Remove references to whitelist in ads (ampproject#28764)

* Remove references to whitelist in ads

* comments

3p/README.md

@@ -58,8 +58,8 @@ Review the [ads/README](../ads/README.md) for further details on ad integration.
 - AMP allows inclusion of fonts via the `@font-face` directive.
 - JavaScript can not be involved with the initiation of font loading.
 - Font loading gets controlled (but not initiated) by [`<amp-font>`](https://github.com/ampproject/amphtml/issues/648).
-- AMP by default does not allow inclusion of external stylesheets, but it is happy to whitelist URL prefixes of font providers for font inclusion via link tags. These link tags and their fonts must be served via HTTPS.
-- If a font provider does referrer based "security" it needs to whitelist the AMP proxy origins before being included in the link tag whitelist. AMP proxy sends the appropriate referrer header such as `https://cdn.ampproject.org`.
+- AMP by default does not allow inclusion of external stylesheets, but it is happy to allow URL prefixes of font providers for font inclusion via link tags. These link tags and their fonts must be served via HTTPS.
+- If a font provider does referrer based "security" it needs to allow the AMP proxy origins before being included in the link tag allowlist. AMP proxy sends the appropriate referrer header such as `https://cdn.ampproject.org`.
 
 # Adding proper integration tests
 

3p/ampcontext.js

@@ -180,7 +180,7 @@ export class AbstractAmpContext {
   /**
    *  Requests HTML snippet from the parent window.
    *  @param {string} selector CSS selector
-   *  @param {!Array<string>} attributes whitelisted attributes to be kept
+   *  @param {!Array<string>} attributes permissible attributes to be kept
    *    in the returned HTML string
    *  @param {function(*)} callback to be invoked with the HTML string
    */

3p/embedly.js

@@ -37,7 +37,7 @@ const RESIZE_EVENT_NAME = 'card.resize';
 const CARD_CSS_CLASS = 'embedly-card';
 
 /**
- * Whitelisted card options.
+ * Allowed card options.
  *
  * - Key is in camel case as received in "data".
  * - The value is in the format expected by embedly.
@@ -81,7 +81,7 @@ export function embedly(global, data) {
   card.href = data.url;
   card.classList.add(CARD_CSS_CLASS);
 
-  // Add whitelisted data attributes and values to card
+  // Add permissible data attributes and values to card
   // when these are provided by component.
   for (const key in CardOptions) {
     if (hasOwn(CardOptions, key) && typeof data[key] !== 'undefined') {

3p/integration.js

@@ -771,13 +771,13 @@ export function validateAllowedTypes(window, type, allowedTypes) {
   }
   userAssert(
     allowedTypes && allowedTypes.indexOf(type) != -1,
-    'Non-whitelisted 3p type for custom iframe: %s',
+    '3p type for custom iframe not allowed: %s',
     type
   );
 }
 
 /**
- * Check that parent host name was whitelisted.
+ * Check that parent host name was allowed.
  * @param {!Window} window
  * @param {!Array<string>} allowedHostnames Suffixes of allowed host names.
  * @visibleForTesting
@@ -799,11 +799,11 @@ export function validateAllowedEmbeddingOrigins(window, allowedHostnames) {
       .hostname;
   }
   for (let i = 0; i < allowedHostnames.length; i++) {
-    // Either the hostname is exactly as whitelisted…
+    // Either the hostname is allowed
     if (allowedHostnames[i] == hostname) {
       return;
     }
-    // Or it ends in .$hostname (aka is a sub domain of the whitelisted domain.
+    // Or it ends in .$hostname (aka is a sub domain of an allowed domain.
     if (endsWith(hostname, '.' + allowedHostnames[i])) {
       return;
     }

ads/_a4a-config.js

@@ -44,7 +44,7 @@ export function getA4ARegistry() {
       'fake': () => true,
       // TODO: Add new ad network implementation "is enabled" functions here.
       // Note: if you add a function here that requires a new "import", above,
-      // you'll probably also need to add a whitelist exception to
+      // you'll probably also need to add an exception to
       // build-system/test-configs/dep-check-config.js in the
       // "filesMatching: 'ads/**/*.js'" rule.
     });

