@@ -40,8 +40,9 @@ urlPrefix: https://html.spec.whatwg.org/multipage/; spec: HTML
4040 text: task queue
4141 text: spin the event loop; url: spin-the-event-loop
4242 urlPrefix: interaction.html
43+ text: DOM anchor; url: dom-anchor
4344 text: gains focus; url: gains-focus
44- text: currently focused area; url: currently-focused-area-of-a-top-level-browsing-context
45+ text: currently focused area; url: currently-focused-area-of-a-top-level-traversable
4546urlPrefix: https://w3ctag.github.io/security-questionnaire/; spec: SECURITY-PRIVACY-QUESTIONNAIRE
4647 type: dfn
4748 text: same-origin policy violations; url: sop-violations
@@ -405,12 +406,11 @@ the given [=sensor type=]. See [[PERMISSIONS-POLICY]] for more details.
405406
406407<h4 id="focused-area" oldids="losing-focus">Focused Area</h4>
407408
408- [=Sensor readings=] are only available for [=active documents=] whose
409- origin is [=same origin-domain=] with the [=currently focused area=]
410- document.
409+ [=Sensor readings=] are only available for an [=navigable/active document=] if
410+ the [=focus and origin check=] on it returns true.
411411
412412This is done in order to mitigate the risk of a skimming attack against the
413- [=browsing context =] containing an element which has [=gains focus|gained focus=] ,
413+ [=/navigable =] containing an element which has [=gains focus|gained focus=] ,
414414for example when the user carries out an in-game purchase using a third party
415415payment service from within an iframe.
416416
@@ -749,12 +749,11 @@ The [=reporting frequency=] differs from the {{Sensor}}'s {{Sensor/[[frequency]]
749749
750750## Conditions to expose sensor readings ## {#concepts-can-expose-sensor-readings}
751751
752- The user agent <dfn>can expose sensor readings</dfn> to a given |document| if and only if
753- all of the following are true:
752+ The user agent <dfn>can expose sensor readings</dfn> to a {{Document}}
753+ |document| if and only if all of the following are true:
754754 - |document|'s [=relevant settings object=] is a [=secure context=] .
755755 - |document|'s [=visibility state=] is "visible".
756- - The [=currently focused area=] belongs to a document whose origin is [=same
757- origin-domain=] with |document|'s origin.
756+ - The [=focus and origin check=] on |document| returns true.
758757 - <dfn export>Specific conditions</dfn> : [=Extension specifications=] may add new
759758 conditions to this list to have stricter requirements for their sensor types.
760759
@@ -814,7 +813,7 @@ the [=activated sensor objects=] [=ordered set|set=] between different
814813are [=same origin-domain=] .
815814
816815Any time a new [=sensor reading=] for a [=platform sensor=] is obtained and if the user agent
817- [=can expose sensor readings=] to the current [=browsing context =] 's [=active document=] ,
816+ [=can expose sensor readings=] to the current [=/navigable =] 's [=navigable/ active document=] ,
818817the user agent invokes [=update latest reading=] with the [=platform sensor=] and
819818the [=sensor reading=] as arguments.
820819
@@ -1565,6 +1564,23 @@ to {{SensorErrorEventInit}}.
15651564 1. Return "granted".
15661565</div>
15671566
1567+ <h3 dfn export>Focus and origin check</h3>
1568+
1569+ <div algorithm="focus and origin check">
1570+
1571+ : input
1572+ :: |document|, a {{Document}} .
1573+ : output
1574+ :: A boolean.
1575+
1576+ 1. Let |origin| be |document|'s [=relevant settings object=]' s [=environment settings object/origin=] .
1577+ 1. Let |focusedDocument| be |document|'s [=node navigable=]' s [=navigable/top-level traversable=] 's
1578+ [=currently focused area=] 's [=DOM anchor=]' s [=node document=] .
1579+ 1. Let |focusedOrigin| be |focusedDocument|'s [=relevant settings object=]' s [=environment settings
1580+ object/origin=] .
1581+ 1. Return true if |origin| and |focusedOrigin| are [=same origin-domain=] , and false otherwise.
1582+ </div>
1583+
15681584<h2 id="automation">Automation</h2>
15691585
15701586The Generic Sensor API and its [=extension specifications=] pose a challenge
0 commit comments