W3C home > Mailing lists > Public > public-html-diffs@w3.org > April 2012

hixie: sandbox='allow-popups' feature (whatwg r7054)

From: poot <cvsmail@w3.org>
Date: Tue, 17 Apr 2012 01:02:55 -0400
To: public-html-diffs@w3.org
Message-Id: <E1SK0Z5-0007lH-6B@jay.w3.org>
hixie: sandbox='allow-popups' feature (whatwg r7054)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.5624&r2=1.5625&f=h
http://html5.org/tools/web-apps-tracker?from=7053&to=7054

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.5624
retrieving revision 1.5625
diff -u -d -r1.5624 -r1.5625
--- Overview.html	13 Apr 2012 23:10:08 -0000	1.5624
+++ Overview.html	17 Apr 2012 05:02:33 -0000	1.5625
@@ -24105,6 +24105,7 @@
   <a href="#unordered-set-of-unique-space-separated-tokens">unordered set of unique space-separated tokens</a> that are
   <a href="#ascii-case-insensitive">ASCII case-insensitive</a>. The allowed values are
   <code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code>,
+  <code title="attr-iframe-sandbox-allow-popups"><a href="#attr-iframe-sandbox-allow-popups">allow-popups</a></code>,
   <code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code>,
   <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code>, and
   <code title="attr-iframe-sandbox-allow-top-navigation"><a href="#attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</a></code>.
@@ -24117,9 +24118,8 @@
   keyword allows the content to be treated as being from the same
   origin instead of forcing it into a unique origin, the <code title="attr-iframe-sandbox-allow-top-navigation"><a href="#attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</a></code>
   keyword allows the content to <a href="#navigate">navigate</a> its
-  <a href="#top-level-browsing-context">top-level browsing context</a>, and the <code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code> and <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code>
-  keywords re-enable forms and scripts respectively (though scripts
-  are still prevented from creating popups).</p>
+  <a href="#top-level-browsing-context">top-level browsing context</a>, and the <code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code>, <code title="attr-iframe-sandbox-allow-popups"><a href="#attr-iframe-sandbox-allow-popups">allow-popups</a></code> and <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code>
+  keywords re-enable forms, popups, and scripts respectively.</p>
 
   <p class="warning">Setting both the
   <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code> and
@@ -52351,10 +52351,10 @@
   context</a> of the one the link or script is in, "new" means a
   new <a href="#top-level-browsing-context">top-level browsing context</a> or <a href="#auxiliary-browsing-context">auxiliary
   browsing context</a> is to be created, subject to various user
-  preferences and user agent policies, "maybe new" means the same as
-  "new" but the requirements for those cases encourage user agents to
-  treat it more like "none", and "none" means that by default nothing
-  will happen.</p>
+  preferences and user agent policies, "none" means that nothing will
+  happen, and "maybe new" means the same as "new" if the "<code title="attr-iframe-sandbox-allow-popups"><a href="#attr-iframe-sandbox-allow-popups">allow-popups</a></code>"
+  keyword is also specified on the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute (or if the user
+  overrode the sandboxing), and the same as "none" otherwise.</p>
 
   <table><thead><tr><th rowspan="2">Keyword
      <th rowspan="2">Ordinary effect
@@ -52553,18 +52553,28 @@
 
     <dl class="switch"><dt id="sandboxWindowOpen">If the current browsing context's
      <a href="#active-document">active document</a>'s <a href="#active-sandboxing-flag-set">active sandboxing flag
-     set</a> has the <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context
-     flag</a> set.</dt>
+     set</a> has the <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing
+     context flag</a> set.</dt>
 
