=]:
     1. If |event|'s [=url/origin=] is not [=same origin=] with any of the entries in
        |metadata|'s [=fenced frame reporting metadata/allowed reporting origins=]:
        1. Set |metadata|'s
           [=fenced frame reporting metadata/attempted custom url report to disallowed origin=] to
           true.

     1. If |metadata|'s
        [=fenced frame reporting metadata/attempted custom url report to disallowed origin=] is
        true, return.

  1. Let |reporting map| be a reference to |metadata|'s
     [=fenced frame reporting metadata/fenced frame reporting map=].

  1. If |reporting map|[|destination|] does not [=map/exist=], return.

  1. If |reporting map|[|destination|] is a [=list=]:

     1. Let |newEvent| be a new [=fencedframetype/pending event=] with the following:
        : [=pending event/destination=]
        :: |destination|

        : [=pending event/event=]
        :: |event|

        : [=pending event/request initiator=]
        :: |request initiator|

        : [=pending event/initiator referrer policy=]
        :: |initiator referrer policy|

     1. [=list/Append=] |newEvent| to |reporting map|[|destination|].

     1. Return.

       Note: The pending event will be sent asynchronously.

  1. [=Assert=] that |reporting map|[|destination|] is a [=map=] (i.e., that |destination|'s
     metadata has been finalized).

  1. [=Send a beacon=] with |reporting map|[|destination|], |event|, |request initiator|, and
     |initiator referrer policy|.
</div>

<div algorithm>
  In order to <dfn>report a private aggregation event</dfn> using a [=fencedframetype/fenced frame
  reporter=] |reporter| with a [=string=] |event|, run these steps:

  1. If |event|'s {{FenceEvent/eventType}} [=string/starts with=] "`reserved.`", then return.

  1. |reporter| |event| <span class=XXX>TODO: Fill this in</span>
</div>

An <dfn export for=fencedframetype>exfiltration budget metadata</dfn> is a [=struct=] with the
following [=struct/items=]:

<dl export dfn-for="exfiltration budget metadata">
  : <dfn>origin</dfn>
  :: an [=origin=]

  : <dfn>amount to debit</dfn>
  :: a non-negative valid floating point number
</dl>

An <dfn export for=fencedframetype>exfiltration budget metadata reference</dfn> is a [=struct=] with
the following [=struct/items=]:

<dl export dfn-for="exfiltration budget metadata reference">
  : <dfn>origin</dfn>
  :: an [=origin=]

  : <dfn>amount to debit reference</dfn>
  :: a mutable reference to a non-negative valid floating point number
     <span class=XXX>TODO: Handle pointers/references in a more specy-y way</span>
</dl>

A <dfn export>partition nonce</dfn> is an [=implementation-defined=] value.

Note: This is similar to the <a href=https://fetch.spec.whatwg.org/#network-partition-key>network
partition key</a> used by <a href=https://fetch.spec.whatwg.org/>Fetch</a>.

A <dfn export>fenced frame config</dfn> is a [=struct=] with the following [=struct/items=]:

<dl export dfn-for="fenced frame config">
  : <dfn>mapped url</dfn>
  :: a [=struct=] with the following [=struct/items=]:
    : <dfn for="mapped url">value</dfn>
    :: a [=URL=]

    : <dfn for="mapped url">visibility</dfn>
    :: a [=fencedframeconfig/visibility=]

  : <dfn>container size</dfn>
  :: null, or a [=fencedframetype/size=]

  : <dfn>content size</dfn>
  :: null, or a [=struct=] with the following [=struct/items=]:
    : <dfn for="content size">value</dfn>
    :: a [=fencedframetype/size=]

    : <dfn for="content size">visibility</dfn>
    :: a [=fencedframeconfig/visibility=]

  : <dfn>interest group descriptor</dfn>
  :: null, or a [=struct=] with the following [=struct/items=]:
    : <dfn for="interest group descriptor">value</dfn>
    :: an [=fencedframetype/interest group descriptor=]

    : <dfn for="interest group descriptor">visibility</dfn>
    :: a [=fencedframeconfig/visibility=]

  : <dfn>on navigate callback</dfn>
  :: null, or a series of steps

  : <dfn>effective sandboxing flags</dfn>
  :: null, or a [=struct=] with the following [=struct/items=]:
    : <dfn for="effective sandboxing flags">value</dfn>
    :: a [=sandboxing flag set=]

    : <dfn for="effective sandboxing flags">visibility</dfn>
    :: a [=fencedframeconfig/visibility=]

  : <dfn>effective enabled permissions</dfn>
  :: null, or a [=struct=] with the following [=struct/items=]:
    : <dfn for="effective enabled permissions">value</dfn>
    :: a [=list=] of [=policy-controlled features=]

    : <dfn for="effective enabled permissions">visibility</dfn>
    :: a [=fencedframeconfig/visibility=]

    Note: When non-null, this is a [=list=] of [=policy-controlled features=] that the generator of
    this config relies on exclusively being enabled inside the <{fencedframe}> that navigates to
    this config. Specifically, each feature in this list <span class=allow-2119>must</span> be
    enabled by the <{fencedframe}>'s [=fenced navigable container/fenced navigable=]'s
    [=Document/permissions policy=]'s [=permissions policy/inherited policy=] when navigating to
    this config for the navigation to succeed. The features in this list are not force-enabled, but
    rather are used to check that the embedder environment that influences the aforementioned
    [=permissions policy/inherited policy=] is relaxed enough to support these essential features.
    If the [=inherited policy for a feature|inherited policy value=] for any of these features is
    "`Disabled`", the navigation to this config will fail. Any [=policy-controlled feature=] *not*
    in this list will not be "`Disabled`" in the <{fencedframe}> that navigates to this config.

  : <dfn>fenced frame reporting metadata</dfn>
  :: null, or a [=struct=] with the following [=struct/items=]:
    : <dfn for="fenced frame reporting metadata">value</dfn>
    :: a [=fencedframetype/fenced frame reporting metadata=]

    : <dfn for="fenced frame reporting metadata">visibility</dfn>
    :: a [=fencedframeconfig/visibility=]

  : <dfn>exfiltration budget metadata</dfn>
  :: null, or a [=struct=] with the following [=struct/items=]:
    : <dfn for="exfiltration budget metadata">value</dfn>
    :: an [=fencedframetype/exfiltration budget metadata=]

    : <dfn for="exfiltration budget metadata">visibility</dfn>
    :: a [=fencedframeconfig/visibility=]

  : <dfn>nested configs</dfn>
  :: null, or a [=struct=] with the following [=struct/items=]:
    : <dfn for="nested configs">value</dfn>
    :: a [=list=] of [=fenced frame configs=]

    : <dfn for="nested configs">visibility</dfn>
    :: a [=fencedframeconfig/visibility=]

  : <dfn>embedder shared storage context</dfn>
  :: null, or a [=string=]

  : <dfn>is ad component</dfn>
  :: A [=boolean=], initially false.

  : <dfn>cross-origin reporting allowed</dfn>
  :: A [=boolean=], initially false.
</dl>
  
  Note: When true, this [=fenced frame config=] represents an ad component. An ad component can be
  used to construct ads composed of multiple pieces. See the <a
  href=https://github.com/WICG/turtledove/blob/main/FLEDGE.md#34-ads-composed-of-multiple-pieces>Protected
  Audience explainer</a>. For an ad component, event reporting is handled differently. See the <a
  href=https://github.com/WICG/turtledove/blob/main/Fenced_Frames_Ads_Reporting.md#support-for-ad-components>Fenced
  Frame Ads Reporting explainer</a> that describes this.

<h4 id=fenced-frame-config-instance-struct>The [=fenced frame config instance=] [=struct=]</h4>

A <dfn export>fenced frame config instance</dfn> is a [=struct=] with the following [=struct/items=]:

<dl export dfn-for="fenced frame config instance">
  : <dfn>mapped url</dfn>
  :: a [=URL=]

  : <dfn>container size</dfn>
  :: null, or a [=fencedframetype/size=]

  : <dfn>content size</dfn>
  :: null, or a [=fencedframetype/size=]

  : <dfn>interest group descriptor</dfn>
  :: null, or an [=fencedframetype/interest group descriptor=]

  : <dfn>on navigate callback</dfn>
  :: null, or a series of steps

  : <dfn>effective sandboxing flags</dfn>
  :: null, or a [=sandboxing flag set=]

  : <dfn>effective enabled permissions</dfn>
  :: null, or a [=list=] of [=policy-controlled features=]

  : <dfn>fenced frame reporter</dfn>
  :: null, or a [=fencedframetype/fenced frame reporter=]

  : <dfn>exfiltration budget metadata reference</dfn>
  :: null, or an [=fencedframetype/exfiltration budget metadata reference=]

  : <dfn>nested configs</dfn>
  :: null, or an [=map=] whose [=map/keys=] are [=urn uuids=] and whose [=map/values=] are [=fenced
     frame configs=]

  : <dfn>partition nonce</dfn>
  :: a [=partition nonce=]

  : <dfn>embedder shared storage context</dfn>
  :: null, or a [=string=]

  : <dfn>is ad component</dfn>
  :: A [=boolean=]

  : <dfn>has disabled untrusted network</dfn>
  :: A [=boolean=], initially false.

  : <dfn>cross-origin reporting allowed</dfn>
  :: A [=boolean=], initially false.
</dl>

<div algorithm>
  To <dfn export>instantiate a config</dfn> given a [=fenced frame config=] |config|, return a
  [=fenced frame config instance=] with the following members:

    : [=fenced frame config instance/mapped url=]
    :: |config|'s [=fenced frame config/mapped url=]'s [=mapped url/value=]

    : [=fenced frame config instance/container size=]
    :: |config|'s [=fenced frame config/container size=]

    : [=fenced frame config instance/content size=]
    :: |config|'s [=fenced frame config/content size=] if null, otherwise |config|'s [=fenced frame
       config/content size=]'s [=content size/value=]

    : [=fenced frame config instance/interest group descriptor=]
    :: |config|'s [=fenced frame config/interest group descriptor=] if null, otherwise |config|'s
       [=fenced frame config/interest group descriptor=]'s [=interest group descriptor/value=]

    : [=fenced frame config instance/on navigate callback=]
    :: |config|'s [=fenced frame config/on navigate callback=]

    : [=fenced frame config instance/effective sandboxing flags=]
    :: |config|'s [=fenced frame config/effective sandboxing flags=] if null, otherwise |config|'s
       [=fenced frame config/effective sandboxing flags=]'s [=effective sandboxing flags/value=]

    : [=fenced frame config instance/effective enabled permissions=]
    :: |config|'s [=fenced frame config/effective enabled permissions=] if null, otherwise
       |config|'s [=fenced frame config/effective enabled permissions=]'s [=effective enabled
       permissions/value=]

    : [=fenced frame config instance/fenced frame reporter=]
    ::
        1. If |config|'s [=fenced frame config/fenced frame reporting metadata=]'s [=fenced frame
           reporting metadata/value=] is null, set to null.

        1. Otherwise, set to a [=fencedframetype/fenced frame reporter=] with the following
           members:

            : [=fenced frame reporter/fenced frame reporting metadata reference=]
            :: a reference to |config|'s [=fenced frame config/fenced frame reporting metadata=]'s
               [=fenced frame reporting metadata/value=]

    : [=fenced frame config instance/exfiltration budget metadata reference=]
    ::
        1. If |config|'s [=fenced frame config/exfiltration budget metadata=] is null, set to null.

        1. Otherwise, set to a [=fencedframetype/exfiltration budget metadata reference=]:

            : [=exfiltration budget metadata reference/origin=]
            :: |config|'s [=fenced frame config/exfiltration budget metadata=]'s [=exfiltration
               budget metadata/value=]'s [=exfiltration budget metadata/origin=]

            : [=exfiltration budget metadata reference/amount to debit reference=]
            :: a reference to |config|'s [=fenced frame config/exfiltration budget metadata=]'s
               [=exfiltration budget metadata/value=]'s [=exfiltration budget metadata/amount to
               debit=]

    : [=fenced frame config instance/nested configs=]
    ::
        1. If |config|'s [=fenced frame config/nested configs=] is null, set to null.

        1. Otherwise:

           1. Let |results| be a new [=map=].

           1. [=list/For each=] |nested config| of |config|'s [=fenced frame config/nested
             configs=]'s [=nested configs/value=]:

               1. Let |urn| be a randomly generated [=urn uuid=].

               1. [=map/Set=] |results|[|urn|] to |nested config|.

           1. Set [=fenced frame config instance/nested configs=] to |results|.

    : [=fenced frame config instance/partition nonce=]
    :: a random, unique [=partition nonce=]

    : [=fenced frame config instance/embedder shared storage context=]
    :: |config|'s [=fenced frame config/embedder shared storage context=]

    : [=fenced frame config instance/is ad component=]
    :: |config|'s [=fenced frame config/is ad component=]

    : [=fenced frame config instance/cross-origin reporting allowed=]
    :: |config|'s [=fenced frame config/cross-origin reporting allowed=]

    : [=fenced frame config instance/has disabled untrusted network=]
    :: false
</div>

Each [=browsing context=] has a <dfn for="browsing context">fenced frame config instance</dfn>,
which is a [=fenced frame config instance=] or null, initially null.

Advisement: This [=browsing context/fenced frame config instance=] should really exist on
[=browsing context group=], however until third-party cookies are <a
href=https://w3ctag.github.io/web-without-3p-cookies/#introduction>deprecated</a>, this
specification supports many of the <{fencedframe}> concepts on the <{iframe}> element. This requires
that for the short term, a normal [=navigable container/content navigable=] be able to load a
[=fenced frame config=], and therefore have access to the navigation's corresponding [=fenced frame
config instance=].

<h4 id=fenced-frame-config-interface>The {{FencedFrameConfig}} interface</h4>

One major input to the <{fencedframe}> element is the {{FencedFrameConfig}} interface, which
maps to an internal [=fenced frame config=] [=struct=].

<pre class=idl>
  enum OpaqueProperty {"opaque"};

  [Exposed=Window, Serializable]
  interface FencedFrameConfig {
    constructor(USVString url);
    undefined setSharedStorageContext(DOMString contextString);
  };
</pre>

Each {{FencedFrameConfig}} has:

 * A <dfn for=fencedframeconfig>url</dfn>, a [=URL=], failure, or null, initially null
 * A <dfn for=fencedframeconfig>urn</dfn>, a [=urn uuid=]
 * A <dfn for=fencedframeconfig>sharedStorageContext</dfn>, a [=string=]

Note: A config's [=fencedframeconfig/url=] is only null if a [=fencedframeconfig/urn=] is supplied.

<div algorithm>
  The <dfn constructor for=FencedFrameConfig>FencedFrameConfig(|url|)</dfn> constructor method steps
  are:
  
  1. Let |config| be a [=new=] {{FencedFrameConfig}} object.

  1. Set |config|'s [=fencedframeconfig/url=] to the result of running the [=URL parser=] on |url|.

  1. Return |config|.
</div>

<div algorithm>
  The <dfn method for=FencedFrameConfig>setSharedStorageContext(|contextString|)</dfn> method steps
  are to set [=this=]'s [=fencedframeconfig/sharedStorageContext=] to |contextString|.
</div>

<div algorithm="FencedFrameConfig serializer">
  {{FencedFrameConfig}} objects are [=serializable objects=]. Their [=serialization steps=], given
  |value|, |serialized|, and |forStorage| are:

  1. If |forStorage| is true, then throw a {{DataCloneError}} {{DOMException}}.
  
  1. Set |serialized|.\[[Url]] to |value|'s [=fencedframeconfig/url=].

  1. Set |serialized|.\[[Urn]] to |value|'s [=fencedframeconfig/urn=].

  1. Set |serialized|.\[[SharedStorageContext]] to |value|'s [=fencedframeconfig/
     sharedStorageContext=].
</div>

<div algorithm="FencedFrameConfig deserializer">
  Their [=deserialization steps=], given |serialized|, |value|, and <var ignore> targetRealm</var>
  are:

  1. Initialize |value|'s [=fencedframeconfig/url=] to |serialized|.\[[Url]].
  
  1. Initialize |value|'s [=fencedframeconfig/urn=] to |serialized|.\[[Urn]].

  1. Initialize |value|'s [=fencedframeconfig/sharedStorageContext=] to
     |serialized|.\[[SharedStorageContext]].
</div>

Note: To help with ease of adoption,
[until 2026](https://github.com/WICG/turtledove/issues/286#issuecomment-1682842636) we will support
the API {{Window/navigator}}.{{Navigator/deprecatedReplaceInURN()}}, which allows you to substitute
macros into the [=fenced frame config/mapped url=] corresponding to a given [=urn uuid=] or
{{FencedFrameConfig}}.

