- From: poot <cvsmail@w3.org>
- Date: Tue, 12 Jan 2010 20:46:14 +0900 (JST)
- To: public-html-diffs@w3.org
hixie: Provide a safe way to host hostile content for use with an
<iframe sandbox> on the same site. (whatwg r4581)
http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.3656&r2=1.3657&f=h
http://html5.org/tools/web-apps-tracker?from=4580&to=4581
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3656
retrieving revision 1.3657
diff -u -d -r1.3656 -r1.3657
--- Overview.html 12 Jan 2010 08:16:58 -0000 1.3656
+++ Overview.html 12 Jan 2010 11:45:50 -0000 1.3657
@@ -281,7 +281,7 @@
</dl><p>This specification is available in the following formats:
<a href="Overview.html">single page HTML</a>,
<a href="spec.html">multipage HTML</a>.
- This is revision $Revision $.
+ This is revision $Revision$.
</p>
<p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
© 2009 <a href="http://www.w3.org/"><abbr title="World Wide
@@ -1208,11 +1208,12 @@
<li><a href="#iana"><span class="secno">11 </span>IANA considerations</a>
<ol>
<li><a href="#text-html"><span class="secno">11.1 </span><code>text/html</code></a></li>
- <li><a href="#application-xhtml-xml"><span class="secno">11.2 </span><code>application/xhtml+xml</code></a></li>
- <li><a href="#text-cache-manifest"><span class="secno">11.3 </span><code>text/cache-manifest</code></a></li>
- <li><a href="#text-ping"><span class="secno">11.4 </span><code>text/ping</code></a></li>
- <li><a href="#ping-from"><span class="secno">11.5 </span><code>Ping-From</code></a></li>
- <li><a href="#ping-to"><span class="secno">11.6 </span><code>Ping-To</code></a></ol></li>
+ <li><a href="#text-sandboxed-html"><span class="secno">11.2 </span><code>text/sandboxed-html</code></a></li>
+ <li><a href="#application-xhtml-xml"><span class="secno">11.3 </span><code>application/xhtml+xml</code></a></li>
+ <li><a href="#text-cache-manifest"><span class="secno">11.4 </span><code>text/cache-manifest</code></a></li>
+ <li><a href="#text-ping"><span class="secno">11.5 </span><code>text/ping</code></a></li>
+ <li><a href="#ping-from"><span class="secno">11.6 </span><code>Ping-From</code></a></li>
+ <li><a href="#ping-to"><span class="secno">11.7 </span><code>Ping-To</code></a></ol></li>
<li><a class="no-num" href="#index">Index</a>
<ol>
<li><a class="no-num" href="#elements-1">Elements</a></li>
@@ -1352,10 +1353,10 @@
resources that use this abstract language, two of which are defined
in this specification.<p>The first such concrete syntax is the HTML syntax. This is the
format suggested for most authors. It is compatible with most legacy
- Web browsers. If a document is transmitted with the <a href="#mime-type">MIME
- type</a> <code><a href="#text-html">text/html</a></code>, then it will be processed as an
- HTML document by Web browsers. This specification defines version 5
- of the HTML syntax, known as "HTML5".<p>The second concrete syntax is the XHTML syntax, which is an
+ Web browsers. If a document is transmitted with an <a href="#html-mime-type">HTML MIME
+ type</a>, such as <code><a href="#text-html">text/html</a></code>, then it will be
+ processed as an HTML document by Web browsers. This specification
+ defines version 5 of the HTML syntax, known as "HTML5".<p>The second concrete syntax is the XHTML syntax, which is an
application of XML. When a document is transmitted with an <a href="#xml-mime-type">XML
MIME type</a>, such as <code><a href="#application-xhtml-xml">application/xhtml+xml</a></code>, then
it is treated as an XML document by Web browsers, to be parsed by an
@@ -1629,7 +1630,8 @@
matches the <code title="">media-type</code> rule defined in section
3.7 "Media Types" of RFC 2616, but does not contain any U+003B
SEMICOLON characters (;). In other words, if it consists only of a
- type and subtype, with no MIME Type parameters. <a href="#refsHTTP">[HTTP]</a><h4 id="xml"><span class="secno">2.1.2 </span>XML</h4><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p id="html-namespace">To ease migration from HTML to XHTML, UAs
