W3C home > Mailing lists > Public > public-html-commits@w3.org > June 2009

html5/spec Overview.html,1.2425,1.2426

From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
Date: Tue, 16 Jun 2009 18:55:42 +0000
To: public-html-commits@w3.org
Message-Id: <E1MGdot-0006pN-1q@lionel-hutz.w3.org>
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv26231

Modified Files:
	Overview.html 
Log Message:
cleanup some suggestions we had noted (whatwg r3279)

Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.2425
retrieving revision 1.2426
diff -u -d -r1.2425 -r1.2426
--- Overview.html	16 Jun 2009 01:59:34 -0000	1.2425
+++ Overview.html	16 Jun 2009 18:55:39 -0000	1.2426
@@ -15483,6 +15483,13 @@
   tokens re-enable forms and scripts respectively (though scripts are
   still prevented from creating popups).<div class="impl">
 
+  <!-- v2: Add a new attribute that enables new restrictions, e.g.:
+       - disallow cross-origin loads of any kind (networking
+         override that only allows same-origin URLs or about:,
+         javascript:, data:)
+       - block access to 'parent.frames' from sandbox
+  -->
+
   <p>While the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code>
   attribute is specified, the <code><a href="#the-iframe-element">iframe</a></code> element's
   <a href="#nested-browsing-context">nested browsing context</a>, and all the browsing contexts
@@ -15490,9 +15497,7 @@
   (either directly or indirectly through other nested browsing
   contexts) must have the following flags set:</p>
 
-  <dl><!-- XXX disallow cross-origin loads of any kind (networking
-        override that only allows same-origin URLs or about:,
-        javascript:, data:) --><!-- XXX block access to 'contentWindow.frames' from iframe owner --><!-- XXX block access to 'parent.frames' from sandbox --><dt>The <dfn id="sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</dfn></dt>
+  <dl><dt>The <dfn id="sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</dfn></dt>
 
    <dd>
 
Received on Tuesday, 16 June 2009 18:55:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 16 June 2009 18:55:49 GMT