whatwg · aamuley · Jan 9, 2025 · Jan 9, 2025 · Feb 11, 2025
diff --git a/source b/source
@@ -33759,6 +33759,7 @@ interface <dfn interface>HTMLIFrameElement</dfn> : <span>HTMLElement</span> {
    data-x="attr-iframe-sandbox-allow-top-navigation-by-user-activation">allow-top-navigation-by-user-activation</code></li>
    <li><code
    data-x="attr-iframe-sandbox-allow-top-navigation-to-custom-protocols">allow-top-navigation-to-custom-protocols</code></li>
+   <li><code data-x="attr-iframe-sandbox-allow-same-site-none-cookies">allow-same-site-none-cookies</code></li>
   </ul>
 
   <p>When the attribute is set, the content is treated as being from a unique <span
@@ -33790,7 +33791,37 @@ interface <dfn interface>HTMLIFrameElement</dfn> : <span>HTMLElement</span> {
   the presentation API, scripts, and the creation of unsandboxed <span
   data-x="auxiliary browsing context">auxiliary browsing contexts</span> respectively. The <code
   data-x="attr-iframe-sandbox-allow-downloads">allow-downloads</code> keyword allows content to
-  perform downloads. <ref>POINTERLOCK</ref> <ref>SCREENORIENTATION</ref> <ref>PRESENTATION</ref></p>
+  perform downloads. The <code
+  data-x="attr-iframe-sandbox-allow-same-site-none-cookies">allow-same-site-none-cookies</code> keyword allows the<span
+  href="https://privacycg.github.io/storage-access/#determine-whether-the-user-agent-explicitly-allows-unpartitioned-cookie-access">
+  user-agent to explicitly <var>allow</var> unpartitioned cookie access </span> for (<span>site</span> of the <span
+    data-x="nav-document">active document</span>'s <span data-x="concept-document-url">URL</span>, <span>site</span> of
+  the <span data-x="navigation-request">navigation request</span>'s <span data-x="concept-document-url">URL</span>) if and
+  only if the result of computing whether the active document <span data-x="has-same-site-ancestor-chain">has a same site
+  ancestor chain</span> is true.
+  <ref>POINTERLOCK</ref>
+  <ref>SCREENORIENTATION</ref>
+  <ref>PRESENTATION</ref>
+  <ref>COOKIES</ref>
+  <ref>STORAGEACCESSAPI</ref>
+  </p>
+  <p>An <span data-x="nav-document">active document</span> <var>input_document</var> <dfn
+    data-x="has-same-site-ancestor-chain" data-x-href="https://dom.spec.whatwg.org/#has-same-site-ancestor-chain">has a
+    same site ancestor chain</dfn> if the following algorithm returns true:
+  </p>
+  <ol>
+    <li>Let <var>navigable</var> be <var>input_document</var>.</li>
+    <ol>
+      <li>While <var>navigable</var>'s <span data-x="nav-parent">parent</span> is not null, set <var>navigable</var> to be
+          <var>navigable</var>'s parent.
+      </li>
+      <li>If <var>input_document</var> is not <span data-x="concept-site-same-site">same site</span> with <var>navigable</var>
+          return false.
+      </li>
+    </ol>
+    <li>Return true.</li>
+  </ol>
+
 
   <p>The <code
   data-x="attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</code> and <code
@@ -33806,6 +33837,11 @@ interface <dfn interface>HTMLIFrameElement</dfn> : <span>HTMLElement</span> {
   data-x="attr-iframe-sandbox-allow-popups">allow-popups</code> are specified, as doing so is
   redundant.</p>
 
+  <p>The <code data-x="attr-iframe-sandbox-allow-same-site-none-cookies">allow-same-site-none-cookies</code> and <code
+      data-x="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code> keywords must not both be specified, as
+    doing so is redundant; only <code data-x="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code> will have an
+    effect in such non-conformant markup.</p>
+
   <p class="note">To allow <code data-x="dom-alert">alert()</code>, <code
   data-x="dom-confirm">confirm()</code>, and <code data-x="dom-prompt">prompt()</code> inside
   sandboxed content, both the <code data-x="attr-iframe-sandbox-allow-modals">allow-modals</code>
@@ -89109,7 +89145,17 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
     from being <span data-x="hand-off to external software">handed off to external
     software</span>.</p>
    </dd>
-  </dl>
+<dt>The <dfn export>sandboxed same site none cookies flag</dfn></dt>
+<dd>
+  <p>This flag restricts content from using SameSite=None cookies in contexts where the result of <span
+      href="https://privacycg.github.io/storage-access/#determine-whether-the-user-agent-explicitly-allows-unpartitioned-cookie-access">
+      determining whether the user agent explicitly allows unpartitioned cookie access</span> for (<span>site</span> of
+    the<span>active document</span>'s <span data-x="concept-document-url">URL</span>, <span>site</span> of the <span
+      data-x="navigation-request">navigation request</span>'s <span data-x="concept-document-url">URL) is
+      <var>disallow</var>.<ref>COOKIES</ref> <ref>STORAGEACCESSAPI</ref>
+  </p>
+</dd>
+</dl>
 
   <div w-nodev>
 
@@ -89227,6 +89273,11 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
      keyword.</p></li>
     </ul>
    </li>
+   <li><p>The <span>sandboxed same site none cookies flag</span>, unless <var>tokens</var>
+    contains either the <dfn attr-value for="iframe/sandbox"><code
+    data-x="attr-iframe-sandbox-allow-same-site-none cookies">allow-same-site-none-cookies</code></dfn>
+    keyword or the <dfn attr-value for="iframe/sandbox"><code
+      data-x="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code></dfn> keyword.</p></li>
   </ol>
 
   <hr>
@@ -145323,6 +145374,9 @@ INSERT INTERFACES HERE
    <dt id="refsSTORAGE">[STORAGE]</dt>
    <dd><cite><a href="https://storage.spec.whatwg.org/">Storage</a></cite>, A. van Kesteren. WHATWG.</dd>
 
+   <dt id="refsSTORAGEACCESSAPI">[STORAGEACCESSAPI]</dt>
+   <dd><cite><a href="https://privacycg.github.io/storage-access/">Storage Access API</a></cite>, B. VanderSloot, J. Hofmann, A. van Kesteren, J. Wilander, T. O'Connor. W3C.</dd>
+
    <dt id="refsSVG">[SVG]</dt>
    <dd><cite><a href="https://svgwg.org/svg2-draft/">Scalable Vector Graphics (SVG) 2</a></cite>, N Andronikos, R. Atanassov, T. Bah, B. Birtles, B. Brinza, C. Concolato, E. Dahlström, C. Lilley, C. McCormack, D. Schepers, R. Schwerdtfeger, D. Storey, S. Takagi, J. Watt. W3C.</dd>