+ type and subtype, with no MIME Type parameters. <a href="#refsHTTP">[HTTP]</a><p>The term <dfn id="html-mime-type">HTML MIME type</dfn> is used to refer to the <a href="#mime-type" title="MIME type">MIME types</a> <code><a href="#text-html">text/html</a></code> and
+ <code><a href="#text-sandboxed-html">text/sandboxed-html</a></code>.<h4 id="xml"><span class="secno">2.1.2 </span>XML</h4><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p id="html-namespace">To ease migration from HTML to XHTML, UAs
conforming to this specification will place elements in HTML in the
<code>http://www.w3.org/1999/xhtml</code> namespace, at least for
the purposes of the DOM and CSS. The term "<dfn id="html-elements">HTML
@@ -1771,8 +1773,9 @@
element that forms part of the transform.</p>
<p>Web browsers that support <a href="#syntax">the HTML syntax</a> must
- process documents labeled as <code><a href="#text-html">text/html</a></code> as described
- in this specification, so that users can interact with them.</p>
+ process documents labeled with an <a href="#html-mime-type">HTML MIME type</a> as
+ described in this specification, so that users can interact with
+ them.</p>
<p>User agents that support scripting must also be conforming
implementations of the IDL fragments in this specification, as
@@ -5739,11 +5742,11 @@
</div>
</div><h3 id="namespaces"><span class="secno">2.8 </span>Namespaces</h3><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p>The <dfn id="html-namespace-0">HTML namespace</dfn> is: <code>http://www.w3.org/1999/xhtml</code><p>The <dfn id="mathml-namespace">MathML namespace</dfn> is: <code>http://www.w3.org/1998/Math/MathML</code><p>The <dfn id="svg-namespace">SVG namespace</dfn> is: <code>http://www.w3.org/2000/svg</code><p>The <dfn id="xlink-namespace">XLink namespace</dfn> is: <code>http://www.w3.org/1999/xlink</code><p>The <dfn id="xml-namespace">XML namespace</dfn> is: <code>http://www.w3.org/XML/1998/namespace</code><p>The <dfn id="xmlns-namespace">XMLNS namespace</dfn> is: <code>http://www.w3.org/2000/xmlns/</code><hr><p>Data mining tools and other user agents that perform operations
- on <code><a href="#text-html">text/html</a></code> content without running scripts,
- evaluating CSS or XPath expressions, or otherwise exposing the
- resulting DOM to arbitrary content, may "support namespaces" by just
- asserting that their DOM node analogues are in certain namespaces,
- without actually exposing the above strings.<h2 id="dom"><span class="secno">3 </span>Semantics, structure, and APIs of HTML documents</h2><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><h3 id="documents"><span class="secno">3.1 </span>Documents</h3><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p>Every XML and HTML document in an HTML UA is represented by a
+ on content without running scripts, evaluating CSS or XPath
+ expressions, or otherwise exposing the resulting DOM to arbitrary
+ content, may "support namespaces" by just asserting that their DOM
+ node analogues are in certain namespaces, without actually exposing
+ the above strings.<h2 id="dom"><span class="secno">3 </span>Semantics, structure, and APIs of HTML documents</h2><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><h3 id="documents"><span class="secno">3.1 </span>Documents</h3><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p>Every XML and HTML document in an HTML UA is represented by a
<code>Document</code> object. <a href="#refsDOMCORE">[DOMCORE]</a><p><dfn id="the-document-s-address">The document's address</dfn> is an <a href="#absolute-url">absolute URL</a>
that is set when the <code>Document</code> is created. <dfn id="the-document-s-current-address">The
document's current address</dfn> is an <a href="#absolute-url">absolute URL</a>
@@ -16975,11 +16978,6 @@