-     <dd><p>The user agent may offer to create a new <a href="#top-level-browsing-context">top-level
-     browsing context</a> or reuse an existing <a href="#top-level-browsing-context">top-level
-     browsing context</a>. If the user picks one of those options,
-     then the designated browsing context must be the chosen one (the
-     browsing context's name isn't set to the given browsing context
-     name). The default behaviour (if the user agent doesn't offer the
-     option to the user, or if the user declines to allow a browsing
-     context to be used) there must not be a chosen browsing
-     context.</dd>
+     <dd>
+
+      <p>Typically, there is no chosen browsing context.</p>
+
+      <p>The user agent may offer to create a new <a href="#top-level-browsing-context">top-level
+      browsing context</a> or reuse an existing <a href="#top-level-browsing-context">top-level
+      browsing context</a>. If the user picks one of those options,
+      then the designated browsing context must be the chosen one (the
+      browsing context's name isn't set to the given browsing context
+      name). The default behaviour (if the user agent doesn't offer
+      the option to the user, or if the user declines to allow a
+      browsing context to be used) must be that there must not be a
+      chosen browsing context.</p>
+
+      <p class="warning">If this case occurs, it means that an author
+      has explicitly sandboxed the document that is trying to open a
+      link.</p>
+
+     </dd>
 
 
      <dt id="noopener">If the user agent has been configured such that
@@ -52613,6 +52623,18 @@
     users to configure the user agent to always reuse the current
     browsing context.</p>
 
+    <p>If the current browsing context's <a href="#active-document">active
+    document</a>'s <a href="#active-sandboxing-flag-set">active sandboxing flag set</a> has the
+    <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</a> set and
+    chosen browsing context picked above, if any, is a new browsing
+    context (whether top-level or auxiliary), then all the flags that
+    are set in the current browsing context's <a href="#active-document">active
+    document</a>'s <a href="#active-sandboxing-flag-set">active sandboxing flag set</a> when the
+    new browsing context is created must be set in the new browsing
+    context's <a href="#popup-sandboxing-flag-set">popup sandboxing flag set</a>, and the current
+    browsing context must be set as the new browsing context's
+    <a href="#one-permitted-sandboxed-navigator">one permitted sandboxed navigator</a>.</p>
+
    </li>
 
   </ol></div>
@@ -53886,20 +53908,39 @@
     <p>This flag <a href="#sandboxLinks">prevents content from
     navigating browsing contexts other than the sandboxed browsing
     context itself</a> (or browsing contexts further nested inside
-    it), and the <a href="#top-level-browsing-context">top-level browsing context</a> (which is
+    it), <a href="#auxiliary-browsing-context" title="auxiliary browsing context">auxiliary browsing
+    contexts</a> (which are protected by the <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed
+    auxiliary navigation browsing context flag</a> defined next),
+    and the <a href="#top-level-browsing-context">top-level browsing context</a> (which is
     protected by the <a href="#sandboxed-top-level-navigation-browsing-context-flag">sandboxed top-level navigation browsing
-    context flag</a> defined next).</p>
+    context flag</a> defined below).</p>
 
-    <p>This flag also <a href="#sandboxWindowOpen">prevents content
-    from creating new auxiliary browsing contexts</a>, e.g. using the
-    <code title="attr-hyperlink-target"><a href="#attr-hyperlink-target">target</a></code> attribute, the
-    <code title="dom-open"><a href="#dom-open">window.open()</a></code> method, or the <code title="dom-showModalDialog"><a href="#dom-showmodaldialog">showModalDialog()</a></code> method.</p>
+    <p>If the <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing context
+    flag</a> is not set, then in certain cases the restrictions
+    nonetheless allow popups (new <a href="#top-level-browsing-context" title="top-level browsing
+    context">top-level browsing contexts</a>) to be opened. These
+    <a href="#browsing-context" title="browsing context">browsing contexts</a> always
+    have <dfn id="one-permitted-sandboxed-navigator">one permitted sandboxed navigator</dfn>, set when the
+    browsing context is created, which allows the <a href="#browsing-context">browsing
+    context</a> that created them to actually navigate them.
+    (Otherwise, the <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context
+    flag</a> would prevent them from being navigated even if they
+    were opened.)</p>
 