ads/alp/handler.js

@@ -245,7 +245,7 @@ export function getA2AAncestor(win) {
   }
   const top = origins[origins.length - 1];
   // Not a security property. We just check whether the
-  // viewer might support A2A. More domains can be added to whitelist
+  // viewer might support A2A. More domains can be added to allowlist
   // as needed.
   if (top.indexOf('.google.') == -1) {
     return null;

ads/google/utils.js

@@ -26,7 +26,7 @@ import {user} from '../../src/log';
  * Approved height for AdSense full-width responsive ads.
  * @const {number}
  */
-export const ADSENSE_RSPV_WHITELISTED_HEIGHT = 320;
+export const ADSENSE_RSPV_ALLOWED_HEIGHT = 320;
 
 /**
  * The attribute value for AdSense data-auto-format tag.

ads/inabox/inabox-messaging-host.js

@@ -143,7 +143,7 @@ export class InaboxMessagingHost {
       ? allowedTypes.split(/\s*,\s*/)
       : READ_ONLY_MESSAGES;
     if (allowedTypesList.indexOf(request['type']) === -1) {
-      dev().info(TAG, 'Ignored non-whitelisted message type:', message);
+      dev().info(TAG, 'Impermissible message type ignored:', message);
       return false;
     }
 
@@ -201,10 +201,10 @@ export class InaboxMessagingHost {
     source./*OK*/ postMessage(
       serializeMessage(MessageType.POSITION, request.sentinel, data),
       // We don't need to restrict what origin we send the data to because (a)
-      // we've already verified that this iframe is whitelisted and allowed to
-      // learn its position, and (b) we're post messaging back directly to the
-      // requesting frame.  If we did restrict the origin this would not work
-      // with implementations that use a null origin to render ads.
+      // we've already verified that this iframe is allowed to learn its position,
+      // and (b) we're post messaging back directly to the requesting frame.
+      // If we did restrict the origin this would not work with implementations
+      // that use a null origin to render ads.
       '*'
     );
   }

examples/ads.amp.esm.html

@@ -2042,7 +2042,7 @@ <h2>SOVRN</h2>
       data-iid="informerIDgoeshere"
       data-aid="affiliateIDgoeshere"
       data-testFlag="true"
-      data-z="393900"><!-- this ID is only whitelisted for localhost:8000 -->
+      data-z="393900"><!-- this ID is only allowed on localhost:8000 -->
   </amp-ad>
 
   <h2>Speakol</h2>

examples/ads.amp.html

@@ -2094,7 +2094,7 @@ <h2>SOVRN</h2>
       data-iid="informerIDgoeshere"
       data-aid="affiliateIDgoeshere"
       data-testFlag="true"
-      data-z="393900"><!-- this ID is only whitelisted for localhost:8000 -->
+      data-z="393900"><!-- this ID is only allowed on localhost:8000 -->
   </amp-ad>
 
   <h2>Speakol</h2>

extensions/amp-a4a/0.1/a4a-variable-source.js

@@ -23,7 +23,7 @@ import {
 } from '../../../src/service/variable-source';
 import {user, userAssert} from '../../../src/log';
 
-const WHITELISTED_VARIABLES = [
+const ALLOWLISTED_VARIABLES = [
   'AMPDOC_HOST',
   'AMPDOC_HOSTNAME',
   'AMPDOC_URL',
@@ -86,10 +86,10 @@ export class A4AVariableSource extends VariableSource {
 
