Skip to content

Editorial: clarify meaning of iframe allow attribute #11917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Editorial: clarify meaning of iframe allow attribute #11917

wants to merge 1 commit into from

Conversation

@vardhan30016
Copy link

@vardhan30016 vardhan30016 commented Nov 15, 2025
edited by pr-preview bot
Loading

This editorial change clarifies the description of the allow attribute on
<iframe> elements. The previous wording stated that the attribute “determines”
the container policy, but this was ambiguous for readers unfamiliar with
Permissions Policy terminology.

The updated text more clearly explains that the attribute defines the
container policy applied to the iframe and determines the permissions policy
that will be enforced when the nested Document is initialized.

No normative behavior is changed. This is purely a clarity improvement to assist
spec readers in understanding the relationship between the container policy,
the iframe, and the resulting permissions policy.

Reviewed and adjusted to avoid any behavioral changes.

/iframe-embed-object.html ( diff )

@annevk
Copy link
Member

annevk commented Nov 18, 2025

This is wrong though. The policy container contains much more than just the Permissions Policy and the allow attribute doesn't define it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vardhan30016 @annevk