Note: To help with ease of adoption,
[until third party cookie deprecation](https://developers.google.com/privacy-sandbox/relevance/protected-audience-api/feature-status#fenced_frames)
we will support the API {{Window/navigator}}.{{Navigator/deprecatedURNtoURL()}}, which returns
the [=fenced frame config/mapped url=] corresponding to a given [=urn uuid=] or
{{FencedFrameConfig}}.

<pre class=idl>
typedef (USVString or FencedFrameConfig) UrnOrConfig;

partial interface Navigator {
  Promise&lt;undefined&gt; deprecatedReplaceInURN(
    UrnOrConfig urnOrConfig, record&lt;USVString, USVString&gt; replacements);
  Promise&lt;USVString&gt; deprecatedURNtoURL(
    UrnOrConfig urnOrConfig, optional boolean send_reports = false);
  sequence&lt;USVString&gt; adAuctionComponents(unsigned short numAdComponents);
};
</pre>

<div algorithm>
  To <dfn export for=fencedframeutil>substitute macros</dfn> with an [=ordered map=] with
  [=string=] [=map/keys=] and [=string=] [=map/values=] |macros| into a [=string=] |string|, run
  these steps:

  1. <span class=XXX>TODO:</span> [Spec this](https://github.com/WICG/fenced-frame/issues/116).
     Substitute the keys from |macros| with the corresponding values into |string|, and return the
     new string. There is no recursive substitution.
</div>

<div algorithm>
  The <dfn method for=Navigator>deprecatedReplaceInURN(|urnOrConfig|, |replacements|)</dfn>
  method steps are:

  1. Let |urn| be null.

  1. If |urnOrConfig| is a {{USVString}}, set |urn| to |urnOrConfig|.

  1. Otherwise, set |urn| to |urnOrConfig|'s [=fencedframeconfig/urn=].

  1. If |urn| is not a valid [=urn uuid=] (i.e., won't pass the ABNF in Section 3 of
     [=urn uuid=]), [=exception/throw=] a {{TypeError}}.

  1. [=map/For each=] |key| → _ of |replacements|:
     1. If |key| does not [=string/start with=] <code>${</code> or <code>%%</code>,
        [=exception/throw=] a {{TypeError}}.
     1. If |key| does not [=string/end with=] <code>}</code> or <code>%%</code>,
        [=exception/throw=] a {{TypeError}}.

  1. Let |p| be [=a new promise=].

  1. Let |global| be [=this=]'s [=relevant global object=].

  1. Run the following steps [=in parallel=]:

     1. Let |mapping| be |global|'s [=Window/navigable=]'s
        [=navigable/traversable navigable=]'s [=traversable navigable/fenced frame config mapping=].

     1. Let |config| be the result of [=fenced frame config mapping/finding a config=] in |mapping|
        with |urn|.

     1. If |config| is failure, [=queue a global task=] on the [=DOM manipulation task source=]
        given |global|, to [=resolve=] |p| with {{undefined}}, and abort these steps.

     1. Let |substitutedUrl| be the result of [=fencedframeutil/substituting macros=] with
        |replacements| into |config|'s [=fenced frame config/mapped url=]'s [=mapped url/value=].

     1. Set |config|'s [=fenced frame config/mapped url=]'s [=mapped url/value=] to
        |substitutedUrl|.

     1. [=Queue a global task=] on the [=DOM manipulation task source=] given |global|, to
        [=resolve=] |p| with {{undefined}}.

  1. Return |p|.

  <wpt>
    /fenced-frame/deprecated-config-apis.https.html
  </wpt>
</div>

<div algorithm>
  The <dfn method for=Navigator>deprecatedURNtoURL(|urnOrConfig|, |send_reports|)</dfn> method
  steps are:

  1. Let |urn| be null.

  1. If |urnOrConfig| is a {{USVString}}, set |urn| to |urnOrConfig|.

  1. Otherwise, set |urn| to |urnOrConfig|'s [=fencedframeconfig/urn=].

  1. If |urn| is not a valid [=urn uuid=] (i.e., won't pass the ABNF in Section 3 of
     [=urn uuid=]), [=exception/throw=] a {{TypeError}}.

  1. Let |p| be [=a new promise=].

  1. Let |global| be [=this=]'s [=relevant global object=].

  1. Run the following steps [=in parallel=]:

     1. Let |mapping| be |global|'s [=Window/navigable=]'s
        [=navigable/traversable navigable=]'s [=traversable navigable/fenced frame config mapping=].

     1. If |mapping|'s [=fenced frame config mapping/finalized config mapping=][|urn|], does not
        [=map/exist=], then [=queue a global task=] on the [=DOM manipulation task source=]
        given |global|, to [=resolve=] |p| with {{undefined}}, and abort these steps.

     1. Let |config| be |mapping|'s [=fenced frame config mapping/finalized config mapping=][|urn|].

     1. [=Queue a global task=] on the [=DOM manipulation task source=] given |global|, to
        [=resolve=] |p| with |config|'s [=fenced frame config/mapped url=]'s [=mapped url/value=].

     1. If |send_reports| is true, then run the steps in |config|'s
        [=fenced frame config/on navigate callback=].

  1. Return |p|.

  <wpt>
    /fenced-frame/deprecated-config-apis.https.html
  </wpt>
</div>

<div algorithm>
  The <dfn method for=Navigator>adAuctionComponents(|numAdComponents|)</dfn>
  
  1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s
     [=browsing context/fenced frame config instance=].

  1. If |instance| is null, then throw a {{DOMException}}.

  1. If [=this=]'s [=relevant settings object=]'s [=environment settings object/origin=] and
    |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same
    origin=], then then throw a {{DOMException}}.

  1. Let |maxAdComponents| be 40.

  1. If |numAdComponents| &gt; |maxAdComponents|, then set |numAdComponents| to |maxAdComponents|.

  1. Let |adComponentsURNs| be an empty [=list=] of [=fencedframeconfig/urn=]s.

  1. [=map/For each=] |urn| → <var ignore>config</var> of |instance|'s 
     [=fenced frame config instance/nested configs=]:
     
     1. If |numAdComponents| equals 0, then [=iteration/break=].

     1. [=list/Append=] |urn| to |adComponentsURNs|.

     1. Set |numAdComponents| to |numAdComponents| &minus; 1.

  1. Return |adComponentsURNs|.
</div>

<h3 id=fence-interface>The {{Fence}} interface</h3>

Several APIs specific to fenced frames are defined on the {{Fence}} interface.

<pre class=idl>
  enum FenceReportingDestination {
    "buyer",
    "seller",
    "component-seller",
    "direct-seller",
    "shared-storage-select-url",
  };

  dictionary FenceEvent {
    // This dictionary has two mutually exclusive modes that aren't represented as
    // distinct IDL types due to distinguishability issues:
    //
    // When reporting to a preregistered destination (specified by enum), the following
    // properties are used:
    DOMString eventType;
    DOMString eventData;
    sequence&lt;FenceReportingDestination&gt; destination;

    // Determines if this data can be sent in a reportEvent() beacon or automatic
    // beacon that originates from a document that is cross-origin to the mapped
    // URL of the fenced frame config that loaded this frame tree.
    // Note that automatic beacon data can only be set from documents that are
    // same-origin to the fenced frame config's mapped URL, so this effectively
    // opts in the data to being used in a cross-origin subframe.
    boolean crossOriginExposed = false;

    // When setting event data to be used later in an automatic beacon, the
    // following properties are used:
    boolean once = false;

    // When reporting to a custom destination URL (with substitution of macros defined by
    // the Protected Audience buyer), the following property is used:
    USVString destinationURL;
  };

  typedef (FenceEvent or DOMString) ReportEventType;

  [Exposed=Window]
  interface Fence {
      undefined reportEvent(optional ReportEventType event = {});
      undefined setReportEventDataForAutomaticBeacons(optional FenceEvent event = {});
      sequence&lt;FencedFrameConfig&gt; getNestedConfigs();
      Promise&lt;undefined&gt; disableUntrustedNetwork();
      undefined notifyEvent(Event event);
  };
</pre>

<div algorithm>
  The <dfn method for=Fence>reportEvent(|event|)</dfn> method steps are:

  1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s
     [=browsing context/fenced frame config instance=].

  1. If |instance| is null, then return.
  
  1. If |instance|'s [=fenced frame config instance/is ad component=] is true, then return.

  1. If |instance|'s [=fenced frame config instance/fenced frame reporter=] is null, then return.

  1. Let |document| be [=this=]'s [=relevant global object=]'s [=associated Document=].

  1. Let |request initiator| be [=this=]'s [=relevant settings object=]'s [=environment settings
     object/origin=].

  1. Let |initiator referrer policy| be |document|'s [=Document/policy container=]'s [=policy
     container/referrer policy=].

  1. If |event| is a {{DOMString}}:

     1. If [=this=]'s [=relevant settings object=]'s [=environment settings object/origin=] and
        |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same
        origin=], then return.
  
     1. Run [=report a private aggregation event=] using |instance|'s [=fenced frame config
        instance/fenced frame reporter=] with |event|.

  1. If |event| is a {{FenceEvent}}:

     1. If |event|'s {{FenceEvent/eventType}} [=string/starts with=] "`reserved.`", then return.

     1. If all of the following conditions are true:

        * [=this=]'s [=relevant settings object=]'s [=environment settings object/origin=] and
          |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same
          origin=];
        * either |event|'s {{FenceEvent/crossOriginExposed}} is false or |instance|'s
          [=fenced frame config instance/cross-origin reporting allowed=] is false;   

        then return.

     1. If |event| has a {{FenceEvent/destinationURL}}:
        1. If |event| has a {{FenceEvent/destination}} or a {{FenceEvent/eventType}} or a
           {{FenceEvent/eventData}}:

           1. [=exception/Throw=] a {{TypeError}}.

        1. Let |destinationURL| be the result of running the [=URL parser=] on
           {{FenceEvent/destinationURL}}.

        1. [=exception/Throw=] a {{TypeError}} if any of the following conditions hold:

           * |destinationURL| is failure;
           * |destinationURL| [=url/scheme=] is not "`https`";

        1. Run [=report an event=] using |instance|'s [=fenced frame config instance/fenced frame
           reporter=] with {{FenceReportingDestination/buyer}}, |request initiator|, |initiator
           referrer policy| and a [=fencedframetype/destination URL event=] that is |event|'s
           {{FenceEvent/destinationURL}}.

     1. Otherwise:
        1. If |event| does not have a {{FenceEvent/destination}} or |event| does not have a
           {{FenceEvent/eventType}}:

           1. [=exception/Throw=] a {{TypeError}}.

        1. Let |attributionReportingEnabled| be the result of determining whether |document| is
           [=allowed to use=] the "<code>{{PermissionPolicy/attribution-reporting}}</code>" feature.

        1. Let |attributionReportingContextOrigin| be |document|'s [=node/context origin=].

        1. [=list/For each=] |destination| of |event|'s {{FenceEvent/destination}}:

          1. Run [=report an event=] using |instance|'s [=fenced frame config instance/fenced frame
             reporter=] with |destination|, |request initiator|, |initiator referrer policy|, and a
             [=fencedframetype/destination enum event=] with the following [=struct/items=]:

             : [=destination enum event/type=]
             :: |event|'s {{FenceEvent/eventType}}

             : [=destination enum event/data=]
             :: |event|'s {{FenceEvent/eventData}} (or the empty string if it is not defined).

           : [=destination enum event/attributionReportingEnabled=]
           :: |attributionReportingEnabled|

           : [=destination enum event/attributionReportingContextOrigin=]
           :: |attributionReportingContextOrigin|

  <wpt>
    /fenced-frame/fence-report-event.https.html
    /fenced-frame/fence-report-event-destination-url.https.html
    /fenced-frame/fence-report-event-cross-origin-content-initiated.https.html 
    /fenced-frame/fence-report-event-cross-origin-nested-urn-iframe.https.html 
    /fenced-frame/fence-report-event-cross-origin-nested.https.html 
    /fenced-frame/fence-report-event-cross-origin-no-embedder-opt-in.https.html 
    /fenced-frame/fence-report-event-cross-origin-no-subframe-opt-in.https.html 
    /fenced-frame/fence-report-event-cross-origin-urn-iframe-content-initiated.https.html 
    /fenced-frame/fence-report-event-cross-origin-urn-iframe-no-embedder-opt-in.https.html 
    /fenced-frame/fence-report-event-cross-origin-urn-iframe-no-subframe-opt-in.https.html 
    /fenced-frame/fence-report-event-cross-origin-urn-iframe.https.html 
    /fenced-frame/fence-report-event-cross-origin.sub.https.html 
    /fenced-frame/fence-report-event-sub-fencedframe.https.html 
  </wpt>
</div>

<div algorithm>
  The <dfn method for=Fence>setReportEventDataForAutomaticBeacons(|event|)</dfn>
  method steps are:
  1. If |event| does not have a {{FenceEvent/destination}} or |event| does not have a
     {{FenceEvent/eventType}}:
     1. [=exception/Throw=] a {{TypeError}}.

  1. If |event|'s {{FenceEvent/eventType}} does not match one of the [=fencedframetype/automatic
     beacon event type=] values, return.

  1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s
     [=browsing context/fenced frame config instance=].

  1. If |instance| is null, then return.

  1. If [=this=]'s [=relevant settings object=]'s [=environment settings object/origin=] and
     |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same
     origin=], then return.

  1. If |instance|'s [=fenced frame config instance/fenced frame reporter=] is null, then return.

  1. Set [=this=]'s [=relevant global object=]'s [=associated Document=]'s [=Document/automatic
     beacon data map=][|event|'s {{FenceEvent/eventType}}] to an [=fencedframetype/automatic beacon
     data=] with the following [=struct/items=]:

     : [=automatic beacon data/eventData=]
     :: |event|'s {{FenceEvent/eventData}} if defined and |instance|'s [=fenced frame config
        instance/is ad component=] is false, otherwise empty [=string=].

     : [=automatic beacon data/destination=]
     :: |event|'s {{FenceEvent/destination}}

     : [=automatic beacon data/once=]
     :: |event|'s {{FenceEvent/once}}

     : [=automatic beacon data/crossOriginExposed=]
     :: |event|'s {{FenceEvent/crossOriginExposed}}

  <wpt>
    /fenced-frame/set-automatic-beacon.https.html
  </wpt>
</div>

<div algorithm>
  The <dfn method for=Fence>getNestedConfigs()</dfn> method steps are:

  1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s
     [=browsing context/fenced frame config instance=].

  1. If |instance| is null, then return.

  1. If [=this=]'s [=relevant settings object=]'s [=environment settings object/origin=] and
     |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same
     origin=], then return.

  1. If |instance|'s [=fenced frame config instance/nested configs=] is null, then return.

  1. Let |results| be an empty [=list=] of {{FencedFrameConfig}}s.

  1. [=map/For each=] |urn| → |config| of |instance|'s [=fenced frame config instance/nested
     configs=]:

     1. Let |newConfig| be a [=new=] {{FencedFrameConfig}} object created in [=this=]'s [=relevant
        realm=], with the following:

        : [=fencedframeconfig/urn=]
        :: |urn|

        : [=fencedframeconfig/sharedStorageContext=]
        :: |config|'s [=fenced frame config/embedder shared storage context=]

     1. [=list/Append=] |newConfig| to |results|.