   /** @override */
   initialize() {
-    // Initiate whitelisted varaibles first in case the resolver function needs
+    // Initiate allowed varaibles first in case the resolver function needs
     // to be overwritten.
-    for (let v = 0; v < WHITELISTED_VARIABLES.length; v++) {
-      const varName = WHITELISTED_VARIABLES[v];
+    for (let v = 0; v < ALLOWLISTED_VARIABLES.length; v++) {
+      const varName = ALLOWLISTED_VARIABLES[v];
       const resolvers = this.globalVariableSource_.get(varName);
       this.set(varName, resolvers.sync).setAsync(varName, resolvers.async);
     }

extensions/amp-a4a/0.1/real-time-config-manager.js

@@ -134,13 +134,13 @@ export class RealTimeConfigManager {
     if (!ERROR_REPORTING_ENABLED) {
       return;
     }
-    const whitelist = {ERROR_TYPE: true, HREF: true};
+    const allowlist = {ERROR_TYPE: true, HREF: true};
     const macros = {
       ERROR_TYPE: errorType,
       HREF: this.win_.location.href,
     };
     const service = Services.urlReplacementsForDoc(this.a4aElement_.element);
-    const url = service.expandUrlSync(errorReportingUrl, macros, whitelist);
+    const url = service.expandUrlSync(errorReportingUrl, macros, allowlist);
     new this.win_.Image().src = url;
   }
 
@@ -407,16 +407,16 @@ export class RealTimeConfigManager {
       );
     };
 
-    const whitelist = {};
-    Object.keys(macros).forEach((key) => (whitelist[key] = true));
+    const allowlist = {};
+    Object.keys(macros).forEach((key) => (allowlist[key] = true));
     const urlReplacementStartTime = Date.now();
     this.promiseArray_.push(
       Services.timerFor(this.win_)
         .timeoutPromise(
           timeoutMillis,
           Services.urlReplacementsForDoc(
             this.a4aElement_.element
-          ).expandUrlAsync(url, macros, whitelist)
+          ).expandUrlAsync(url, macros, allowlist)
         )
         .then((url) => {
           checkStillCurrent();

extensions/amp-a4a/0.1/test/test-real-time-config-manager.js

@@ -977,15 +977,15 @@ describes.realWin('real-time-config-manager', {amp: true}, (env) => {
 
       errorType = RTC_ERROR_ENUM.TIMEOUT;
       errorReportingUrl = 'https://www.example.test?e=ERROR_TYPE&h=HREF';
-      const whitelist = {ERROR_TYPE: true, HREF: true};
+      const allowlist = {ERROR_TYPE: true, HREF: true};
       const macros = {
         ERROR_TYPE: errorType,
         HREF: env.win.location.href,
       };
 
       requestUrl = Services.urlReplacementsForDoc(
         a4aElement.element
-      ).expandUrlSync(errorReportingUrl, macros, whitelist);
+      ).expandUrlSync(errorReportingUrl, macros, allowlist);
     });
 
     it('should send error message pingback to correct url', () => {

extensions/amp-a4a/amp-a4a-format.md

@@ -297,7 +297,7 @@ is demonstrated desire for it.
 
 The following are _allowed_ tags in an AMPHTML ads creative. Tags not explicitly
 allowed are prohibited. This list is a subset of the general [AMP tag
-addendum whitelist](../../spec/amp-tag-addendum.md). Like that list, it is
+addendum allowlist](../../spec/amp-tag-addendum.md). Like that list, it is
 ordered consistent with HTML5 spec in section 4 [The Elements of HTML](http://www.w3.org/TR/html5/single-page.html#html-elements).
 
 Most of the omissions are either for performance or because the tags are not

extensions/amp-a4a/rtc-documentation.md

@@ -100,7 +100,7 @@ While all three parameters of rtc-config are optional, either "vendors" or "urls
 
