cleanup some suggestions we had noted (whatwg r3279)

cleanup some suggestions we had noted (whatwg r3279)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.2425&r2=1.2426&f=h
http://html5.org/tools/web-apps-tracker?from=3278&to=3279

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.2425
retrieving revision 1.2426
diff -u -d -r1.2425 -r1.2426
--- Overview.html 16 Jun 2009 01:59:34 -0000 1.2425
+++ Overview.html 16 Jun 2009 18:55:39 -0000 1.2426
@@ -15483,6 +15483,13 @@
   tokens re-enable forms and scripts respectively (though scripts are
   still prevented from creating popups).<div class="impl">
 
+  <!-- v2: Add a new attribute that enables new restrictions, e.g.:
+       - disallow cross-origin loads of any kind (networking
+         override that only allows same-origin URLs or about:,
+         javascript:, data:)
+       - block access to 'parent.frames' from sandbox
+  -->
+
   <p>While the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code>
   attribute is specified, the <code><a href="#the-iframe-element">iframe</a></code> element's
   <a href="#nested-browsing-context">nested browsing context</a>, and all the browsing contexts
@@ -15490,9 +15497,7 @@
   (either directly or indirectly through other nested browsing
   contexts) must have the following flags set:</p>
 
-  <dl><!-- XXX disallow cross-origin loads of any kind (networking
-        override that only allows same-origin URLs or about:,
-        javascript:, data:) --><!-- XXX block access to 'contentWindow.frames' from iframe owner --><!-- XXX block access to 'parent.frames' from sandbox --><dt>The <dfn id="sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</dfn></dt>
+  <dl><dt>The <dfn id="sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</dfn></dt>
 
    <dd>

Received on Tuesday, 16 June 2009 18:56:28 UTC