  1. Return |results|.

  <wpt>
    /fenced-frame/get-nested-configs.https.html
    /fenced-frame/config-cross-origin-apis.https.html
  </wpt>
</div>

<div algorithm>
  The <dfn method for=Fence>notifyEvent(|event|)</dfn> method steps are:

  1. If [=this=]'s {{Document}} is not [=Document/fully active=], then return.

  1. Let |navigable| be [=this=]'s [=relevant global object=]'s [=Window/navigable=].
  
  1. If any of the following conditions are met, then throw a {{SecurityError}} {{DOMException}}:

      * |navigable| is not a [=fenced navigable container/fenced navigable=];
  
      * |event|'s {{Event/isTrusted}} is false;
  
      * |event|'s [=Event/dispatch flag=] is unset;

      * |event|'s {{Event/type}} is not "<code>click</code>"
  
  1. If [=this=]'s [=relevant global object=] does not have [=transient activation=], then return.

  1. [=Consume user activation=] for [=this=]'s [=relevant global object=].

  1. Let |parentNavigable| be |navigable|'s [=navigable/unfenced parent=].

  1. [=Queue a global task=] on the [=DOM manipulation task source=] given |parentNavigable|'s     
     [=navigable/active window=] to run these steps:
  
     1. Perform the [=activation notification=] steps.

     1. [=Fire an event=] named "<code>[=fencedtreeclick=]</code>" at |navigable|'s 
        [=fenced navigable container=]. Initialize the event's {{Event/bubbles}} and {{Event/cancelable}} attributes to `true`. When running the 
        <a href="https://dom.spec.whatwg.org/#inner-event-creation-steps">inner event creation steps</a>, set the <var ignore=''>time</var> to an [=implementation-defined=] value that is consistent across all invocations of this method.

  <wpt>
    /fenced-frame/notify-event-iframe.https.html
    /fenced-frame/notify-event-invalid.https.html
    /fenced-frame/notify-event-nested-fenced-frames.https.html
    /fenced-frame/notify-event-success.https.html
    /fenced-frame/notify-event-transient-user-activation.https.html
  </wpt>
</div>

<div algorithm>
  The <dfn method for=Fence>disableUntrustedNetwork()</dfn> method steps are:

  1. Let |p| be [=a new promise=].

  1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s
     [=browsing context/fenced frame config instance=].

  1. If the [=relevant settings object=]'s [=environment settings object/origin=] and
     |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same
     origin=], then [=reject=] |p| with a {{TypeError}}.

  1. If [=this=]'s [=relevant global object=]'s [=Window/navigable=]'s [=navigable/traversable
     navigable=] is not a [=fenced navigable container/fenced navigable=], then [=resolve=] |p| with
     {{undefined}} and return |p|.

  1. Let |global| be [=this=]'s [=relevant global object=].

  1. Run the following steps [=in parallel=]:

     1. Let |fencedFrameNonce| be |instance|'s [=fenced frame config instance/partition nonce=].

     1. Let |credentiallessNonce| be

     Issue: the page credentialless nonce
     (<a href="https://github.com/WICG/fenced-frame/issues/191">WICG/fenced-frame#191</a>)

     1. Invoke [=revoke network for a partition nonce=] on |fencedFrameNonce|.

     1. Invoke [=revoke network for a partition nonce=] on |credentiallessNonce|.

     1. Set |instance|'s [=fenced frame config instance/has disabled untrusted network=] to true.

     1. Wait on all nested fenced frames to disable network too.

     Issue: Spec this waiting more formally.
     (<a href="https://github.com/WICG/fenced-frame/issues/151">WICG/fenced-frame#151</a>)

     1. [=Queue a global task=] on the [=DOM manipulation task source=] given |global|, to
        [=resolve=] |p| with {{undefined}}.

  1. Return |p|.
</div>

A user agent has an associated <dfn>network revocation nonce set</dfn>, which is a [=set=] of
[=partition nonces=], and a <dfn>network revocation exemption map</dfn>, which is a [=map=] whose
[=map/keys=] are [=partition nonces=] and [=map/values=] are [=sets=] of [=URLs=].

Note: The [=network revocation exemption map=] is used only for web platform tests; in normal usage
it is always empty. This list is modified directly in web platform tests by a function call to
exempt specific URLs from network revocation.

Issue: This will require a RFC to add a test-only function to the WPT web driver.
(<a href="https://github.com/WICG/fenced-frame/issues/192">WICG/fenced-frame#192</a>)

<div algorithm>
  To <dfn>revoke network for a partition nonce</dfn> using a [=fenced frame config
  instance/partition nonce=] |nonce|, run these steps:

  1. [=set/Append=] |nonce| to the user agent's [=network revocation nonce set=].

  1. [=fetch group/terminated|Terminate=] [=this=]'s [=relevant settings object=]'s
     [=fetch/fetch group=].
</div>

<div algorithm>
  To determine whether fetching a [=request=] <var ignore>request</var> <dfn>must be blocked due to
  a revoked partition nonce</dfn> using a [=fenced frame config instance/partition nonce=] |nonce|
  and a [=URL=] |requestURL|, run these steps:

  1. If the user agent's [=network revocation exemption map=][|nonce|] [=map/exists=], and if
     |requestURL| [=set/exists=] in it, return <b>allowed</b>.

  1. If the user agent's [=network revocation nonce set=] [=set/contains=] |nonce|, return
     <b>blocked</b>.

  1. Return <b>allowed</b>.
</div>

<h3 id=disable-fetch>Fetch monkeypatches for network revocation</h3>

The network revocation mechanism requires the following monkeypatches to the [[FETCH]] Standard.

<div algorithm=network-revocation-check-patch>
  In the [=fetch=] algorithm, step 7, where it says:

    > If <a lt="block bad port">should <var>request</var> be blocked due to a bad port</a>,
    > <a lt="should fetching request be blocked as mixed content?">
    > should fetching <var>request</var> be blocked as mixed content</a>, or
    > <a lt="should request be blocked by Content Security Policy?">should <var>request</var>
    > be blocked by Content Security Policy</a> returns <b>blocked</b>, then set
    > <var ignore>response</var> to a <a>network error</a>.

  Add "[=must be blocked due to a revoked partition nonce=]" to the conditions after
  "should request be blocked by Content Security Policy".
</div>

<h3 id=new-request-destination>New [=request=] [=request/destination=]</h3>

The processing model of a <{fencedframe}>'s navigation request deviates from that of the normal
[=navigation request=] in enough ways to justify a new [=request=] [=request/destination=] value.
This specification updates the [=request=] [=request/destination=] enumeration to include a new
entry, "<code>fencedframe</code>". Perform the following monkeypatches to the [[FETCH]] Standard.

Add "<code>fencedframe</code>" to the [=non-subresource request=] list and to the [=navigation
request=] list.

Add "<code>fencedframe</code>" to the {{RequestDestination}} enum.

<div algorithm=fetch-destination-patch>
  In the [=fetch=] algorithm, step 13.2, where it says:

    > A user agent should set value to the first matching statement, if any, switching on request's
    [=request/destination=]:

  Add "<code>fencedframe</code>" to the switch cases alongside "<code>document</code>",
  "<code>frame</code>", and "<code>iframe</code>".

  <wpt>
    /fenced-frame/header-secFetchDest.https.html
  </wpt>
</div>

Non-normatively, update the DOM intro [destination
table](https://fetch.spec.whatwg.org/#destination-table) to illustrate that <{fencedframe}> [=navigation requests=] have the following properties:
 * [=request/destination=] of "`fencedframe`"
 * [=request/initiator=] ""
 * CSP directive of <code>fenced-frame-src</code>
 * Features as HTML's <code>&lt;fencedframe&gt;</code>

<h3 id=automatic-reporting>Automatic Reporting</h3>

*This first introductory paragraph is non-normative.*

A side effect of the fenced boundary model is that ads will lose the ability to know if a click
resulted in a successful navigation. This is because the page loaded from a top-level [=navigate|
navigation=] originating from a fenced frame will not be allowed to report to the fenced frame that
it loaded (through something like <code>window.[=Window/opener=]</code>). Instead, we introduce
special event-level [=automatic beacon event/type|reporting type=]s, <code>[=automatic beacon event
type/reserved.top_navigation_start=]</code> and <code>[=automatic beacon event
type/reserved.top_navigation_commit=]</code>, which automatically sends an [=report an
event|event-level beacon=] when a fenced frame initiates a successful [=navigate|navigation=] to a
[=top-level traversable=].

<div algorithm>
  To <dfn>attempt to send an automatic beacon</dfn> given a [=source snapshot params=]
  |sourceSnapshotParams|, an [=origin=] |sourceOrigin|, a {{Document}} |targetDocument|, and an
  [=fencedframetype/automatic beacon event type=] |eventType|, run these steps:

  1. If |targetDocument|'s [=node navigable=]'s [=traversable navigable=] is not a [=top-level
     traversable=], abort these steps.

  1. If |sourceSnapshotParams|'s [=source snapshot params/has transient activation=] is set to
     false, abort these steps.

  1. Let |config| be |sourceSnapshotParams|'s [=source snapshot params/initiator fenced frame config
     instance=].

  1. If |config| is null, abort these steps.

     Note: Since this algorithm is called unconditionally for all navigations, this is used to catch
     cases where a [=navigate|navigation=] to a [=top-level traversable=] does not originate from a
     <{fencedframe}>.

  1. Let |request initiator| be |sourceOrigin| if |config|'s [=fenced frame config instance/is ad
     component=] is false, and |sourceSnapshotParams|'s [=source snapshot params/initiator ancestor
     root origin=] otherwise.

  1. Let |initiator referrer policy| be |sourceSnapshotParams|'s [=source snapshot params/source
     policy container=]'s [=policy container/referrer policy=] if |config|'s [=fenced frame config
     instance/is ad component=] is false, and |sourceSnapshotParams|'s [=source snapshot
     params/initiator ancestor root referrer policy=] otherwise.

  1. Let |beacon data| be |sourceSnapshotParams|'s [=source snapshot params/automatic beacon data
     map=][|eventType|].

  1. Let |has header opt in| be |sourceSnapshotParams|'s [=source snapshot params/automatic beacons
     allowed=].

  1. If |beacon data| is null and |has header opt in| is false, abort these steps.

  1. Let |is cross origin| be true if |sourceOrigin| is not [=same origin=] with |config|'s [=fenced
     frame config instance/mapped url=]'s [=url/origin=], false otherwise.

  1. If |is cross origin| is true and |has header opt in| is false, abort these steps.

  1. Let |should send beacon with data| be true if |beacon data| is not null and either
     |is cross origin| is false or |beacon data|'s [=automatic beacon data/crossOriginExposed=] is
     true, false otherwise.

  1. [=list/For each=] |destination| of |config|'s [=fenced frame config instance/fenced frame
     reporter=]'s [=fenced frame reporter/fenced frame reporting metadata reference=]'s
     [=fencedframetype/fenced frame reporting map=]'s [=map/keys=]:

    1. Run [=report an event=] using |config|'s [=fenced frame config instance/fenced frame
       reporter=] with |destination|, |request initiator|, |initiator referrer policy|, and an
       [=fencedframetype/automatic beacon event=] with the following [=struct/items=]:

       : [=automatic beacon event/type=]
       :: |eventType|

       : [=automatic beacon event/data=]
       :: |beacon data|'s [=automatic beacon data/eventData=] if |should send beacon with data| is
          true, |beacon data|'s [=automatic beacon data/destinations=] [=list/contains=]
          |destination|, and |config|'s [=fenced frame config instance/is ad component=] is false,
          the empty string otherwise.

       : [=automatic beacon event/attributionReportingEnabled=]
       :: |sourceSnapshotParams|'s [=source snapshot params/attribution reporting enabled=]

       : [=automatic beacon event/attributionReportingContextOrigin=]
       :: |sourceSnapshotParams|'s [=source snapshot params/attribution reporting context origin=]

  1. If |beacon data|'s [=automatic beacon data/once=] is true, set |sourceSnapshotParams|'s
     [=source snapshot params/automatic beacon data map=][|eventType|] to null.

  <wpt>
    /fenced-frame/automatic-beacon-anchor-click-handler.https.html
    /fenced-frame/automatic-beacon-click-handler.https.html
    /fenced-frame/automatic-beacon-two-events-clear.https.html
    /fenced-frame/automatic-beacon-two-events-persist.https.html
    /fenced-frame/automatic-beacon-unfenced-top.https.html
    /fenced-frame/automatic-beacon-no-destination.https.html
    /fenced-frame/automatic-beacon-no-opt-in.https.html
    /fenced-frame/automatic-beacon-shared-storage.https.html
    /fenced-frame/automatic-beacon-cross-origin-false.https.html
    /fenced-frame/automatic-beacon-cross-origin-navigation.https.html
    /fenced-frame/automatic-beacon-cross-origin-no-data.https.html
    /fenced-frame/automatic-beacon-cross-origin-no-opt-in.https.html
    /fenced-frame/automatic-beacon-use-ancestor-data.https.html
  </wpt>
</div>

<div algorithm="top_navigation_start beacon patch">
  Modify [[HTML]]'s [=navigate=] algorithm. Add a new step after step 4 that reads:
  
  5. [=Attempt to send an automatic beacon=] given <var ignore>sourceSnapshotParams</var>, <var
     ignore>initiatorOriginSnapshot</var>, <var ignore>navigable</var>’s associated {{Document}},
     and <code>[=automatic beacon event type/reserved.top_navigation_start=]</code>.
</div>

<div algorithm="top_navigation_commit beacon patch">
  Modify [[HTML]]'s [=attempt to populate the history entry's document=] algorithm. In step 6,
  substep 11, add a new step after step 5 that reads:

  6. If <var ignore>failure</var> is false, then:
    
    1. [=Attempt to send an automatic beacon=] given <var
       ignore>sourceSnapshotParams</var>, <var ignore>entry</var>'s [=document state=]'s [=document
       state/initiator origin=], <var ignore>document</var>, and <code>[=automatic beacon event
       type/reserved.top_navigation_commit=]</code>.
    
    1. [=Attempt to send an automatic beacon=] given <var
       ignore>sourceSnapshotParams</var>, <var ignore>entry</var>'s [=document state=]'s [=document
       state/initiator origin=], <var ignore>document</var>, and <code>[=automatic beacon event
       type/reserved.top_navigation=]</code>.
</div>

<h2 id=html-integration>HTML Integration</h2>

<h3 id=window-extension>Extensions to the {{Window}} interface</h3>

<pre class="idl">
  partial interface Window {
    // Collection of fenced frame APIs
    readonly attribute Fence? fence;
  };
</pre>

Each {{Window}} object has an associated <dfn for=Window>fence</dfn>, which is a {{Fence}} instance
created alongside the {{Window}}.

<div algorithm>
  The <dfn attribute for=Window>fence</dfn> getter steps are:
    1. If [=this=]'s [=Window/browsing context=]'s [=browsing context/fenced frame config instance=]
       is not null, then return [=this=]'s [=Window/fence=].

    1. Return null.

  <wpt>
    /fenced-frame/fence-api.https.html
  </wpt>
</div>

<h3 id=document-extension>{{Document}} supporting concepts</h3>

We first establish some preliminary types:

An <dfn for=fencedframetype>automatic beacon data</dfn> is a [=struct=] with the following
[=struct/items=]:
     
<dl dfn-for="automatic beacon data">
  : <dfn>eventData</dfn>
  :: a [=string=]

  : <dfn>destination</dfn>
  :: a [=list=] of {{FenceReportingDestination}}s

  : <dfn>once</dfn>
  :: a [=boolean=]

  : <dfn>crossOriginExposed</dfn>
  :: a [=boolean=]
</dl>

Each {{Document}} object has an associated <dfn for=Document>automatic beacon data map</dfn>, which
is a [=map=] whose [=map/keys=] are [=fencedframetype/automatic beacon event type=]s and whose
[=map/values=] are null or an [=fencedframetype/automatic beacon data=]

Each {{Document}} object has an associated <dfn for=Document>automatic beacons allowed</dfn>, which
is a [=boolean=], initially false.

