@@ -617,13 +617,11 @@ <h2>
617617 act as follows:
618618 </ p >
619619 < ol data-link-for ="PaymentDetailsBase " class ="algorithm ">
620- < li data-tests =
621- "allowpaymentrequest/active-document-cross-origin.https.sub.html, allowpaymentrequest/active-document-same-origin.https.html, allowpaymentrequest/removing-allowpaymentrequest.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest-timing.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest.https.sub.html ">
622- If the < a > current settings object</ a > 's < a data-cite =
620+ < li > If the < a > current settings object</ a > 's < a data-cite =
623621 "HTML#responsible-document "> responsible document</ a > is not
624- < a > allowed to use</ a > the feature indicated by attribute name
625- < a > allowpaymentrequest </ a > , then < a > throw </ a > a
626- " < a > SecurityError </ a > " < a > DOMException</ a > .
622+ < a > allowed to use</ a > the " < a data-lt =" payment-feature " > payment </ a > "
623+ feature, then < a > throw </ a > a " < a > SecurityError </ a > "
624+ < a > DOMException</ a > .
627625 </ li >
628626 < li > Let < var > serializedMethodData</ var > be an empty list.
629627 </ li >
@@ -3475,12 +3473,49 @@ <h2>
34753473 < h2 >
34763474 < code > PaymentRequest</ code > and < code > iframe</ code > elements
34773475 </ h2 >
3478- < p data-tests =
3479- "allowpaymentrequest/active-document-cross-origin.https.sub.html, allowpaymentrequest/active-document-same-origin.https.html, allowpaymentrequest/allowpaymentrequest-attribute-cross-origin-bc-containers.https.html, allowpaymentrequest/allowpaymentrequest-attribute-same-origin-bc-containers.https.html, allowpaymentrequest/basic.https.html, allowpaymentrequest/no-attribute-cross-origin-bc-containers.https.html, allowpaymentrequest/no-attribute-same-origin-bc-containers.https.html, allowpaymentrequest/removing-allowpaymentrequest.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest-timing.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest.https.sub.html ">
3476+ < p >
34803477 To indicate that a cross-origin < a > iframe</ a > is allowed to invoke the
34813478 payment request API, the < a > allowpaymentrequest</ a > attribute can be
3482- specified on the < a > iframe</ a > element.
3479+ specified on the < a > iframe</ a > element. See < a href =
3480+ "#feature-policy "> </ a > for details of how < a > allowpaymentrequest</ a >
3481+ and < a data-cite ="feature-policy "> Feature Policy</ a > interact.
3482+ </ p >
3483+ </ section >
3484+ < section id ="feature-policy ">
3485+ < h2 >
3486+ Feature Policy integration
3487+ </ h2 >
3488+ < p >
3489+ This specification defines a policy-controlled feature identified by
3490+ the string "< code > < dfn data-lt ="payment-feature " data-nodefault =
3491+ ""> payment</ dfn > </ code > ". Its < a href =
3492+ "feature-policy#default-allowlist "> default allowlist</ a > is
3493+ '< code > self</ code > '.
34833494 </ p >
3495+ < div class ="note ">
3496+ < p >
3497+ A < a data-cite ="html#concept-document "> document</ a > ’s < a data-cite =
3498+ "html/multipage/dom.html#concept-document-feature-policy "> feature
3499+ policy</ a > determines whether any content in that document is allowed
3500+ to construct < a > PaymentRequest</ a > instances. If disabled in any
3501+ document, no content in the document will be < a > allowed to use</ a >
3502+ the < a > PaymentRequest</ a > constructor (trying to create an instance
3503+ will throw).
3504+ </ p >
3505+ < p >
3506+ The < a > allowpaymentrequest</ a > attribute of the HTML < a > iframe</ a >
3507+ element affects the < a data-cite =
3508+ "feature-policy#container-policy "> container policy</ a > for any
3509+ document nested in that iframe. Unless overridden by the
3510+ < code > < a data-cite =
3511+ "html/multipage/iframe-embed-object.html#attr-iframe-allow "> allow</ a > </ code >
3512+ attribute, setting < a > allowpaymentrequest</ a > on an iframe is
3513+ equivalent to < code > <iframe allow="fullscreen *"></ code > , as
3514+ described in < a href =
3515+ "feature-policy#iframe-allowpaymentrequest-attribute "> Feature Policy
3516+ §iframe-allowpaymentrequest-attribute</ a > .
3517+ </ p >
3518+ </ div >
34843519 </ section >
34853520 < section >
34863521 < h2 >
0 commit comments