    </dd>
 
 
-   <dt>The <dfn id="sandboxed-top-level-navigation-browsing-context-flag">sandboxed top-level navigation browsing context
-   flag</dfn></dt>
+   <dt>The <dfn id="sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing context flag</dfn></dt>
+
+   <dd>
+
+    <p>This flag <a href="#sandboxWindowOpen">prevents content from
+    creating new auxiliary browsing contexts</a>, e.g. using the <code title="attr-hyperlink-target"><a href="#attr-hyperlink-target">target</a></code> attribute, the <code title="dom-open"><a href="#dom-open">window.open()</a></code> method, or the <code title="dom-showModalDialog"><a href="#dom-showmodaldialog">showModalDialog()</a></code> method.</p>
+
+   </dd>
+
+
+   <dt>The <dfn id="sandboxed-top-level-navigation-browsing-context-flag">sandboxed top-level navigation browsing context flag</dfn></dt>
 
    <dd>
 
@@ -53910,7 +53951,9 @@
     is set, content can navigate its <a href="#top-level-browsing-context">top-level browsing
     context</a>, but other <a href="#browsing-context" title="browsing context">browsing
     contexts</a> are still protected by the <a href="#sandboxed-navigation-browsing-context-flag">sandboxed
-    navigation browsing context flag</a> defined above.</p>
+    navigation browsing context flag</a> and possibly the
+    <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing context
+    flag</a>.</p>
 
    </dd>
 
@@ -54010,6 +54053,10 @@
 
     <ul><li><p>The <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</a></li>
 
+     <li><p>The <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing context
+     flag</a>, unless <var title="">tokens</var> contains the <dfn id="attr-iframe-sandbox-allow-popups" title="attr-iframe-sandbox-allow-popups"><code>allow-popups</code></dfn>
+     keyword</li>
+
      <li><p>The <a href="#sandboxed-top-level-navigation-browsing-context-flag">sandboxed top-level navigation browsing context
      flag</a>, unless <var title="">tokens</var> contains the <dfn id="attr-iframe-sandbox-allow-top-navigation" title="attr-iframe-sandbox-allow-top-navigation"><code>allow-top-navigation</code></dfn>
      keyword</li>
@@ -54068,7 +54115,13 @@
 
     </ul></li>
 
-  </ol><hr><p>Every <a href="#nested-browsing-context">nested browsing context</a> has an
+  </ol><hr><p>Every <a href="#top-level-browsing-context">top-level browsing context</a> has a <dfn id="popup-sandboxing-flag-set">popup
+  sandboxing flag set</dfn>. When a <a href="#browsing-context">browsing context</a> is
+  created, its <a href="#popup-sandboxing-flag-set">popup sandboxing flag set</a> must be empty.
+  It is populated by <a href="#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name">the rules for choosing a browsing context
+  given a browsing context name</a>.</p>
+
+  <p>Every <a href="#nested-browsing-context">nested browsing context</a> has an
   <dfn id="iframe-sandboxing-flag-set"><code>iframe</code> sandboxing flag set</dfn>, which is a
   <a href="#sandboxing-flag-set">sandboxing flag set</a>. Which flags in a <a href="#nested-browsing-context">nested
   browsing context</a>'s <a href="#iframe-sandboxing-flag-set"><code>iframe</code> sandboxing flag
@@ -54946,10 +54999,8 @@
     <a href="#source-browsing-context">source browsing context</a> is not one of the <a href="#ancestor-browsing-context" title="ancestor browsing context">ancestor browsing
     contexts</a> of the <a href="#browsing-context">browsing context</a> being
     navigated, and the <a href="#browsing-context">browsing context</a> being navigated
-    is not both a <a href="#top-level-browsing-context">top-level browsing context</a> and one of
-    the <a href="#ancestor-browsing-context" title="ancestor browsing context">ancestor browsing
-    contexts</a> of the <a href="#source-browsing-context">source browsing context</a>, and
-    the <a href="#source-browsing-context">source browsing context</a>'s <a href="#active-document">active
+    is not a <a href="#top-level-browsing-context">top-level browsing context</a>, and the
+    <a href="#source-browsing-context">source browsing context</a>'s <a href="#active-document">active
     document</a>'s <a href="#active-sandboxing-flag-set">active sandboxing flag set</a> has its
     <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</a> set, then
     abort these steps.</p>
@@ -54963,14 +55014,29 @@
     top-level navigation browsing context flag</a> set, then abort
     these steps.</p>
 