<h3 id=creating-browsing-contexts-patch>Modifications to creating browsing contexts</h3>

<div algorithm="creating a new browsing context and document patch">
  In [[HTML]]'s [=creating a new browsing context and document=] algorithm, rewrite the two steps
  (currently steps 4 &amp; 15) starting with;

    * If |creator| is non-null, then:

  to instead use the tighter condition:

    * If |creator| is non-null and <var ignore>embedder</var> is not a <{fencedframe}> element,
      then:

  Note: This is because we need to ensure that we do not leak <var ignore>creator</var>'s [=the
  document's referrer|referrer=], [=Document/origin=], [=document base url=], [=Document/policy
  container=], across the fenced frame boundary.


  Add a substep to step 4 of this algorithm (that was modified above) that reads:

    4. Set <var ignore>browsingContext</var>'s [=browsing context/fenced frame config instance=] to
       |creator|'s [=Document/browsing context=]'s [=browsing context/fenced frame config
       instance=].
</div>

<h3 id=local-scheme-policy-container-inheritance>Policy container inheritance</h3>

When making a [=navigation request=] to a [=is local|local=] [=URL=], <{iframe}>s clone their
[=Document/policy container=] from the [=navigation request=]'s *initiator* {{Document}}. If
<{fencedframe}>s were to do the same thing, that would allow information about the initiator's
[=Document/policy container=] to leak across a fenced frame boundary. This section patches
[=Document/policy container=] inheritance to close that leak.

<div algorithm=local-policy-inheritance-determine-params>
  Modify the [=determine navigation params policy container=] algorithm to have a new optional
  [=boolean=] parameter |fenced| that defaults to false.

  Rewrite step 3 to read:

    3. If |responseURL| [=is local=], |initiatorPolicyContainer| is not null, and |fenced| false,
       then return a [=clone a policy container|clone=] of |initiatorPolicyContainer|.

  Note: We do not need to modify the case where |responseURL| is <code>[=about:srcdoc=]</code>,
  because navigations to <code>[=about:srcdoc=]</code> are not supported in fenced frames.
</div>

<div algorithm=local-policy-inheritance-populate-session-history-entry>
  Add a step before step 23 of [=create navigation params by fetching=] that says:

  23. Let |fenced| be true if |navigable| is a [=fenced navigable container/fenced navigable=],
      false otherwise.

      Note: This ensures |fenced| is true regardless of whether the initiator {{Document}} is
      |navigable|'s [=navigable/active document=] or its [=navigable/unfenced parent=].

  Rewrite step 23 (now step 24) to read:

  24. Let <var ignore>resultPolicyContainer</var> be the result of [=determining navigation params
      policy container=] given <var ignore>response</var>'s [=response/URL=], <var ignore>
      entry</var>'s [=document state=]'s [=document state/history policy container=], <var ignore>
      sourceSnapshotParams</var>'s [=source snapshot params/source policy container=], null, <var
      ignore>responsePolicyContainer</var>, and |fenced|.
</div>

Note: <{fencedframe}> [=policy container=] inheritance upon initial {{Document}} creation is handled
in the [[#creating-browsing-contexts-patch]] section.

<h3 id=nested-traversables>Nested traversables</h3>

<h4 id=nested-traversables-intro>Introduction</h4>

*This section is non-normative.*

The [[HTML]] Standard organizes [=navigables=] into two categories: [=child navigables=] and
[=traversable navigables=] (also known as [=top-level traversables=]). The introduction of features
like fenced frames, and to a lesser extent <a href=https://github.com/wicg/portals>portals</a>,
complicates this model by adding a new type of [=traversable navigable=] that is *sometimes* like a
[=child navigable=]. Because these new frame types are housed in a separate [=browsing context
group=] from their embedder, some concrete level of isolation is expected and required; on the other
hand since they are composed visually inside of *other* [=browsing context groups=], sometimes they
need to behave like the normal [=child navigables=] that we see in e.g., <{iframe}>s.

The complexity here is in deciding when terms like [=navigable container=],
[=navigable/parent|navigable parent=], and [=Document/descendant navigables=] need to cross the
[=traversable navigable=]/[=browsing context group=] boundary, versus when doing so would be unsafe
or incorrect. The examples below illustrate this point.

<p class=example id=fenced-user-activation>When a user [=user activation|activates=] content inside
of a {{Document}}, ordinarily the [=activation notification=] steps give user activation to all
[=Document/ancestor navigables=] and all [=same origin=] [=Document/descendant navigables=]. But
because a <{fencedframe}> can host sensitive content that needs to be isolated from its embedder,
and because [=user activation=] and [=consume user activation|consumption=] offer a communication
vector between these two parties, for the purpose of user activation a <{fencedframe}>'s
[=fenced navigable container/fenced navigable=] cannot not be considered a descendant of its
embedder, nor can its embedder be considered an ancestor of the <{fencedframe}>'s [=fenced navigable
container/fenced navigable=], in the way that the [=user activation=] algorithms currently use those
terms. In other words, we consider user activation to be *fenced*, to denote that it never crosses
the [=fenced navigable container/fenced navigable=] boundary; if it were unfenced, it would behave
as it would with <{iframe}>s, allowing [=user activation=] to flow freely across the frame
boundary.</p>

<wpt>
  /fenced-frame/consume-user-activation.https.html
</wpt>

<p class=example id=unfenced-sandbox-inheritance>Unlike [=user activation=], when a
<{fencedframe}>'s [=fenced navigable container/fenced navigable=] gets [=created a new nested
traversable|created=] or [=navigated=], it <span class=allow-2119>must</span> <a
href=https://html.spec.whatwg.org/#sandboxing:active-sandboxing-flag-set-3>inherit</a> its embedder
{{Document}}'s [=Document/active sandboxing flag set=] as is standard for {{Document}}s in normal
[=child navigables=]. If we did not do this, then the <{fencedframe}> element would be a trivial
sandbox bypass. Because <{fencedframe}> sandbox flag inheritance behaves similarly to how it does in
<{iframe}> elements, we consider sandbox inheritance to be *unfenced*.</p>

To provide the isolation mentioned above, and its conditional relaxation, this specification defines
a new kind of parent for [=traversable navigables=] called an [=traversable navigable/unfenced
parent=], which provides a link to its embedder that algorithms can intentionally use when they need
to be *unfenced*, as described above.

Note: Introducing a new kind of parent ([=traversable navigable/unfenced parent=]) is an intentional
design decision. It means that by default, the <{fencedframe}> boundary is private and isolated,
since by default nothing in the web platform traverses from a <{fencedframe}>'s [=fenced navigable
container/fenced navigable=] to its embedder. Care <span class=allow-2119>must</span> be taken when
modifying algorithms to make them capable of traversing across the <{fencedframe}> [=fenced navigable
container/fenced navigable=] boundary, and each modification of this sort will be evaluated
independently and appear in this specification.

The rest of this section provides patches to various [[HTML]] definitions (and their uses) that deal
with collections of related navigables, with the intention of fencing and unfencing various parts of
the web platform appropriately.

<h4 id=traversable-navigables>Traversable navigables</h4>

In [[HTML]]'s <a
href=https://html.spec.whatwg.org/multipage/document-sequences.html#traversable-navigable>Traversable
navigables</a> section, add the following:

In addition to the properties of a [=navigable=], a [=traversable navigable=] has:

 * An <dfn for="traversable navigable">unfenced parent</dfn>, a [=navigable=] or null, initially null.

Note: The [=traversable navigable/unfenced parent=] link is what gives a <{fencedframe}>'s
[=fenced navigable container/fenced navigable=] a link to its embedder, which is used carefully for
things that need to be "*unfenced*", like some algorithms in the focus processing model.

<div algorithm>
  To get the <dfn for=navigable>unfenced parent</dfn> of a [=navigable=] |navigable|:

    1. If |navigable| is a [=child navigable=], return |navigable|'s [=navigable/parent=].

    1. [=Assert=]: |navigable| is a [=fenced navigable container/fenced navigable=].

    1. Return |navigable|'s [=traversable navigable/unfenced parent=].

    Note: This algorithm is different from the [=traversable navigable=]'s [=traversable
    navigable/unfenced parent=] getter in that this algorithm first tries to get the [=navigable=]'s
    normal [=navigable/parent=] if |navigable| is a normal [=child navigable=].
</div>

<div algorithm>
  To get the <dfn for=navigable>unfenced container document</dfn> of a [=navigable=] |navigable|:

    1. Let |parentNavigable| be |navigable|'s [=navigable/unfenced parent=].

    1. Return |parentNavigable|'s [=navigable/active document=].
</div>

<h4 id=nested-traversables-inner>Nested traversables</h4>

In [[HTML]]'s <a
href=https://html.spec.whatwg.org/multipage/document-sequences.html#navigables>Navigables</a>
section, add a new subsection titled "Nested traversables" with the following text, definitions, and
algorithms.

Similar to [=navigable containers=] and their respective [=navigable container/content navigables=],
other elements (so far, only the <{fencedframe}> element) present a more isolated [=navigable=] to
the user. These elements are called <dfn>fenced navigable containers</dfn>.

A [=fenced navigable container=] has a <dfn export for="fenced navigable container">fenced
navigable</dfn>, which is either a [=traversable navigable=] with a non-null [=traversable
navigable/unfenced parent=], or null. It is initially null.

<wpt>
  /fenced-frame/window-frameElement.https.html
</wpt>

<div algorithm>
  To <dfn>initialize the nested traversable</dfn> |traversable| given a [=document state=]
  |documentState| and a [=navigable=] |parent|:

  1. [=Initialize the navigable=] |traversable| given |documentState|.

  1. Set |traversable|'s [=traversable navigable/unfenced parent=] to |parent|.
</div>

<div algorithm>
  To <dfn>create a new nested traversable</dfn> given an element |element|:

  1. Let |group| be a new [=browsing context group=].

  Note: There doesn't seem to be a reason to [=set/append=] |group| to the user agent's [=browsing
  context group set=] like [=create a new browsing context group and document=] does.

  1. Let |document| be the second return value of [=creating a new browsing context and document=]
     given |element| [=Node/node document=], |element|, and |group|.

  1. Let |documentState| be a new [=document state=], whose [=document state/document=] is |document|.

  1. Let |traversable| be a new [=traversable navigable=].

  1. Let |parentNavigable| be |element|'s [=node navigable=].

  1. [=Initialize the nested traversable=] |traversable| given |documentState| and
     |parentNavigable|.

  1. Set |element|'s [=fenced navigable container/fenced navigable=] to |traversable|.

  1. Let |initialHistoryEntry| be |traversable|'s [=navigable/active session history entry=].

  1. Set |initialHistoryEntry|'s [=session history entry/step=] to 0.

  1. [=Append=] |initialHistoryEntry| to |traversable|'s [=traversable navigable/session history
     entries=].

  1. Return |traversable|.
</div>

Note: The [=create a new nested traversable=] algorithm creates the first kind of [=traversable
navigable=] that is not a [=top-level traversable=]. This will require removing the note about
nested traversables in [[HTML]]'s <a
href=https://html.spec.whatwg.org/multipage/document-sequences.html#top-level-traversables>Top-level
traversables</a> section.

<h4 id=top-level-traversables>Top-level traversables</h4>

The [[HTML]] Standard currently defines a [=top-level traversable=] as a [=traversable navigable=]
whose [=navigable/parent=] is null, however this is an insufficient definition that this
specification changes. [[HTML]] mentions that outside of this specification, all [=traversable
navigables=] are [=top-level traversables=], but "envisions" future specifications that may want to
create a kind of [=traversable navigable|traversable=] that is nested, and achieves the nesting
through a non-null [=navigable/parent=]; hence the distinction between [=top-level traversables=]
and [=traversable navigables=] relies on the [=navigable/parent=] null-ness.

The [=fenced navigable container/fenced navigable=] this specification proposes is precisely what
[[HTML]] envisioned when carving out space for the distinction between [=top-level traversables=]
and [=traversable navigables=], however this specification does not make use of the
[=navigable/parent=] pointer for [=fenced navigable container/fenced navigables=], for reasons
described <a href=#nested-traversables-intro>above</a> (instead they use the [=traversable
navigable/unfenced parent=] pointer). That means by default, both [=top-level traversables=] and
[=fenced navigable container/fenced navigables=] both have null [=navigable/parents=], which renders
the distinction meaningless.

To mend the intended distinction between [=top-level traversables=] and [=fenced navigable container
/fenced navigables=], patch the following definitions like so:

<div algorithm>
  A <dfn>top-level traversable</dfn> is a [=traversable navigable=] whose [=navigable/parent=] and
  [=traversable navigable/unfenced parent=] are both null.
</div>

<div algorithm>
  To get the <dfn noexport for="navigable">top-level traversable</dfn> of a [=navigable=] |inputNavigable|:

    1. Let |navigable| be |inputNavigable|.

    1. [=iteration/While=]:

      1. If |navigable|'s [=navigable/parent=] and [=traversable navigable/unfenced parent=] are
         both null, then [=iteration/break=].

      1. Set |navigable| to |navigable|'s [=navigable/parent=] or [=traversable navigable/unfenced
         parent=], whichever is non-null.

         Note: Exactly one of |navigable|'s [=navigable/parent=] or [=traversable navigable/unfenced
         parent=] will be non-null here.

    1. Return |navigable|.
</div>

Note: With these new definitions, a [=top-level traversable=] is essentially "unfenced" as described
in the [[#nested-traversables-intro]].

<h3 id=navigable-traversing-algorithms>Modifications to navigable-traversing algorithms</h3>

<div algorithm="inclusive-descendant-navigables-patch">
  Modify the [=Document/inclusive descendant navigables=] algorithm to take a new optional
  [=boolean=] argument <var><dfn lt="inclusive-dn-unfenced">unfenced</dfn></var> that defaults to
  false.

  Further rewrite step 2 of this algorithm to:

  2. [=list/Extend=] <var ignore>navigables</var> with <var ignore>document</var>'s
     [=Document/descendant navigables=] with [=dn-unfenced|unfenced=] set to
     <var>[=inclusive-dn-unfenced|unfenced=]</var>.
</div>

<div algorithm="descendant-navigables-patch">
  Modify the [=Document/descendant navigables=] algorithm to take a new optional [=boolean=]
  argument <dfn lt="dn-unfenced">unfenced</dfn> that defaults to false, and rewrite the algorithm
  like so:

  1. Let |navigables| be a new [=list=].

  1. Let |navigableContainers| be a [=list=] of all [=shadow-including descendants=] of <var
     ignore>document</var> that are [=navigable containers=] (or [=fenced navigable containers=], if
     <var>[=dn-unfenced|unfenced=]</var> is true), in [=shadow-including tree order=].

  1. [=list/For each=] |navigableContainer| of |navigableContainers|:

    1. If |navigableContainer|'s [=navigable container/content navigable=] and [=fenced navigable
       container/fenced navigable=] are both null, then [=iteration/continue=].

    1. Let |descendantNavigable| be either |navigableContainer|'s [=navigable container/content
       navigable=] or [=fenced navigable container/fenced navigable=], whichever is non-null.

    1. [=list/Extend=] |navigables| with |descendantNavigable|'s [=navigable/active document=]'s
       [=Document/inclusive descendant navigables=] with [=inclusive-dn-unfenced|unfenced=] set to
       <var>[=dn-unfenced|unfenced=]</var>.

  1. Return |navigables|.
</div>

<div algorithm="ancestor-navigables-patch">
  Modify the [=Document/ancestor navigables=] algorithm to take a new optional [=boolean=]
  argument <dfn lt="an-unfenced">unfenced</dfn> that defaults to false, and rewrite the algorithm
  like so:

  1. Let |navigable| be |document|'s [=node navigable=]'s [=navigable/parent=].
  
  1. If |navigable| is null and [=an-unfenced|unfenced=] is true, set |navigable| to |document|'s
     [=node navigable=]'s [=navigable/traversable navigable=]'s [=traversable navigable/unfenced
     parent=].

  1. Let |ancestors| be an empty list.

  1. While |navigable| is not null:

     1. [=list/Prepend=] |navigable| to |ancestors|.

     1. Set |navigable| to |navigable|'s [=navigable/parent=].

     1. If |navigable| is null and [=an-unfenced|unfenced=] is true, set |navigable| to
        |navigable|'s [=navigable/traversable navigable=]'s [=traversable navigable/unfenced
        parent=].