<p>This flag <a href="#sandboxScriptBlocked">blocks script
execution</a>.</p>
- <p class="warning">This flag only takes effect when the
- <a href="#nested-browsing-context">nested browsing context</a> of the <code><a href="#the-iframe-element">iframe</a></code> is
- <a href="#navigate" title="navigate">navigated</a>. Removing it has no effect
- on an already-loaded page.</p>
-
</dd>
</dl><p>These flags must not be set unless the conditions listed above
@@ -17022,7 +17020,19 @@
<pre><iframe sandbox="allow-same-origin allow-forms allow-scripts"
src="http://maps.example.com/embedded.html"></iframe></pre>
- </div><hr><!-- v2: Might be interesting to have a value on seamless that
+ </div><p class="note">Potentially hostile files can be served from the
+ same server as the file containing the <code><a href="#the-iframe-element">iframe</a></code> element
+ by labeling them as <code><a href="#text-sandboxed-html">text/sandboxed-html</a></code> instead of
+ <code><a href="#text-html">text/html</a></code>. This ensures that scripts in the files are
+ unable to attack the site (as if they were actually served from
+ another server), even if the user is tricked into visiting those
+ pages directly, without the protection of the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute.<p class="warning">If the <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code>
+ keyword is set along with <code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code>
+ keyword, and the file is from the <a href="#same-origin">same origin</a> as the
+ <code><a href="#the-iframe-element">iframe</a></code>'s <code>Document</code>, then a script in the
+ "sandboxed" iframe could just reach out, remove the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute, and then
+ reload itself, effectively breaking out of the sandbox
+ altogether.<hr><!-- v2: Might be interesting to have a value on seamless that
allowed event propagation of some sort, maybe based on the WICD
work: http://www.w3.org/TR/WICD/ --><p>The <dfn id="attr-iframe-seamless" title="attr-iframe-seamless"><code>seamless</code></dfn>
attribute is a <a href="#boolean-attribute">boolean attribute</a>. When specified, it
@@ -38663,6 +38673,9 @@
browsing context flag</a> was set when the
<code>Document</code> was created</dt>
+ <dt>If a <code>Document</code> was generated from a resource
+ labeled as <code><a href="#text-sandboxed-html">text/sandboxed-html</a></code></dt>
+
<dd>The <a href="#origin">origin</a> is a globally unique identifier
assigned when the <code>Document</code> is created.</dd>
@@ -43951,7 +43964,8 @@
of the following types, jump to the appropriate entry in the
following list, and process the resource as described there:</p>
- <dl class="switch"><dt>"<code><a href="#text-html">text/html</a></code>"</dt>
+ <dl class="switch"><!-- an <span>HTML MIME type</span> --><dt>"<code><a href="#text-html">text/html</a></code>"</dt>
+ <dt>"<code><a href="#text-sandboxed-html">text/sandboxed-html</a></code>"</dt>
<dd>Follow the steps given in the <a href="#read-html" title="navigate-html">HTML document</a> section, and abort
these steps.</dd>
@@ -44385,9 +44399,10 @@
fragment identifiers for <a href="#xml-mime-type" title="XML MIME type">XML MIME
types</a> is the responsibility of RFC3023).</p>
- <p>For HTML documents (and the <code><a href="#text-html">text/html</a></code> <a href="#mime-type">MIME type</a>),
- the following processing model must be followed to determine what
- <a href="#the-indicated-part-of-the-document">the indicated part of the document</a> is.</p>
+ <p>For HTML documents (and <a href="#html-mime-type" title="HTML MIME type">HTML MIME
+ types</a>), the following processing model must be followed to
+ determine what <a href="#the-indicated-part-of-the-document">the indicated part of the document</a>
+ is.</p>
<ol><li><p><a href="#parse-a-url" title="parse a url">Parse</a> the <a href="#url">URL</a>,
