W3C home > Mailing lists > Public > public-html-commits@w3.org > January 2010

html5/spec Overview.html,1.3685,1.3686

From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
Date: Sun, 24 Jan 2010 10:47:14 +0000
To: public-html-commits@w3.org
Message-Id: <E1NYzzu-0001LQ-GP@lionel-hutz.w3.org>
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv5152

Modified Files:
	Overview.html 
Log Message:
Mention that this example should use text/html-sandboxed. (whatwg r4625)

Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3685
retrieving revision 1.3686
diff -u -d -r1.3685 -r1.3686
--- Overview.html	24 Jan 2010 10:29:44 -0000	1.3685
+++ Overview.html	24 Jan 2010 10:47:10 -0000	1.3686
@@ -17118,6 +17118,13 @@
    visible in the <code title="dom-document-cookie"><a href="#dom-document-cookie">document.cookie</a></code> IDL
    attribute.</p>
 
+   <p class="warning">It is important that the server serve the
+   user-provided HTML using the <code><a href="#text-html-sandboxed">text/html-sandboxed</a></code> MIME
+   type so that if the attacker convinces the user to visit that page
+   directly, the page doesn't run in the context of the site's origin,
+   which would make the user vulnerable to any attack found in the
+   page.</p>
+
   </div><div class="example">
 
    <p>In this example, a gadget from another site is embedded. The
Received on Sunday, 24 January 2010 10:47:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 24 January 2010 10:47:16 GMT