  1. Return |ancestors|.

</div>

<h3 id=focusing-changes>Modifications to the focusing algorithms</h3>

The [[HTML]] standard defines how to handle focusing elements and {{Window}}s, both by user gesture
and through script-initiated APIs. Since fenced frames are designed to prevent communication across
a fenced frame boundary, we need to handle focusing carefully. This is because when focus crosses a
<{fencedframe}> boundary, contexts on both sides of the boundary can detect that change, which can
be used to open a communication channel between a <{fencedframe}> and its embedder.

We do this by not allowing the [=focusing steps=] to move script-initiated focus across a fenced
frame boundary.

<p class=example id=user-initiated-focus>When a user clicks on an element like a <{button}> inside a
<{fencedframe}> while another element *outside* of the <{fencedframe}> is [=focused=], the
[=focusing steps=] will allow the <{button}> to [=gain focus=], because this is specifically a
user-initiated action. Without allowing that, no element inside of a <{fencedframe}> would never be
able [=gain focus=].</p>

<p class=example id=script-initiated-focus>If we were to continue allowing all elements to be
[=focused=] via the {{HTMLOrSVGElement/focus()}} method as is the status quo before this
specification, a [=fenced navigable container=] and its [=fenced navigable container/fenced
navigable=] could use a sequence of {{HTMLOrSVGElement/focus()}} calls to send arbitrary data across
the fenced frame boundary, which is a privacy leak. To avoid this, we effectively "fence" the
{{HTMLOrSVGElement/focus()}} method, which sacrifices some functionality for privacy.</p>

<div algorithm=focusing-steps-patch>
  Modify the [=focusing steps=] to take a new optional [=boolean=] argument <var><dfn
  lt="focus-unfenced">unfenced</dfn></var> that defaults to false.

  Add a new step after step 3 of the algorithm (that changes new focus target) that reads:

  3. If |new focus target| is a [=fenced navigable container=] with non-null
    [=fenced navigable container/fenced navigable=], then set |new focus target| to the
    [=fenced navigable container/fenced navigable=]'s [=navigable/active document=].

  Add a new step after the step that defines the |new chain| variable, that reads:

  9. If <var>[=focus-unfenced|unfenced=]</var> is false, |new chain| [=list/contains=] a
     {{Document}} |document| whose [=node navigable=]'s [=navigable/traversable navigable=] is a
     [=fenced navigable container/fenced navigable=], and <var ignore>old chain</var> does not also
     [=list/contain=] |document|, then return.

    Note: This is how we bail-out early just before calling the [=focus update steps=], in the case
    where focus is trying to cross the fence.

  Modify the user agent sentence after the algorithm steps in [=focusing steps=] to read:

  User agents must [=immediately=] run the [=focusing steps=] for a [=focusable area=] or
  [=navigable=] |candidate| with <var>[=focus-unfenced|unfenced=]</var> set to true whenever the
  user attempts to move the focus to |candidate|.
</div>

<div algorithm=access-key-patch>
  Modify the action of the [=accesskey attribute command=] algorithm to be:

  1. Run the [=focusing steps=] for the element with <var ignore>[=focus-unfenced|unfenced=]</var>
     set to true.

  1. <a>Fire a `click` event</a> at the element.
</div>

<div algorithm=activation-patch>
  Modify the behavior when a user [=activation|activates=] a [=click focusable=] [=focusable area=]
  to be:

  When a user [=activation|activates=] a [=click focusable=] [=focusable area=], the user agent must
  run the [=focusing steps=] on the [=focusable area=] with <var ignore>focus trigger</var> set
  to "`click`" and <var ignore>[=focus-unfenced|unfenced=]</var> set to true.
</div>

<div algorithm=hide-popover-patch>
  Modify step 10 of the [=hide popover algorithm=] to read:

  10. If |previouslyFocusedElement| is not null, then:
      1. Set <var ignore>element</var>'s [=previously focused element=] to null.
      2. If <var ignore>focusPreviousElement</var> is true, then run the [=focusing steps=] for
        |previouslyFocusedElement| with <var ignore>[=focus-unfenced|unfenced=]</var> set to true; the
        viewport should not be scrolled by doing this step.

  Note: Although dismissing a popover manually is a user-initiated gesture, the
  [=focusing steps=] will be called with [=focus-unfenced|unfenced=] set to false regardless
  of whether this was called from user gesture or via a script call.
</div>

<div algorithm=interactively-validate-patch>
  Modify the first bullet point of step 3 of the [=interactively validate the constraints=]
  algorithm to read:

  * User agents may focus one of those elements in the process, by running the
    [=focusing steps=] for that element, and may change the scrolling position of the
    document, or perform some other action that brings the element to the user's attention.
    If these steps were invoked by user gesture, [=focusing steps=] can be called with
    [=focus-unfenced|unfenced=] set to true. For elements that are
    [=form-associated custom elements=], user agents should use their [=face validation anchor=]
    instead, for the purposes of these actions.
</div>

<div algorithm=has-focus-steps>
  Add a step after step 2 of the while loop in the [=has focus steps=] algorithm that reads:

  3. If the [=focused area=] of |candidate| is a [=fenced navigable container=] with a non-null
    [=fenced navigable container/fenced navigable=], then set |candidate| to the [=navigable/active
    document=] of that [=fenced navigable container=]'s [=fenced navigable container/fenced
    navigable=].
</div>

<div algorithm=focus-chain>
  Modify step 3 of the while loop in the [=focus chain=] algorithm to read:
  3. If |currentObject| is a [=focusable area=], then set |currentObject| to |currentObject|'s [=DOM
     anchor=]'s [=Node/node document=].

     Otherwise, if |currentObject| is a {{Document}} whose [=node navigable=]'s [=navigable/parent=]
     is non-null, then set |currentObject| to |currentObject|'s [=node navigable=]'s
     [=navigable/parent=].

     Otherwise, if |currentObject| is a {{Document}} whose [=node navigable=] is a [=traversable
     navigable=] whose [=traversable navigable/unfenced parent=] is non-null, then set
     |currentObject| to |currentObject|'s [=node navigable=]'s [=traversable navigable/unfenced
     parent=].

     Otherwise, [=iteration/break=].
</div>
  
<div algorithm=get-the-focusable-area>
  Modify the [=get the focusable area=] algorithm. Add a new case to the switch statement:

  <dl class="switch">
    <dt>If <var ignore>focus target</var> is a [=fenced navigable container=] with a non-null
    [=fenced navigable container/fenced navigable=]</dt>

    <dd><p>Return the [=fenced navigable container=]'s [=fenced navigable container/fenced
    navigable=]'s [=navigable/active document=].</p></dd>
  </dl>

  Note: This algorithm can unconditionally "jump the fence" boundary because its return value always
  feeds into an algorithm that *does* carefully consider the fence boundary.
</div>

<div algorithm=currently-focused-area-of-a-top-level-traversable>
  Modify step 3 of the [=currently focused area of a top-level traversable=] algorithm to read:

  3. While |candidate|'s [=focused area=] is either a [=navigable container=] with a non-null
     [=navigable container/content navigable=] or a [=fenced navigable container=] with a non-null
     [=fenced navigable container/fenced navigable=]: set |candidate| to the [=navigable/active
     document=] of either that [=navigable container=]'s [=navigable container/content navigable=]
     or that [=fenced navigable container=]'s [=fenced navigable container/fenced navigable=],
     whichever is non-null.
</div>

<div algorithm=sequential-focus-navigation-patch>
  Modify step 6 of the [=sequential focus navigation=] algorithm to read:

  6. If |candidate| is not null, then run the [=focusing steps=] for |candidate| with
     [=focus-unfenced|unfenced=] set to true and return.

  Modify step 9 of the [=sequential focus navigation=] algorithm to read:

  9. Otherwise, |starting point| is a [=focusable area=] whose [=Node/node document=]'s [=node
     navigable=] is a [=child navigable=] or [=fenced navigable container/fenced navigable=]. Set
     |starting point| to that [=node navigable=]'s [=navigable/unfenced parent=] and return to the
     step labeled <i>loop</i>.
</div>

<div algorithm=sequential-navigation-search-patch>
  Modify step 2 of the [=sequential navigation search algorithm=] to read:

  2. If |candidate| is a [=navigable container=] with a non-null
    [=navigable container/content navigable=], then let |new candidate| be the result of running the
    [=sequential navigation search algorithm=] with |candidate|'s
    [=navigable container/content navigable=] as the first argument, <var ignore>direction</var> as
    the second, and <i>sequential</i> as the third.

    If |candidate| is a [=fenced navigable container=] with a non-null
    [=fenced navigable container/fenced navigable=], then let |new candidate| be the result of
    running the [=sequential navigation search algorithm=] with |candidate|'s
    [=fenced navigable container/fenced navigable=] as the first argument,
    <var ignore>direction</var> as the second, and <i>sequential</i> as the third.

    If |new candidate| is null, then let <var ignore>starting point</var>
    be |candidate|, and return to the top of this algorithm. Otherwise, let
    |candidate| be |new candidate|.
</div>

<wpt>
  /fenced-frame/anchor-focus.https.html
  /fenced-frame/autofocus-denied.https.html
  /fenced-frame/script-focus.https.html
</wpt>

<h3 id=navigation-patch>Navigation</h3>

This section describes how the <{fencedframe}> element interacts with the ever-complicated process
of navigation, which includes integration with various headers, isolation mechanisms, and policies.

<h4 id=supports-loading-mode>The \`<a http-header><code>Supports-Loading-Mode</code></a>\` HTTP response header</h4>

<i>This section is intended to monkeypatch the [[HTML]] Standard, however since the \`<a
http-header><code>Supports-Loading-Mode</code></a>\` header has not been merged into [[HTML]] yet,
and instead lives in the [[Prerendering-Revamped]] specification, this section effectively
monkeypatches that monkeypatch specification.</i>

Add the new [=structured header/token=] below to the list of valid [=structured header/tokens=] for the \`<a
http-header><code>Supports-Loading-Mode</code></a>\` response header:

The \`<code><dfn export for="Supports-Loading-Mode">fenced-frame</dfn></code>\` token indicates that
the response can be used to create a {{Document}} inside of a [=fenced navigable container/fenced
navigable=]. Without this explicit opt-in, all navigations inside of a [=fenced navigable
container/fenced navigable=] will fail, as outlined in [[#navigation-patch]].

<div algorithm=navigation-patch>
  [[HTML]]'s [=attempt to populate the history entry's document=] algorithm is modified such that
  just before the step inside the [=queue a task|queued task=] starting with "If <var
  ignore>failure</var> is true, then:", insert a new step:

8. Otherwise, if all of the following conditions are true:

    * |navigationParams|'s [=navigation params/navigable=]'s [=navigable/traversable navigable=] is
      a [=fenced navigable container/fenced navigable=];
    * |navigationParams|'s [=navigation params/response=]'s [=response/URL=]'s [=url/scheme=] is
      "<code>https</code>"; and
    * the result of [=getting the supported loading modes=] for |navigationParams|'s [=navigation
      params/response=] does not [=list/contain=] \`<code><a
      for="Supports-Loading-Mode">fenced-frame</a></code>\`

   then set <var ignore>failure</var> to true.

</div>

<h4 id=allow-automatic-beacons>The
\`<a http-header><code>Allow-Fenced-Frame-Automatic-Beacons</code></a>\` HTTP response header</h4>

Serving a document resource that gets loaded into a {{Document}} that is not [=same origin=] with
its [=Document/browsing context=]'s [=fenced frame config instance=]'s [=fenced frame config
instance/mapped url=] with the <dfn
http-header><code>Allow-Fenced-Frame-Automatic-Beacons</code></dfn> HTTP response header opts in the
{{Document}} to having automatic beacon events trigger when it performs navigations. This header is
a [=structured header=] whose value must be a [=structured header/boolean=].

<h4 id=allow-cross-origin-reporting>The
\`<a http-header><code>Allow-Cross-Origin-Event-Reporting</code></a>\` HTTP response header</h4>

Serving a document resource that gets loaded into a <{fencedframe}> by a [=fenced frame config
instance=] with the <dfn http-header><code>Allow-Cross-Origin-Event-Reporting</code></dfn> HTTP
response header opts in the {{Document}}'s cross-origin [=child navigables=] to be able to send
{{Fence/reportEvent()}} beacons. This header is a [=structured header=] whose value must be a
[=structured header/boolean=].

<h4 id=coop-coep>COOP, COEP, and cross-origin isolation</h4>

Outside of this specification, the \`<a http-header><code>Cross-Origin-Opener-Policy</code></a>\`
header only <a
href=https://html.spec.whatwg.org/C#populating-a-session-history-entry:top-level-traversable-2>applies</a>
to [=top-level traversables=] instead of all [=navigables=], and this specification continues this
intention insofar as this header does not have an impact on [=fenced navigable container/fenced
navigables=], nor is it inherited from its embedder. Consequently, the [=browsing context group=]
hosted inside of a [=fenced navigable container/fenced navigable|fenced traversable navigable=] will
always have its [=browsing context group/cross-origin isolation mode=] set to "<a for="cross-origin
isolation mode">`none`</a>".

Nevertheless, a [=fenced navigable container/fenced navigable=] respects its [=traversable
navigable/unfenced parent=]'s [=policy container/embedder policy=], which is accomplished below:

<div algorithm=coep-adherence-patch>
  In the [=check a navigation response's adherence to its embedder policy=] algorithm, rewrite all
  occurrences of:

    * |navigable|'s [=navigable/container document=]

  with:

    * |navigable|'s [=navigable/unfenced container document=]
</div>

Note: This causes navigations inside of a <{fencedframe}> to fail if they are not served with a
suitable \`<a http-header><code>Cross-Origin-Embedder-Policy</code></a>\` header, just as
<{iframe}>s behave.

Issue: Determine if we need to fence or unfence the [=queue a cross-origin embedder policy
inheritance violation=] algorithm, as leaving it unfenced may cause a privacy leak.

<div algorithm=corp-patch>
  Next, we modify how the [=cross-origin resource policy check=] <a
  href=https://html.spec.whatwg.org/C#populating-a-session-history-entry:cross-origin-resource-policy-check>applies
  to navigation requests</a>. Rewrite step 19, substep 13 of the [=create navigation params by
  fetching=] algorithm like so:

    1. If |response| is not a [=network error=], |navigable| is a [=child navigable=] or [=fenced
       navigable container/fenced navigable=], and the result of performing a [=cross-origin
       resource policy check=] with |navigable|'s [=navigable/unfenced container document=]'s
       [=Document/origin=], |navigable|'s [=navigable/unfenced container document=]'s [=relevant
       settings object=], <var ignore>request</var>'s [=request/destination=], |response|, and
       true is **blocked**, then set |response| to a [=network error=] and [=iteration/break=].

       Note: Here we're running the [=cross-origin resource policy check=] against the
       [=navigable/unfenced parent|unfenced parent navigable=] rather than |navigable| itself. This
       is because we care about the same-originness of the embedded content against the embedder's
       context (ignoring the "fence"), not the navigation source.
</div>

Issue: Determine if we need to fence or unfence the [=queue a cross-origin embedder policy
CORP violation report=] algorithm, as leaving it unfenced may cause a privacy leak.

<wpt>
  /fenced-frame/embedder-coop-coep-blocked.https.html
  /fenced-frame/embedder-no-coep.https.html
  /fenced-frame/embedder-require-corp.https.html
</wpt>

<h4 id=navigation-changes>Actual navigation changes</h4>

<div algorithm=source-snapshot-param-config>
  Add the following new [=struct/item=]s to the [=source snapshot params=] [=struct=]:

  : <dfn for="source snapshot params">initiator fenced frame config instance</dfn>
  :: a [=fenced frame config instance=] or null, initially null.

  : <dfn for="source snapshot params">initiator ancestor root origin</dfn>
  :: an [=origin=] or null, initially null.

  : <dfn for="source snapshot params">initiator ancestor root referrer policy</dfn>
  :: an [=referrer policy=] or null, initially null.