and let <var title="">fragid</var> be the <a href="#url-fragment" title="url-fragment"><fragment></a> component of the
@@ -49173,9 +49188,9 @@
v2 (well, really v0):
"forecolor", "hilitecolor", "fontname", "fontsize", "justifyleft",
"justifycenter", "justifyright", "justifyfull", "indent", "outdent"
---><h2 id="syntax"><span class="secno">7 </span><dfn>The HTML syntax</dfn></h2><p class="note">This section only describes the rules for
- <code><a href="#text-html">text/html</a></code> resources. Rules for XML resources are
- discussed in the section below entitled "<a href="#the-xhtml-syntax">The XHTML
+--><h2 id="syntax"><span class="secno">7 </span><dfn>The HTML syntax</dfn></h2><p class="note">This section only describes the rules for resources
+ labeled with an <a href="#html-mime-type">HTML MIME type</a>. Rules for XML resources
+ are discussed in the section below entitled "<a href="#the-xhtml-syntax">The XHTML
syntax</a>".<h3 id="writing"><span class="secno">7.1 </span>Writing HTML documents</h3><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><div class="impl">
<p><i>This section only applies to documents, authoring tools, and
@@ -63683,7 +63698,71 @@
<dt>Change controller:</dt>
<dd>W3C and WHATWG</dd>
</dl><p>Fragment identifiers used with <code><a href="#text-html">text/html</a></code> resources
- refer to <a href="#the-indicated-part-of-the-document">the indicated part of the document</a>.<h3 id="application-xhtml-xml"><span class="secno">11.2 </span><dfn><code>application/xhtml+xml</code></dfn></h3><p>This registration is for community review and will be submitted
+ refer to <a href="#the-indicated-part-of-the-document">the indicated part of the document</a>.<h3 id="text-sandboxed-html"><span class="secno">11.2 </span><dfn><code>text/sandboxed-html</code></dfn></h3><p>This registration is for community review and will be submitted
+ to the IESG for review, approval, and registration with IANA.</p><!--
+ To: ietf-types@iana.org
+ Subject: Registration of media type text/sandboxed-html
+ --><dl><dt>Type name:</dt>
+ <dd>text</dd>
+ <dt>Subtype name:</dt>
+ <dd>sandboxed-html</dd>
+ <dt>Required parameters:</dt>
+ <dd>No required parameters</dd>
+ <dt>Optional parameters:</dt>
+ <dd>Same as for <code><a href="#text-html">text/html</a></code></dd>
+ <dt>Encoding considerations:</dt>
+ <dd>Same as for <code><a href="#text-html">text/html</a></code></dd>
+ <dt>Security considerations:</dt>
+ <dd>
+ <p>The purpose of the <code><a href="#text-sandboxed-html">text/sandboxed-html</a></code> MIME type
+ is to provide a way for content providers to indicate that they
+ want the file to be interpreted in a manner that does not give the
+ file's contents access to the rest of the site. This is achieved
+ by assigning the <code>Document</code> objects generated from
+ resources labeled as <code><a href="#text-sandboxed-html">text/sandboxed-html</a></code> unique
+ origins.</p>
+ <p>To avoid having legacy user agents treating resources labeled
+ as <code><a href="#text-sandboxed-html">text/sandboxed-html</a></code> as regular
+ <code><a href="#text-html">text/html</a></code> files, authors should avoid using the <code title="">.html</code> or <code title="">.htm</code> extensions for
+ resources labeled as <code><a href="#text-sandboxed-html">text/sandboxed-html</a></code>.</p>
+ <p>Beyond this, the type is identical to <code><a href="#text-html">text/html</a></code>,
+ and the same considerations apply.</p>
+ </dd>
+ <dt>Interoperability considerations:</dt>
+ <dd>Same as for <code><a href="#text-html">text/html</a></code></dd>
+ <dt>Published specification:</dt>
+ <dd>
+ This document is the relevant specification. Labeling a resource
+ with the <code><a href="#text-sandboxed-html">text/sandboxed-html</a></code> type asserts that the
+ resource is an <a href="#html-documents" title="HTML documents">HTML document</a>
+ using <a href="#syntax">the HTML syntax</a>.
