W3C home > Mailing lists > Public > public-html-commits@w3.org > January 2011

html5/spec Overview.html,1.4616,1.4617

From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
Date: Mon, 10 Jan 2011 22:34:12 +0000
To: public-html-commits@w3.org
Message-Id: <E1PcQJY-0000Zf-Sk@lionel-hutz.w3.org>
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv2171

Modified Files:
	Overview.html 
Log Message:
Ensure that sandbox='allow-same-origin allow-top-navigation' doesn't allow sandboxed pages to run scripts 'by proxy' (through the top-level browsing context) (whatwg r5756)

Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4616
retrieving revision 1.4617
diff -u -d -r1.4616 -r1.4617
--- Overview.html	10 Jan 2011 22:08:27 -0000	1.4616
+++ Overview.html	10 Jan 2011 22:34:08 -0000	1.4617
@@ -47949,6 +47949,16 @@
     <p>Use the appropriate step from the following list:</p>
 
     <dl><dt>If a <a href="#browsing-context">browsing context</a> is being <a href="#navigate" title="navigate">navigated</a> to a <code>javascript:</code>
+     URL, and the <a href="#source-browsing-context">source browsing context</a> for that
+     navigation, if any, has <a href="#concept-bc-noscript" title="concept-bc-noscript">scripting disabled</a></dt>
+
+     <dd>
+
+      <p>Let <var title="">result</var> be void.</p>
+
+     </dd>
+
+     <dt>If a <a href="#browsing-context">browsing context</a> is being <a href="#navigate" title="navigate">navigated</a> to a <code>javascript:</code>
      URL, and the <a href="#active-document">active document</a> of that browsing
      context has the <a href="#same-origin">same origin</a> as the script given by
      that URL</dt>
Received on Monday, 10 January 2011 22:34:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 10 January 2011 22:34:16 GMT