  : <dfn for="source snapshot params">target fenced frame config</dfn>
  :: a [=fenced frame config=] or null, initially null.

  Note: The [=source snapshot params/initiator fenced frame config instance=] is the [=fenced frame
  config instance=] that's loaded into a navigation initiator's [=browsing context=], if any exists.
  The [=source snapshot params/initiator ancestor root origin=], for component ads, is the origin of
  the top-level ad container, if any exists. The [=source snapshot params/initiator ancestor root
  referrer policy=], for component ads, is the referrer policy of the top-level ad container, if any
  exists. They are used by the [=attempt to send an automatic beacon=] algorithm to compare
  [=origin=]s and determine which {{FenceReportingDestination}}s to send beacons and with what
  information, if the <{fencedframe}>-initiated navigation succeeds. The [=source snapshot
  params/target fenced frame config=] on the other hand, is the non-[=instantiate a
  config|instantiated=] [=fenced frame config=] that will be loaded into a <{fencedframe}> element
  for navigations targeting fenced frames. These fields do not interact *together* in any meaningful
  way.

  : <dfn for="source snapshot params">attribution reporting enabled</dfn>
  :: a [=boolean=].

  : <dfn for="source snapshot params">attribution reporting context origin</dfn>
  :: an [=origin=].

  : <dfn for="source snapshot params">automatic beacons allowed</dfn>
  :: an [=boolean=].

  : <dfn for="source snapshot params">automatic beacon data map</dfn>
  :: a [=map=] whose [=map/keys=] are [=fencedframetype/automatic beacon event type=]s and whose
     [=map/values=] are null or an [=fencedframetype/automatic beacon data=]

</div>

<div algorithm>
  To <dfn>get the automatic beacon data mapping to use</dfn> given a {{Document}} |sourceDocument|:
  
  1. [=Assert=] these steps are running on |sourceDocument|'s [=event loop=].

  1. Let |automatic beacon data map| be a new empty [=Document/automatic beacon data map=].
  
  1. Let |current navigable| be |sourceDocument|'s [=node navigable=].

  1. While |current navigable| is not null:

    1. [=map/iterate|For each=] |type| → |data| of |current navigable|'s [=navigable/active
       document=]'s [=Document/automatic beacon data map=]:

      1. If |automatic beacon data map|[|type|] does not [=map/exist=], set
         |automatic beacon data map|[|type|] to |data|.

      Note: This guarantees that the first ancestor that contains automatic beacon data for a
      specific type will be usable by the document initiating the navigation. This will also prevent
      an ancestor blocking a document from using data set in a higher ancestor.

    1. Set |current navigable| to |current navigable|'s [=navigable/parent=].

  1. Return |automatic beacon data map|.

  Note: The returned map is meant to hold references to the original {{Document}}'s
  [=Document/automatic beacon data map=]s that were used to build |automatic beacon data map|. These
  are later modified in [=attempt to send an automatic beacon=] to clear out any beacon data with
  [=automatic beacon data/once=] set to true.
</div>

<div algorithm=get-initiator-ancestor>
  To <dfn>get the initiator's fenced grand-ancestor's navigable</dfn> of a given {{Document}}
  |sourceDocument|:

  1. Let |navigable| be |sourceDocument|'s [=node navigable=].

  1. While |navigable| is not null and |navigable| is not a [=fenced navigable container/fenced
     navigable=]:
  
     1. Set |navigable| to |navigable|'s [=navigable/parent=].

  1. If |navigable| is null, return null.

  1. [=Assert=]: |navigable| is a [=fenced navigable container/fenced navigable=].

  1. Set |navigable| to |navigable|'s [=navigable/unfenced parent=].

  1. While |navigable| is not null and |navigable| is not a [=fenced navigable container/fenced
     navigable=]:

     1. Set |navigable| to |navigable|'s [=navigable/parent=].

  1. Return |navigable|.

  <div id="get-initiator-ancestor-root-origin-example" class="example">
    Given a {{Document}} embedded inside of a <{fencedframe}>, this algorithm gets the navigable of
    the document's nearest fenced frame ancestor's nearest fenced frame ancestor. If no such "fenced
    frame grand-ancestor" exists, the algorithm returns null. Therefore, this algorithm only returns
    a navigable when given a Document that is, at a minimum, in a fenced frame which is itself in a
    fenced frame. For example, for the given frame tree structure:

    ```
    Main frame (origin A)
      <fencedframe> (origin B)
        <iframe> (origin C)
          <fencedframe> (origin D)
            <iframe> (origin E)
              <fencedframe> (origin F)
    ```

    The algorithm will return the following given each document:

    - `Main frame (origin A)` will return `null`.
    - `<fencedframe> (origin B)` will return `null`.
    - `<iframe> (origin C)` will return `null`.
    - `<fencedframe> (origin D)` will return `<fencedframe> (origin B)`.
    - `<iframe> (origin E)` will return `<fencedframe> (origin B)`.
    - `<fencedframe> (origin F)` will return `<fencedframe> (origin D)`.
  </div>
</div>

<div algorithm=snapshot-source-snapshot-params>
  Modify the [=snapshot source snapshot params=] algorithm to return a [=source snapshot params=]
  with these additional fields:

  : [=source snapshot params/initiator fenced frame config instance=]
  :: |sourceDocument|'s [=browsing context=]'s [=browsing context/fenced frame
     config instance=]

  : [=source snapshot params/initiator ancestor root origin=]
  :: null if the result of running [=get the initiator's fenced grand-ancestor's navigable=] on
     |sourceDocument| is null. Otherwise, |sourceDocument|'s [=get the initiator's fenced
     grand-ancestor's navigable|initiator's fenced grand-ancestor's navigable=]'s
     [=navigable/active document=]'s [=Document/origin=].

  : [=source snapshot params/initiator ancestor root referrer policy=]
  :: null if the result of running [=get the initiator's fenced grand-ancestor's navigable=] on
     |sourceDocument| is null. Otherwise, |sourceDocument|'s [=get the initiator's fenced
     grand-ancestor's navigable|initiator's fenced grand-ancestor's navigable=]'s
     [=navigable/active document=]'s [=Document/policy container=]'s [=policy container/referrer
     policy=].

  : [=source snapshot params/attribution reporting enabled=]
  :: The result of determining whether |sourceDocument| is [=allowed to use=] the
     "<code>{{PermissionPolicy/attribution-reporting}}</code>" feature

  : [=source snapshot params/attribution reporting context origin=]
  :: |sourceDocument|'s [=node/context origin=]

  : [=source snapshot params/automatic beacons allowed=]
  :: |sourceDocument|'s [=Document/automatic beacons allowed=]

  : [=source snapshot params/automatic beacon data map=]
  :: The result of running [=get the automatic beacon data mapping to use=] on |sourceDocument|.

</div>

<div algorithm=navigation-must-replace-patch>
  Modify [=the navigation must be a replace=] algorithm. Add the following new condition:

    * <var ignore>document</var>'s [=relevant global object=]'s [=Window/navigable=] is a [=fenced
      navigable container/fenced navigable=];

      Note: This ensures that *all* navigations inside of a <{fencedframe}> are made with the "<a
      for="history handling behavior">`replace`</a>" mode, regardless of the initiator.

  <wpt>
    /fenced-frame/history-back-and-forward-should-not-work-in-fenced-tree.https.html
    /fenced-frame/history-length-fenced-navigations-replace-do-not-contribute-to-joint.https.html
    /fenced-frame/history-length-outer-page-navigation-not-reflected-in-fenced.https.html
  </wpt>
</div>

<div algorithm=navigate>
  Modify [[HTML]]'s [=navigate=] algorithm to include an extra parameter: an optional [=string=]
  <dfn for=navigate>sharedStorageContext</dfn> (default null).

  Modify step 13 of [[HTML]]'s [=navigate=] algorithm ("If all of the following are true:") to
  include the following condition:

    * <var ignore>sourceDocument</var>'s [=node navigable=] is not a [=fenced navigable container=]
      while at the same time |navigable| is a [=fenced navigable container/fenced navigable=].

      Note: This ensures that embedder-initiated navigations can *never* trigger a fragment
      navigation inside of a <{fencedframe}>.

  <wpt>
    /fenced-frame/fragment-navigation.https.html
  </wpt>

  Insert these steps immediately after step 22, the step that goes [=in parallel=], so that what
  follows are the first steps that run [=in parallel=] in the patched algorithm:

    1. If |url| is a [=urn uuid=] and |navigable| is a [=fenced navigable container/fenced
       navigable=]:

       Issue: The above condition is not as tight as it needs to be. For example, if a
       <{fencedframe}> generates a {{FencedFrameConfig}} using a config-generating API, and then
       correctly guesses the config's [=fencedframeconfig/urn|urn:uuid=], it can theoretically
       navigate itself to that config by passing the guessed urn into the navigate algorithm as a
       [=URL=], via something like the {{Window/location}} API. This is bad, because the purpose of
       a {{FencedFrameConfig}} is to ensure that only an embedder can navigate a <{fencedframe}> to
       the resource represented by the config, by using the config object directly. See <a
       href=https://github.com/WICG/fenced-frame/issues/194>#194</a> for thoughts on fixing this.

      1. Let |config| be the result of [=fenced frame config mapping/finding a
         config=] in <var ignore>sourceDocument</var>'s [=node navigable=]'s [=navigable/traversable
         navigable=]'s [=traversable navigable/fenced frame config mapping=].

         Note: This might "wait" for an arbitrary period of time for the |config| associated with
         the [=urn uuid=] |url| to be "finalized" in the [=traversable navigable/fenced frame config
         mapping=]. This is why this step runs [=in parallel=]. This navigation will be canceled by
         any subsequent embedder-initiated navigations, <span class=allow-2119>should</span> they
         occur, by the usual mechanism that tracks the [=navigable/ongoing navigation=].

      1. Set |config|'s [=fenced frame config/embedder shared storage context=] to
         [=navigate/sharedStorageContext=].

      1. [=Assert=]: |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=]
         is null.

      1. Set |sourceSnapshotParams|'s [=source snapshot params/target fenced frame
         config=] to |config|.

      1. [=Assert=] |config|'s [=fenced frame config/mapped url=]'s [=mapped url/value=] is a
         [=URL=] whose [=url/scheme=] is "`https`".

      1. Set |url| to |config|'s [=fenced frame config/mapped url=]'s [=mapped url/value=].

      1. Run steps in |config|'s [=fenced frame config/on navigate callback=].
  
    1. If |navigable| is a [=fenced navigable container/fenced navigable=] and <var
       ignore>sourceDocument</var>'s [=node navigable=] is in |navigable|'s [=navigable/active
       document=]'s [=Document/ancestor navigables=] with [=an-unfenced|unfenced=] set to true:

      1. Let |config| be a new [=fenced frame config=] with the following [=struct/items=]:

        : [=fenced frame config/mapped url=]
        :: a [=struct=] with the following [=struct/items=]:

           : [=mapped url/value=]
           :: |url|

           : [=mapped url/visibility=]
           :: [=visibility/transparent=]

        : [=fenced frame config/effective sandboxing flags=]
        :: a [=struct=] with the following [=struct/items=]:

           : [=effective sandboxing flags/value=]
           :: The [=fencedframetype/default fenced frame effective sandboxing flags=].

           : [=effective sandboxing flags/visibility=]
           :: [=visibility/opaque=]

        : [=fenced frame config/effective enabled permissions=]
        :: null
      
      1. [=Assert=]: |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=]
         is null.

      1. Set |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] to
         |config|.

  <wpt>
    /fenced-frame/frame-navigation.https.html
  </wpt>

  Rewrite the step starting with "Let |unloadPromptCanceled| be the result of" to:

    1. Let |unloadPromptCanceled| be false if |navigable| is a [=fenced navigable container/fenced
       navigable=], or the result of [=checking if unloading is user-canceled=] for |navigable|'s
       [=navigable/active document=]'s [=Document/inclusive descendant navigables=] otherwise.

  Add a step after step 22.8.2 (Let |finalSandboxFlags| be the [=set/union=]...) that reads:

  3. If |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] is not null,
     and if |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=]'s
     [=fenced frame config/effective sandboxing flags=] is not null, then set |finalSandboxFlags| to
     the [=set/union=] of |finalSandboxFlags| and |sourceSnapshotParams|'s [=source snapshot
     params/target fenced frame config=]'s [=fenced frame config/effective sandboxing flags=]'
     [=effective sandboxing flags/value=].

     Note: This ensures that the |finalSandboxFlags| are *at least* as restrictive as the [=fenced
     frame config/effective sandboxing flags=] defined in the [=source snapshot params/target fenced
     frame config=]. A separate check in the [=should navigation response to navigation request be
     blocked by sandboxing flags?|blocked by sandboxing flags?=] algorithm will make sure that
     |finalSandboxFlags| is not more restrictive than the [=fenced frame config/effective sandboxing
     flags=].

  <wpt>
    /fenced-frame/before-unload.https.html
  </wpt>
</div>

<br>

The below patches make use of the previously-assigned [=source snapshot params/target fenced frame
config=], [=instantiate a config|instantiating=] it in preparation for use when the navigation is
finalized.

<div algorithm=navigation-params-config-instance>
  Add a new [=struct/item=] to the [=navigation params=] [=struct=]:

  : <dfn for="navigation params">fenced frame config instance</dfn>
  :: A [=fenced frame config instance=] or null, initially null.

     Note: This is only set for embedder-initiated <{fencedframe}> navigations, and if a new
     {{Document}} is created as a result of such a navigation, this member is transferred to the new
     [=fenced navigable container/fenced navigable=]'s [=navigable/active browsing context=]'s
     [=browsing context/fenced frame config instance=] member.
</div>

<div algorithm=create-navigation-params-config-instance>
  Modify [[HTML]]'s [=create navigation params by fetching=] algorithm such that the last step that
  returns a [=navigation params=] has the following additional assignment:

  : [=navigation params/fenced frame config instance=]
  :: If |sourceSnapshotParams|'s [=source snapshot params/target fenced frame config=] is null, then
     null; otherwise, the result of [=instantiate a config|instantiating=] |sourceSnapshotParams|'s
     [=source snapshot params/target fenced frame config=].
</div>

<br>

Finally, the below patches make use of the [=navigation params=]'s [=navigation params/fenced frame
config instance=], and handle the assignment of a [=browsing context=]'s [=browsing context/fenced
frame config instance=] that is initiated by a navigation.

Note: A [=browsing context=]'s [=browsing context/fenced frame config instance=] is assigned in two
different ways: (1) during embedder-initiated <{fencedframe}> navigation, as described by the rest
of this section, and (2) inherited during initial {{Document}} creation for {{Document}}s in [=child
navigables=] whose [=navigable/traversable navigable=] is a [=fenced navigable container/fenced
navigable=], as handled in the [[#creating-browsing-contexts-patch]] section.

For any successful navigation inside of a <{fencedframe}>, regardless of whether it was initiated by
content in the <{fencedframe}> or its embedder, exactly one of two things will happen:

 * <i>Embedder-initiated navigations</i>: The [=navigation params=]'s [=navigation params/fenced
   frame config instance=] will be unconditionally assigned to the <{fencedframe}>'s [=fenced
   navigable container=]'s [=fenced navigable container/fenced navigable=]'s [=navigable/active
   browsing context=]'s [=browsing context/fenced frame config instance=].

 * <i>Inner-content-initiated navigations</i>: The [=fenced frame config instance=] referenced in
   the immediately-preceding point persists through this kind of cross-{{Document}} navigation.

<div algorithm=create-and-initialize-document-patch>
  Modify [[!HTML]]'s [=create and initialize a Document object=] algorithm to insert one step after
  step 2 that reads:

  3. If |navigationParams|'s [=navigation params/fenced frame config instance=] is not null:

    1. [=Assert=]: |browsingContext| does not equal |navigationParams|'s [=navigation
       params/navigable=]'s [=navigable/active browsing context=].

       Note: This is because embedder-initiated navigations (indicated by |navigationParams|'s
       [=navigation params/fenced frame config instance=] being non-null) always cause a
       [[#bcg-swap]].