+ </dd>
+ <dt>Applications that use this media type:</dt>
+ <dd>Same as for <code><a href="#text-html">text/html</a></code></dd>
+ <dt>Additional information:</dt>
+ <dd>
+ <dl><dt>Magic number(s):</dt>
+ <dd>Documents labeled as <code><a href="#text-sandboxed-html">text/sandboxed-html</a></code> are
+ heuristically indistinguishable from those labeled as
+ <code><a href="#text-html">text/html</a></code>.</dd>
+ <dt>File extension(s):</dt>
+ <dd>"<code title="">sandboxed</code>"</dd>
+ <dt>Macintosh file type code(s):</dt>
+ <dd><code title="">TEXT</code></dd>
+ </dl></dd>
+ <dt>Person & email address to contact for further information:</dt>
+ <dd>Ian Hickson <ian@hixie.ch></dd>
+ <dt>Intended usage:</dt>
+ <dd>Common</dd>
+ <dt>Restrictions on usage:</dt>
+ <dd>No restrictions apply.</dd>
+ <dt>Author:</dt>
+ <dd>Ian Hickson <ian@hixie.ch></dd>
+ <dt>Change controller:</dt>
+ <dd>W3C and WHATWG</dd>
+ </dl><p>Fragment identifiers used with <code><a href="#text-sandboxed-html">text/sandboxed-html</a></code>
+ resources refer to <a href="#the-indicated-part-of-the-document">the indicated part of the
+ document</a>.<h3 id="application-xhtml-xml"><span class="secno">11.3 </span><dfn><code>application/xhtml+xml</code></dfn></h3><p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p><!--
To: ietf-types@iana.org
Subject: Registration of media type application/xhtml+xml
@@ -63737,7 +63816,7 @@
<dd>W3C and WHATWG</dd>
</dl><p>Fragment identifiers used with <code><a href="#application-xhtml-xml">application/xhtml+xml</a></code>
resources have the same semantics as with any <a href="#xml-mime-type">XML MIME
- type</a>. <a href="#refsRFC3023">[RFC3023]</a><h3 id="text-cache-manifest"><span class="secno">11.3 </span><dfn><code>text/cache-manifest</code></dfn></h3><p>This registration is for community review and will be submitted
+ type</a>. <a href="#refsRFC3023">[RFC3023]</a><h3 id="text-cache-manifest"><span class="secno">11.4 </span><dfn><code>text/cache-manifest</code></dfn></h3><p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p><!--
To: ietf-types@iana.org
Subject: Registration of media type text/cache-manifest
@@ -63798,7 +63877,7 @@
<dt>Change controller:</dt>
<dd>W3C and WHATWG</dd>
</dl><p>Fragment identifiers have no meaning with
- <code><a href="#text-cache-manifest">text/cache-manifest</a></code> resources.<h3 id="text-ping"><span class="secno">11.4 </span><dfn><code>text/ping</code></dfn></h3><p>This registration is for community review and will be submitted
+ <code><a href="#text-cache-manifest">text/cache-manifest</a></code> resources.<h3 id="text-ping"><span class="secno">11.5 </span><dfn><code>text/ping</code></dfn></h3><p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p><!--
To: ietf-types@iana.org
Subject: Registration of media type text/ping
@@ -63852,7 +63931,7 @@
<dt>Change controller:</dt>
<dd>W3C and WHATWG</dd>
</dl><p>Fragment identifiers have no meaning with
- <code><a href="#text-ping">text/ping</a></code> resources.<h3 id="ping-from"><span class="secno">11.5 </span><dfn title="http-ping-from"><code>Ping-From</code></dfn></h3><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p>This section describes a header field for registration in the
+ <code><a href="#text-ping">text/ping</a></code> resources.<h3 id="ping-from"><span class="secno">11.6 </span><dfn title="http-ping-from"><code>Ping-From</code></dfn></h3><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p>This section describes a header field for registration in the
Permanent Message Header Field Registry. <a href="#refsRFC3864">[RFC3864]</a><dl><dt>Header field name</dt>
<dd>Ping-From</dd>
<dt>Applicable protocol</dt>
@@ -63867,7 +63946,7 @@
</dd>
<dt>Related information</dt>
<dd>None.</dd>
- </dl><h3 id="ping-to"><span class="secno">11.6 </span><dfn title="http-ping-to"><code>Ping-To</code></dfn></h3><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p>This section describes a header field for registration in the
+ </dl><h3 id="ping-to"><span class="secno">11.7 </span><dfn title="http-ping-to"><code>Ping-To</code></dfn></h3><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p>This section describes a header field for registration in the
Permanent Message Header Field Registry. <a href="#refsRFC3864">[RFC3864]</a><dl><dt>Header field name</dt>
<dd>Ping-To</dd>
<dt>Applicable protocol</dt>
Received on Tuesday, 12 January 2010 12:00:15 UTC