 ### Vendor URL Specification
 
-To spare publishers the details of having to construct URLs for external vendors, vendors may register a URL with macros in a central file called [callout-vendors.js ](https://github.com/ampproject/amphtml/blob/master/extensions/amp-a4a/0.1/callout-vendors.js), which maps unique vendor names to an object which includes a URL and a whitelist of macros that can be substituted into `url`. Vendors may include these macros in their URLs, which publishers can then specify the value for. Additionally, vendors may specify an `errorReportingUrl`. This errorReportingUrl will be sent 1% sampled-per-page errors from callouts to their RTC endpoint. For instance:
+To spare publishers the details of having to construct URLs for external vendors, vendors may register a URL with macros in a central file called [callout-vendors.js ](https://github.com/ampproject/amphtml/blob/master/extensions/amp-a4a/0.1/callout-vendors.js), which maps unique vendor names to an object which includes a URL and a list of allowed macros that can be substituted into `url`. Vendors may include these macros in their URLs, which publishers can then specify the value for. Additionally, vendors may specify an `errorReportingUrl`. This errorReportingUrl will be sent 1% sampled-per-page errors from callouts to their RTC endpoint. For instance:
 
 ```text
 /** amp-a4a/0.1/callout-vendors.js */
@@ -226,15 +226,15 @@ The error ping will be sent by creating an image pixel in the document. See `sen
 
 The AMP-Consent extension provides publishers the ability to collect and store a user's consent through a UI control, while also providing the ability to block other AMP components based on the user's consent. See [here for documentation](https://github.com/ampproject/amphtml/blob/master/extensions/amp-consent/amp-consent.md).
 
-Real Time Config supports integration with AMP-Consent. If the AMP-consent response is neither `SUFFICIENT` nor `UNKNOWN_NOT_REQUIRED`, then by default all RTC callouts are suppressed. However, you may optionally modify this setting, to whitelist specific RTC callouts that should be sent regardless of the consent state. A publisher can modify this across all RTC requests for a given ad slot or on a per-RTC-callout basis. A publisher also may either whitelist for all consent states, or only specific consent states, using the RTC Config attribute `sendRegardlessOfConsentState`.
+Real Time Config supports integration with AMP-Consent. If the AMP-consent response is neither `SUFFICIENT` nor `UNKNOWN_NOT_REQUIRED`, then by default all RTC callouts are suppressed. However, you may optionally modify this setting, to allow specific RTC callouts that should be sent regardless of the consent state. A publisher can modify this across all RTC requests for a given ad slot or on a per-RTC-callout basis. A publisher also may either permit all consent states, or only specific consent states, using the RTC Config attribute `sendRegardlessOfConsentState`.
 
 The value of `sendRegardlessOfConsentState` should either be the boolean `true` or an array of consent policy state strings as defined in src/consent-state.js (i.e. use the string keys, like`"UNKNOWN"` not its corresponding numeric value). In a case where the RTC callout would normally be supressed (for example if the AMP-consent response is `UNKNOWN`), it will instead be sent if `sendRegardlessOfConsentState` is set to boolean `true` or an array of values that contains a match for the AMP-consent state response (e.g. `['UNKNOWN']`). If set to an array, then only the values in that array (in addition to the defualt values of `SUFFICIENT` and `UNKNOWN_NOT_REQUIRED`) are treated as valid.
 
 The setting of `sendRegardlessOfConsentState` can either be done once for the entire ad slot by setting it as a top-level attribute on the RTC Config, or be done individually by setting it on any individual callouts as needed. If it is set at both the top-level and per-callout level, then if there is a mismatch, the per-callout level "wins". This is detailed below in the examples.
 
 Here are various examples of how to do this for any given ad slot:
 
-#### Whitelist all RTC callouts for all consent states
+#### Allow all RTC callouts for all consent states
 
 ```html
 <amp-ad
@@ -259,7 +259,7 @@ Here are various examples of how to do this for any given ad slot:
 
 By setting `sendRegardlessOfConsentState` at top-level to `true`, this indicates that for any consent state, all of the callouts in this RTC configuration should still be sent.
 
-#### Whitelist all RTC callouts for only certain consent states
+#### Allow all RTC callouts for only certain consent states
 
 ```html
 <amp-ad
@@ -284,7 +284,7 @@ By setting `sendRegardlessOfConsentState` at top-level to `true`, this indicates
 
 By setting `sendRegardlessOfConsentState` to an array, this indicates that only when the page consent state matches any of the consent states in the array (in this case only `UNKNOWN` in addition to the default states `SUFFICIENT` and `UNKNOWN_NOT_REQUIRED`) should all of the RTC callouts still be sent. For instance, if the page state is `INSUFFICIENT`, then none of the callout specified above will be sent. If the page state is `UNKNOWN`, then all of the callouts will be sent.
 
-#### Whitelist some RTC callouts in the "url" array
+#### Allow some RTC callouts in the "url" array
 