    1. Set |navigationParams|'s [=navigation params/fenced frame config instance=]'s [=fenced frame
       config/cross-origin reporting allowed=] to the result of running [=header list/get a
       structured field value=] on |navigationParams|'s [=navigation params/response=]'s
       [=response/header list=] given [:Allow-Cross-Origin-Event-Reporting:] and "`item`".

    1. Set |browsingContext|'s [=browsing context/fenced frame config instance=] to
       |navigationParams|'s [=navigation params/fenced frame config instance=].

  Add a new step after step 9 that reads:

  10. Let |automaticBeaconsAllowed| be the result of running [=header list/get a structured field
      value=] on |navigationParams|'s [=navigation params/response=]'s [=response/header list=]
      given [:Allow-Fenced-Frame-Automatic-Beacons:] and "`item`".
  
  Further rewrite step 10 (now step 12) to return a new {{Document}} with an additional parameter:
  : [=Document/automatic beacons allowed=]
  :: |automaticBeaconsAllowed|.
</div>

<h4 id=bcg-swap>Browsing context group swap</h4>

When the embedder of a <{fencedframe}> initiates navigations inside the frame, we must perform a
[=browsing context group=] swap to entirely reset the context inside the frame, to ensure nothing is
left over to be leaked to the next {{Document}}.

<div algorithm=attempt-populate-history-bcg-swap>
  Modify [[HTML]]'s [=attempt to populate the history entry's document=] algorithm. Add a step
  before the step that reads "6. [=Queue a global task=] on the [=navigation and traversal task
  source=]", that reads:

  6. If all of the following conditions are true:

       * |navigable| is a [=fenced navigable container/fenced navigable=];

       * <var ignore>sourceSnapshotParams</var>'s [=source snapshot params/fetch client=] is **not**
         |navigable|'s [=navigable/active document=]'s [=relevant settings object=];

       * |navigationParams| is non-null

     then set |navigationParams|'s [=navigation params/COOP enforcement result=]'s [=cross-origin
     opener policy enforcement result/needs a browsing context group switch=] [=boolean=] to true.

     Issue: This indeed works, but we should consider using a separate mechanism to carry this out,
     instead of piggybacking off of the COOP mechanism which was designed without fenced frames in
     mind, and could evolve in ways that give this specification unwanted side-effects.
</div>

<h3 id=page-visibility>Page visibility</h3>

The <a href=https://html.spec.whatwg.org/#page-visibility>Page visibility</a> section of [[HTML]] is
modified such that the first step of the algorithm that runs when a user-agent changes a
[=traversable navigable=]'s [=system visibility state=] calls the [=Document/inclusive descendant
navigables=] algorithm with [=inclusive-dn-unfenced|unfenced=] set to true.

<h3 id=events>Events</h3>

<h4 id=onfencedtreeclick-header><code>[=onfencedtreeclick=]</code> event handler</h4>
The table in the <a href="https://html.spec.whatwg.org/multipage/webappapis.html#event-handlers-on-elements,-document-objects,-and-window-objects">
event handlers on elements, Document objects, and Window objects</a> section of [[HTML]] is modified to include a new row.

<table>
  <thead>
    <tr>
      <th>[=Event handler=]</th> 
      <th>[=Event handler event type=]</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td><dfn><code>onfencedtreeclick</code></dfn></td>
      <td><code>[=fencedtreeclick=]</code></td>
    </tr>
  </tbody>
</table>

The {{GlobalEventHandlers}} interface is modified as follows:

<pre class=idl>
  partial interface mixin GlobalEventHandlers {
    attribute EventHandler onfencedtreeclick;
  };
</pre>

Additionally, the list of [=event handler content attributes which may be specified on any HTML element=] 
in [[HTML]] is modified to include a new row:

* [=onfencedtreeclick=]

<h4 id=fencedtreeclick-header><code>[=fencedtreeclick=]</code> event type</h4>
The <a href="https://html.spec.whatwg.org/C#events-2">Events</a> table in the
<a href="https://html.spec.whatwg.org/multipage/indices.html">Index</a> section of [[HTML]] is
modified to include a new row.

<table>
  <thead>
    <tr>
      <th>Event</th> 
      <th>Interface</th> 
      <th>Interesting targets</th> 
      <th>Description</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td><dfn><code>fencedtreeclick</code></dfn></td> 
      <td>{{Event}}</td> 
      <td>Elements</td>
      <td>
        Fired at a <{fencedframe}> element asynchronously after its
        [=fenced navigable container/fenced navigable=]'s {{Document}} calls {{Fence/notifyEvent()}}
      </td>
    </tr>
  </tbody>
</table>

<h2 id="interaction-with-other-specs">Interactions with other specifications</h2>

Due to the necessarily cross-cutting nature of the <{fencedframe}> element and its interactions with
core concepts like [=navigable=] and [=browsing context group=], there are a number of
specifications that rely on terms whose usages must be re-evaluated in light of this specification;
this section houses the various changes that we propose to other specifications.

<h3 id=prerendering-monkeypatch>Prerendering</h3>

The <a href=https://wicg.github.io/nav-speculation/prerendering.html>Prerendering Revamped</a>
specification defines [=navigable=]'s [=navigable/loading mode=] and the values it can take on. Our
specification adds another value for fenced frames:

: "`fencedframe`"
:: This [=navigable=] is displaying a <{fencedframe}>'s content

Issue: Specify the behavior that leads to the following:

<wpt>
  /fenced-frame/prerender.https.html
</wpt>

<h3 id=csp-integration>Content Security Policy</h3>

*This introductory section is non-normative*.

Content Security Policy [[!CSP]] can ordinarily be used by web content associated with a
{{Document}} that hosts a [=navigable container=] to limit the source of navigations in a [=child
navigable=].

In order to prevent [[!CSP]] from being used a communication side-channel exposing the [=URL=] of
navigations inside a <{fencedframe}> to the site operating its embedder, the only [=source
expressions=] that can influence a <{fencedframe}> navigation are:

 * The <a grammar>scheme-source</a> "`https:`"
 * The <a grammar>host-source</a> "`https://*:*`"
 * The [=string=] "`*`"

See our <a
href=https://github.com/WICG/fenced-frame/blob/master/explainer/interaction_with_content_security_policy.md#proposal---scheme-source-matching>CSP
explainer</a> that describes this.

<h4 id=csp-algorithms>Algorithms</h4>

<div algorithm=pre-request-check-csp>
  Add a step after step 2 of the [=frame-src pre-request check=] that says:

  3. If <var ignore>request</var>'s [=request/destination=] is "`fencedframe`", and this directive's
     [=directive value|value=] does not [=set/contain=] either "`https:`", "`https://*:*`", or
     "`*`", return "`Blocked`".
</div>

<div algorithm=post-request-check-csp>
  Add a step after step 2 of the [=frame-src post-request check=] that says:

  3. If <var ignore>request</var> [=request/destination=] is "`fencedframe`", and this directive's
    [=directive value|value=] does not [=set/contain=] either "`https:`", "`https://*:*`", or "`*`",
    return "`Blocked`".
</div>

Next, we modify the behavior of the [[CSPEE]] specification. If the embedding frame specifies a
[=required CSP=], fenced frames will not load. This is done to prevent arbitrary data flow from the
embedder to the fenced frame.

<div algorithm=cspee-changes>
  Add a step after step 1 in the [=Is response to request blocked by context's required CSP?=]
  algorithm that reads:

  2. If <var ignore>context</var>'s [=required csp=] is not `null`, and <var ignore>request</var>
    [=request/destination=] is "`fencedframe`", return "`Blocked`".
</div>

<h4 id=new-csp-directive>New fenced-frame-src [[!CSP]] [=directive=]</h4>

Since <{fencedframe}> is a different element than <{iframe}>, using the <b><i>[=frame-src=]</i></b>
directive wouldn't give web sites enough control over their CSP rules. Introduce a new [[!CSP]]
[=directive=]: <b><i>fenced-frame-src</i></b>. The monkey-patched specification is printed below:

<div algorithm=fenced-frame-src>
  The <dfn>fenced-frame-src</dfn> directive restricts the URLs which may be loaded into a
  <{fencedframe}>'s [=fenced navigable container/fenced navigable=]. The syntax for the directive's
  name and value is described by the following ABNF:

  <pre>
    directive-name  = "fenced-frame-src"
    directive-value = <a grammar>serialized-source-list</a>
  </pre>

  <div id="fenced-frame-src-example" class="example">
    Given a page with the following Content Security Policy:
    <pre>
      <a http-header>Content-Security-Policy</a>: <a>fenced-frame-src</a> https://example.com/
    </pre>

    Fetches for the following code will return a [=network error=], as the URL provided does not
    match `fenced-frame-src`'s <a>source list</a>:

    <pre highlight="html">
      &lt;fencedframe src="https://example.org/"&gt;
      &lt;/fencedframe&gt;
    </pre>
  </div>

  The <a href="https://w3c.github.io/webappsec-csp/#frame-src-pre-request">Pre-request check</a> and
  <a href="https://w3c.github.io/webappsec-csp/#frame-src-post-request">Post-request check</a> will
  be the same as the
  <a href="https://w3c.github.io/webappsec-csp/#directive-frame-src">frame-src</a>'s check.
</div>

<div algorithm=default-src-amendment>
  The [=default-src=] directive's Example 7 and Example 8 will be amended. Where it says:

  <pre>
    <a http-header>Content-Security-Policy</a>: <a>connect-src</a> <a grammar>'self'</a>;
                            ...
                            <a>worker-src</a> <a grammar>'self'</a>
  </pre>

  It will now say:

  <pre>
    <a http-header>Content-Security-Policy</a>: <a>connect-src</a> <a grammar>'self'</a>;
                            ...
                            <a>fenced-frame-src</a> <a grammar>'self'</a>;
                            ...
                            <a>worker-src</a> <a grammar>'self'</a>
  </pre>
</div>

<div algorithm=directive-fallback-list>
  In the <a href="https://w3c.github.io/webappsec-csp/#directive-fallback-list">directive fallback
  list</a>, in step 1, add a new entry to the list:

  : "`fenced-frame-src`"
  ::
    1.  Return `<< "fenced-frame-src", "frame-src", "child-src", "default-src" >>`.
</div>

<div algorithm=effective-directive-switch-patch>
  Modify the switch on step 3 of the [=Get the effective directive for request=] algorithm to
  include the following case:

  : "`fencedframe`"
  ::
    1.  Return `fenced-frame-src`.
</div>

<wpt>
  /fenced-frame/ancestor-throttle.https.html
  /fenced-frame/csp-allowed.https.html
  /fenced-frame/csp-blocked.https.html
  /fenced-frame/csp-fenced-frame-src-allowed.https.html
  /fenced-frame/csp-fenced-frame-src-blocked.https.html
  /fenced-frame/csp-frame-src-allowed.https.html
  /fenced-frame/csp-frame-src-blocked.https.html
  /fenced-frame/csp-allowed-transparent.https.html
  /fenced-frame/csp-blocked-transparent.https.html
  /fenced-frame/csp.https.html
  /fenced-frame/cspee.https.html
  /fenced-frame/embedder-csp-not-propagate.https.html
</wpt>

<h3 id=permissions-policy-changes>Permissions Policies</h3>

*This introductory sub-section is non-normative.*

The [=policy-controlled features=] available to {{Document}}s inside of a <{fencedframe}> are
determined exclusively by the [=fenced frame config=] that the <{fencedframe}> navigates to.
Specifically, the [=fenced frame config=]'s [=fenced frame config/effective enabled permissions=]
defines the exclusive list of [=policy-controlled features=] that will be enabled in the
{{Document}} (all others will be disabled).

During navigation, the [=fenced frame config=] [=instantiate a config|instantiates=] a [=browsing
context/fenced frame config instance=] that is stored on the [=browsing context=] in the [=fenced
navigable container/fenced navigable=]. This browsing context's [=browsing context/fenced frame
config instance=]'s [=fenced frame config instance/effective enabled permissions=] is consulted
[=Should navigation response to navigation request be blocked by Permissions Policy?|during
navigation=]. A <{fencedframe}> navigation can only succeed if the [=Document/permissions policy=]
for the navigation's resulting {{Document}} has an [=permissions policy/inherited policy=] such that
the [=inherited policy for a feature|inherited policy value=] is "`Enabled`" for each feature in the
[=fenced frame config/effective enabled permissions=]. Otherwise the environment the <{fencedframe}>
is embedded in is deemed unsuitable for the [=fenced frame config=], and the navigation is blocked.

At the same time, to make sure that a <{fencedframe}>'s embedder does not directly influence content
in the frame based on that navigation's [=navigation params/origin=] (since the origin is derived
from cross-site data), this specification modifies various [[PERMISSIONS-POLICY]] algorithms such
that a <{fencedframe}> {{Document}}'s [=permissions policy/inherited policy=] is computed without
consideration of whether its [=navigation params/origin=] is [=same origin=] with its embedder's.
Therefore a feature can only be enabled inside of a <{fencedframe}> if its embedder *explicitly*
delegates it via [=the special value *=] [=allowlist=].

Considering all of the above, we get the following interesting implications:

 * If a [=policy-controlled feature|feature=] that [=list/exists=] in the [=fenced frame
   config/effective enabled permissions=] has a [=policy-controlled feature/default allowlist=] of
   [=the special value *=], and no \`<a http-header>`Permissions-Policy`</a>\` header is served on
   the <{fencedframe}> embedder, and the <{fencedframe/allow}> attribute is empty, the navigation
   inside the <{fencedframe}> will succeed, and the resulting {{Document}} will be [=allowed to
   use=] the [=policy-controlled feature|feature=] (i.e., it will be enabled).

 * If a [=policy-controlled feature|feature=] that [=list/exists=] in the [=fenced frame
   config/effective enabled permissions=] has a [=policy-controlled feature/default allowlist=] of
   <a for="default allowlist">`'self'`</a>, and no \`<a http-header>`Permissions-Policy`</a>\`
   header is served on the <{fencedframe}> embedder, and the <{fencedframe/allow}> attribute is
   empty, the navigation inside the <{fencedframe}> will be blocked.

   Note: This is because ordinarily this [=policy-controlled feature|feature=] would only be enabled
   if the subframe's {{Document}} was [=same origin=] with its embedder, a check this specification
   avoids for fenced frames, since the <{fencedframe}>s {{Document}}'s [=Document/origin=] is
   derived from cross-site data. Therefore, we simply "fail close".

 * If a [=policy-controlled feature|feature=] that [=list/exists=] in the [=fenced frame
   config/effective enabled permissions=] has a [=policy-controlled feature/default allowlist=] of
   <a for="default allowlist">`'self'`</a>, and the <{fencedframe}>'s <{fencedframe/allow}>
   attribute contains the [=policy-controlled feature|feature=] but no [=allowlist=], the rules
   described in <a href=allow-attribute-fenced-frame>The `allow` attribute section</a>, the default
   [=allowlist=] for the feature will be `'src'` which is meant to represent the embedder-supplied
   navigation [=URL=], for which there is none when navigating a <{fencedframe}>, as the navigation
   [=URL=] is determined by the [=fenced frame config=]. The navigation will be blocked.

 * If a [=policy-controlled feature|feature=] that [=list/exists=] in the [=fenced frame
   config/effective enabled permissions=] has a [=policy-controlled feature/default allowlist=] of
   <a for="default allowlist">`'self'`</a> but either the \`<a
   http-header>`Permissions-Policy`</a>\` header served on the <{fencedframe}>'s embedder *OR* the
   <{fencedframe/allow}> attribute sets that [=policy-controlled feature|feature=]'s [=allowlist=]
   to [=the special value *=], then the navigation inside the <{fencedframe}> will succeed, and the
   resulting {{Document}} is [=allowed to use=] the [=policy-controlled feature|feature=].

 * If a navigation inside a <{fencedframe}> would otherwise succeed, but the [=response=] on the
   navigation inside the <{fencedframe}> is served with a \`<a
   http-header>`Permissions-Policy`</a>\` header that sets the [=allowlist=] to "`none`" or an
   otherwise incompatible [=origin=] for a feature in the [=fenced frame config/effective enabled
   permissions=], the navigation still succeeds, but the {{Document}} in the <{fencedframe}> is
   **not** [=allowed to use=] the feature.

   Note: This is OK because it is the <{fencedframe}>'s content *itself* that is making the decision
   to disable a particular feature, not its embedder environment.

The patches in the below section "fence" the appropriate [[PERMISSIONS-POLICY]] and [[HTML]]
algorithms to achieve the outcomes described in the above explanatory content.

<h4 id=permissions-policy-patches>Algorithm patches</h4>

<div id=allow-attribute-fenced-frame algorithm=allow-attribute-fenced-frame>
  Rename the <a href=https://w3c.github.io/webappsec-permissions-policy/#iframe-allow-attribute>The
  `allow` attribute of the `iframe` element</a> section to "The `allow` attribute of the `iframe`
  and `fencedframe` element", and rewrite the section to read:

  <{iframe}> and <{fencedframe}> elements have an respective `allow` attributes (<{iframe}>:
  <{iframe/allow}>; <{fencedframe}>: <{fencedframe/allow}>), which contain an [=ASCII-serialized
  policy directive=].

  The allowlist for the features named in the attribute may be empty; in that case, the default
  value for the [=allowlist=] is "`src`", which represents the origin of the URL in the iframe's
  <{iframe/src}> attribute, or the fencedframe's [=fenced frame config=].

  When not empty, the <{iframe}>'s <{iframe/allow}> or <{fencedframe}>'s <{fencedframe/allow}>
  attribute will result in adding an [=allowlist=] for each [=supported feature=] to the <{iframe}>
  or <{fencedframe}>'s [=container policy=], when it is constructed.
</div>

<div algorithm>
  Create a new algorithm, called <dfn>Derive a permissions policy directly from a fenced frame
  config instance</dfn>.

  Given null or an [=element=] (|container|), this algorithm returns a new [=permissions policy=].

  1. Let |inherited policy| be a new [=ordered map=].

  1. Let |effective permissions| be an empty [=list=].
  
  1. Let |fenced frame config| be |container|'s [=Node/node document=]'s [=navigable/active browsing
     context=]'s [=browsing context/fenced frame config instance=].

  1. If |fenced frame config| is not null, and |fenced frame config|'s [=fenced frame config/
     effective enabled permissions=] are not null, set |effective permissions| to
     |fenced frame config|'s [=fenced frame config/effective enabled permissions=].

  1. [=list/For each=] |feature| [=supported features|supported=]:

    1. If |effective permissions| [=list/contains=] |feature|, then set |inherited policy|[feature]
       to "`Enabled`".
       
       Otherwise, set |inherited policy|[feature] to "`Disabled`".

  1. Let |policy| be a new [=permissions policy=], with [=permissions policy/inherited policy=]
     |inherited policy| and [=permissions policy/declared policy=] a new [=ordered map=].

  1. Return |policy|.

  Note: While this algorithm doesn't take the <{fencedframe/allow}> attribute into consideration, it
  will have already been checked by the time this is called because of [=Should navigation response
  to navigation request be blocked by Permissions Policy?=]. Any policy specified in
  <{fencedframe/allow}> that is too restrictive would have cause the fenced frame to not load, and
  any policy that is more permissive than what is specified in the [=fenced frame config/effective
  enabled permissions=] will be ignored.
</div>

<div algorithm=create-permissions-policy>
  Modify the [$Create a Permissions Policy for a navigable$] algorithm:

  Given null or an [=element=] (|container|), an [=origin=] (|origin|), and an optional [=boolean=]
  |fenced| that defaults to false, this algorithm returns a new [=permissions policy=].

  Rewrite step 1 to read:

  1. [=Assert=]: if not null, |container| is either a [=navigable container=] or a
     [=fenced navigable container=].

  Rewrite step 3 to read:

  4. [=list/For each=] |feature| [=supported features|supported=]:

     1. Let |isInherited| be the result of running [$Define an inherited policy for feature in
        container at origin$] on |feature|, |container|, |origin|, and |fenced|.

     1. Set <var ignore>inherited policy</var>[|feature|] to |isInherited|.
</div>

<div algorithm=create-permissions-policy-response>
  Modify the [$Create a Permissions Policy for a navigable from response$] algorithm to read:

  Given null, a [=navigable container=]-or-[=fenced navigable container=] (|container|), an
  [=origin=] (|origin|), and a [=response=] (<var ignore>response</var>), this algorithm returns a
  new [=permissions policy=].

  Rewrite step 1 to read:

  1. If |container| is a [=fenced navigable container=], then let |policy| be the result of running
     [=derive a permissions policy directly from a fenced frame config instance=] given |container|.

     Otherwise, Let |policy| be the result of running [$Create a Permissions Policy for a
     navigable$] given |container| and |origin|.
</div>

<div algorithm=process-permissions-policy-attribute-patch>
  Modify step 1 of the [$Process permissions policy attributes$] algorithm to read:

  1. If <var ignore>element</var> is not an <{iframe}> element or a <{fencedframe}> element, then
     return an empty [=policy directive=].
</div>

<div algorithm=attempt-populate-history-patches>
  Modify [[HTML]]'s [=attempt to populate the history entry's document=] algorithm. Add the
  following conditions to step 6.4 (Otherwise, if any of the following are true:) that say:
  
  * The result of [=should navigation response to navigation request be blocked by Permissions
    Policy?=] given <var ignore>navigationParams</var> is "`Blocked`";

  * The result of [=should navigation response to navigation request be blocked by sandboxing
    flags?=] given <var ignore>navigationParams</var> and <var ignore>sourceSnapshotParams</var> is
    "`Blocked`";

  Note: If any of these algorithms returns "`Blocked`", the pre-existing {{Document}} in the
  <{fencedframe}> does not stick around; an error page will be loaded.
</div>

<div algorithm>
  <dfn>Should navigation response to navigation request be blocked by Permissions Policy?</dfn>

  Given a [=navigation params=] (|navigationParams|), this algorithm returns "`Blocked`" or
  "`Allowed`":

  1. Let |navigable| be |navigationParams|'s [=navigation params/navigable=].

  1. If |navigable| is not a [=fenced navigable container/fenced navigable=], then return
     "`Allowed`".

  1. Let |origin| be |navigationParams|'s [=navigation params/origin=].

  1. Let |effective permissions| be the |navigable|'s [=navigable/active browsing context=]'s
     [=browsing context/fenced frame config instance=]'s [=fenced frame config instance/effective
     enabled permissions=].

     Issue: Per work omitted in [pull request
     #84](https://github.com/WICG/fenced-frame/pull/84#discussion_r1186531028), the config instance
     has not yet been assigned to the browsing context. We should consider storing the instance
     inside |navigationParams| and reference it from here instead.

  1. Let |permissions policy| be the result of [$Create a Permissions Policy for a navigable|
     creating a permissions policy$] given |navigable|'s [=fenced navigable container=], |origin|,
     and <var ignore>fenced</var> set to true.

     Note: This is almost identical to the [=permissions policy=] that will be [=derive a
     permissions policy directly from a fenced frame config instance|created=] when the navigation
     constructs the ultimate {{Document}} for this pending navigation. The difference is that this
     algorithm, just like when it is called on iframes, will include all of the permissions
     specified in the <{fencedframe/allow}> attribute, even if that permission isn't specified in
     the [=fenced frame config=]'s [=fenced frame config/effective enabled permissions=]. We create
     it now and run tests on it since this is the appropriate time to determine if a navigation will
     fail, and then throw it away. If the navigation succeeds, it will be recreated and
     unconditionally installed on the {{Document}}. However, the recreation will not include any
     additional enabled permissions that are not included in the [=fenced frame config/effective
     enabled permissions=], effectively locking the enabled permissions to only what is specified in
     [=fenced frame config/effective enabled permissions=].

  1. Let |inherited policy| be |permissions policy|'s [=permissions policy/inherited policy=].

  1. [=list/For each=] |effective permission| of |effective permissions|:

    1. If |inherited policy|[|effective permission|] is "Disabled", return "`Blocked`".

  1. Return "`Allowed`."
</div>

<div algorithm>
  <dfn>Should navigation response to navigation request be blocked by sandboxing flags?</dfn>

  Given a [=navigation params=] (|navigationParams|) and a [=source snapshot params=]
  (|sourceSnapshotParams|), this algorithm returns "`Blocked`" or "`Allowed`":

  1. Let |navigable| be |navigationParams|'s [=navigation params/navigable=].

  1. If |navigable| is not a [=fenced navigable container/fenced navigable=], then return
     "`Allowed`".

  1. Let |effectiveSandboxingFlags| be the |sourceSnapshotParams|'s [=source snapshot params/target
     fenced frame config=]'s [=fenced frame config/effective sandboxing flags=].

  1. If |navigationParams|'s [=navigation params/final sandboxing flag set=] is not a [=set/subset=]
     of |effectiveSandboxingFlags|, then return "`Blocked`".

     Note: This means that the [=navigation params/final sandboxing flag set=] cannot restrict a
     feature that isn't already restricted in the [=fenced frame config instance/effective
     sandboxing flags=], as the extra restrictions can be used as a communication channel. By this
     point, the [=navigation params/final sandboxing flag set=] will already have been set to
     something *at least* as restrictive as the [=fenced frame config instance/effective sandboxing
     flags=].

  1. Otherwise, return "`Allowed`".
</div>

<div algorithm=define-inherited-policy-in-container-patches>
  Modify the [$Define an inherited policy for feature in container at origin$] algorithm to
  read:

  Given a feature (|feature|), null or a [=navigable container=] (|container|), an [=origin=] for a
  document in that container (|origin|), and an optional [=boolean=] |fenced| that defaults to
  false, this algorithm returns the [=permissions policy/inherited policy=] for that feature.
  
  Rewrite step 3 to read:

  3. If the result of executing [$Is feature enabled in document for origin?$] on |feature|,
     |container|'s [=Node/node document=], |origin|, and |fenced| is "Disabled", return
     "Disabled".

  Note: We don't have to rewrite step 2, which also delegates to the same algorithm, to pass in the
  |fenced| [=boolean=] because step 2 has to do with checking to see if |feature| is enabled
  |container|'s [=Node/node document=], not the {{Document}} hosted *inside* |container|.

  Rewrite step 7 to read:

  7. If |fenced| is false, |feature|'s [=policy-controlled feature/default allowlist=] is
     `'self'`, and |origin| is [=same origin=] with |container|'s [=Node/node document=]'s
     origin, return `"Enabled"`.
</div>

<div algorithm=is-feature-enabled-patches>
  Modify the [$Is feature enabled in document for origin?$] algorithm to read:

  Given a feature (|feature|), a {{Document}} object (|document|), an [=url/origin=] (|origin|), and
  an optional [=boolean=] |fenced| that defaults to false, this algorithm returns "`Disabled`" if
  |feature| should be considered disabled, and "`Enabled`" otherwise.

  Rewrite step 3 to read:

  3. If |feature| is present in |policy|'s [=permissions policy/declared policy=],

    1. If |fenced| is false, and the [=allowlist=] for |feature| in |policy|'s [=permissions policy/
       declared policy=] [=permissions/matches=] |origin|, then return "`Enabled`".

    1. Otherwise, if |fenced| is true, and the [=allowlist=] for |feature| in |policy|'s
       [=permissions policy/declared policy=] is [=the special value *=], then return "`Enabled`".

    1. Otherwise, return "`Disabled`".

  Rewrite step 5 to read:

  5. If |fenced| is false, |feature|'s [=policy-controlled feature/default allowlist=] is `'self'`,
     and |origin| is [=same origin=] with |document|'s origin, return "Enabled".
</div>

<div algorithm=declared-origin-patch>
Modify the [=declared origin=] algorithm. Add a new step after step 3 that reads:

4. If |node|'s [=Node/node document=]'s [=Document/browsing context=]'s [=browsing context/fenced
   frame config instance=] is not null, then return |node|'s [=Node/node document=]'s
   [=Document/browsing context=]'s [=browsing context/fenced frame config instance=]'s [=fenced
   frame config instance/mapped url=].

Note: This ensures that the `'src'` [=allowlist=] that can be set in the <{fencedframe/allow}>
attribute works when using a [=fenced frame config=] to navigate a <{fencedframe}> (or a urn that
maps to a [=fenced frame config=] to navigate an <{iframe}>).
</div>

<wpt>
  /fenced-frame/allow-attribute-src.https.html
  /fenced-frame/default-enabled-features-allow-all.https.html
  /fenced-frame/default-enabled-features-allow-none.https.html
  /fenced-frame/default-enabled-features-allow-self.https.html
  /fenced-frame/default-enabled-features-attribute-allow.https.html
  /fenced-frame/default-enabled-features-attribute-change.https.html
  /fenced-frame/default-enabled-features-attribute-disallow.https.html
  /fenced-frame/default-enabled-features-attribution-disabled.https.html
  /fenced-frame/default-enabled-features-subframe.https.html
  /fenced-frame/default-enabled-features-unset.https.html
  /fenced-frame/permission-api-denied-non-standard.https.html
  /fenced-frame/permission-api-denied.https.html
  /fenced-frame/permission-geolocation.https.html
  /fenced-frame/permission-notification.https.html
</wpt>

<h3 id=cssom-monkeypatch>CSSOM View</h3>

The [[!CSSOM-VIEW]] specification defines the {{Element/scrollIntoView()}} method that calls the
[=scroll a target into view=] algorithm. This will not only scroll the {{Element}} or
[=css2/viewport=] to make the target visible, but will also scroll [=tree/ancestor=]s if necessary
to make the target visible, essentially causing the scroll to "bubble up". This means that
{{Element/scrollIntoView()}} performed in a [=child navigable=] or [=fenced navigable container/
fenced navigable=] can be observed by its embedder, allowing for collusion across a fenced frame
boundary. This section patches the [=scroll a target into view=] algorithm to prevent that collusion
at the expense of some utility.

<div algorithm=scroll-target-into-view>
  Modify the [=scroll a target into view=] algorithm to add a step at the end of the algorithm that
  reads:

  14. If <var ignore>scrolling box</var>'s associated {{Element}}'s associated {{Document}}'s [=node
     navigable=]'s [=navigable/traversable navigable=] is a [=fenced navigable container/fenced
     navigable=], or if <var ignore>scrolling box</var>'s associated [=css2/viewport=]'s associated
     {{Document}}'s [=node navigable=]'s [=navigable/traversable navigable=] is a [=fenced navigable
     container/fenced navigable=], then let this be the last instance of this algorithm that stops
     any further recursive instances that would otherwise follow.

  Note: This allows scrolling to "bubble up" to a fenced frame boundary, but not cross it.

  <wpt>
    /fenced-frame/scroll-into-view.https.html
  </wpt>
</div>

<h3 id=webrtc-monkeypatch>WebRTC</h3>

The [[WEBRTC]] specification defines "ECMAScript APIs in WebIDL to allow media and generic
application data to be sent to and received from another browser or device implementing the
appropriate set of real-time protocols." The interface which facilitates connections to peers is
{{RTCPeerConnection}}. Construction of this interface, and therefore connection to peers via
WebRTC, is disallowed in fenced frames.

<div algorithm=webrtc-constructor>
  Modify the {{RTCPeerConnection}} {{RTCPeerConnection/constructor}} algorithm to add new first and
  second steps that read:

  1. Let |navigable| be [=this=]'s [=relevant global object=]'s [=Window/navigable=].

  1. If |navigable| is not null and |navigable|'s [=traversable navigable=] is a [=fenced navigable
     container/fenced navigable=], [=exception/throw=] a {{NotAllowedError}} {{DOMException}}.
</div>

<h2 id=security-and-privacy>Security & Privacy Considerations</h2>

This material is being upstreamed from our explainer into this specification, and in the meantime
you can consult the following resources:

 * [Security considerations](https://github.com/WICG/fenced-frame/tree/master/explainer#security-considerations)
 * [Privacy considerations](https://github.com/WICG/fenced-frame/tree/master/explainer#privacy-considerations)
 * [TAG Security/Privacy Questionnaire](https://github.com/WICG/fenced-frame/blob/master/explainer/TAG_Security_Privacy_Questionnaire.md)