 ```html
 <amp-ad
@@ -332,7 +332,7 @@ Is is also possible to set `sendRegardlessOfConsentState` here to an array as we
 </amp-ad>
 ```
 
-#### Whitelist some RTC callouts in the "vendors" object
+#### Allow some RTC callouts in the "vendors" object
 
 ```html
 <amp-ad

extensions/amp-ad-custom/amp-ad-custom.md

@@ -51,7 +51,7 @@ To make sure the template is valid AMPHTML, ad network must make an HTTP request
 
 To update a template, an ad network just needs to update the page on their domain, then make another cache warm-up request.
 
-Note: at this stage, domains need to be whitelisted manually in AMP Cache to experiment with the feature.
+Note: at this stage, domains need to be opted in manually in AMP Cache to experiment with the feature.
 
 ## Ad server
 

extensions/amp-ad-exit/0.1/amp-ad-exit.js

@@ -189,7 +189,7 @@ export class AmpAdExit extends AMP.BaseElement {
       'CLICK_Y': () => event.clientY,
     };
     const replacements = Services.urlReplacementsForDoc(this.element);
-    const whitelist = {
+    const allowlist = {
       'RANDOM': true,
       'CLICK_X': true,
       'CLICK_Y': true,
@@ -266,11 +266,11 @@ export class AmpAdExit extends AMP.BaseElement {
             ? args[customVarName]
             : customVar.defaultValue;
         };
-        whitelist[customVarName] = true;
+        allowlist[customVarName] = true;
       }
     }
     return (url) =>
-      replacements.expandUrlSync(url, substitutionFunctions, whitelist);
+      replacements.expandUrlSync(url, substitutionFunctions, allowlist);
   }
 
   /**

extensions/amp-ad-network-adsense-impl/0.1/responsive-state.js

@@ -16,8 +16,8 @@
 
 import {
   ADSENSE_MCRSPV_TAG,
+  ADSENSE_RSPV_ALLOWED_HEIGHT,
   ADSENSE_RSPV_TAG,
-  ADSENSE_RSPV_WHITELISTED_HEIGHT,
   getMatchedContentResponsiveHeightAndUpdatePubParams,
 } from '../../../ads/google/utils';
 import {Services} from '../../../src/services';
@@ -174,7 +174,7 @@ export class ResponsiveState {
    * @private
    */
   static upgradeToResponsive_(element) {
-    element.setAttribute('height', ADSENSE_RSPV_WHITELISTED_HEIGHT);
+    element.setAttribute('height', ADSENSE_RSPV_ALLOWED_HEIGHT);
     element.setAttribute('width', '100vw');
     element.setAttribute('data-full-width', '');
     element.setAttribute('data-auto-format', 'rspv');
@@ -203,7 +203,7 @@ export class ResponsiveState {
             );
           },
           mutate: (state) => {
-            element.setAttribute('height', ADSENSE_RSPV_WHITELISTED_HEIGHT);
+            element.setAttribute('height', ADSENSE_RSPV_ALLOWED_HEIGHT);
             element.setAttribute('width', state./*OK*/ clientWidth);
             element.removeAttribute('data-full-width');
             element.removeAttribute('data-auto-format');
@@ -323,11 +323,11 @@ export class ResponsiveState {
     const height = this.element_.getAttribute('height');
     const width = this.element_.getAttribute('width');
     // height is set to 0 by amp-auto-ads to avoid reflow.
-    if (height != 0 && height != ADSENSE_RSPV_WHITELISTED_HEIGHT) {
+    if (height != 0 && height != ADSENSE_RSPV_ALLOWED_HEIGHT) {
       user().warn(
         TAG,
         `Specified height ${height} in <amp-ad> tag is not equal to the ` +
-          `required height of ${ADSENSE_RSPV_WHITELISTED_HEIGHT} for ` +
+          `required height of ${ADSENSE_RSPV_ALLOWED_HEIGHT} for ` +
           'responsive AdSense ad units.'
       );
       return false;