-    <p>In both cases, the user agent may additionally offer to open
-    the new resource in a new <a href="#top-level-browsing-context">top-level browsing context</a>
-    or in the <a href="#top-level-browsing-context">top-level browsing context</a> of the
-    <a href="#source-browsing-context">source browsing context</a>, at the user's option, in
-    which case the user agent must <a href="#navigate">navigate</a> that designated <a href="#top-level-browsing-context">top-level browsing
+    <p>Otherwise, if the <a href="#browsing-context">browsing context</a> being navigated
+    is a <a href="#top-level-browsing-context">top-level browsing context</a>, and is not one of
+    the <a href="#ancestor-browsing-context" title="ancestor browsing context">ancestor browsing
+    contexts</a> of the <a href="#source-browsing-context">source browsing context</a>, and
+    the <a href="#source-browsing-context">source browsing context</a>'s <code><a href="#document">Document</a></code>'s
+    <a href="#active-sandboxing-flag-set">active sandboxing flag set</a> has its <a href="#sandboxed-navigation-browsing-context-flag">sandboxed
+    navigation browsing context flag</a> set, and the <a href="#source-browsing-context">source
+    browsing context</a> is not the <a href="#one-permitted-sandboxed-navigator">one permitted sandboxed
+    navigator</a> of the <a href="#browsing-context">browsing context</a> being
+    navigated, then abort these steps.</p> 
+
+    <p>In all of these cases, the user agent may additionally offer to
+    open the new resource in a new <a href="#top-level-browsing-context">top-level browsing
+    context</a> or in the <a href="#top-level-browsing-context">top-level browsing context</a>
+    of the <a href="#source-browsing-context">source browsing context</a>, at the user's option,
+    in which case the user agent must <a href="#navigate">navigate</a> that designated <a href="#top-level-browsing-context">top-level browsing
     context</a> to the new resource as if the user had requested it
     independently.</p>
 
+    <p class="note">Doing so, however, can be dangerous, as it means
+    that the user is overriding the author's explicit request to
+    sandbox the content.</p>
+
    </li>
 
    <li id="seamlessLinks"><p>If the <a href="#source-browsing-context">source browsing
@@ -55334,6 +55400,11 @@
     <code><a href="#document">Document</a></code> object is created:</p>
 
     <ul><li><p>If the <code><a href="#document">Document</a></code>'s <a href="#browsing-context">browsing
+     context</a> is a <a href="#top-level-browsing-context">top-level browsing context</a>,
+     then: the flags set on the <a href="#browsing-context">browsing context</a>'s
+     <a href="#popup-sandboxing-flag-set">popup sandboxing flag set</a>.</li>
+
+     <li><p>If the <code><a href="#document">Document</a></code>'s <a href="#browsing-context">browsing
      context</a> is a <a href="#nested-browsing-context">nested browsing context</a>, then:
      the flags set on the <a href="#browsing-context">browsing context</a>'s
      <a href="#iframe-sandboxing-flag-set"><code>iframe</code> sandboxing flag set</a>.</li>
@@ -60817,10 +60888,13 @@
 
    <li>
 
-    <p>If the current browsing context's <a href="#active-document">active
-    document</a>'s <a href="#active-sandboxing-flag-set">active sandboxing flag set</a> has its
-    <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</a> set, then
-    return the empty string and abort these steps.</p>
+    <p>If the <a href="#active-sandboxing-flag-set">active sandboxing flag set</a>
+    of the <a href="#active-document">active document</a>
+    of the <a href="#script-s-browsing-context" title="script's browsing context">browsing context</a>
+    of the <a href="#concept-script" title="concept-script">script</a> that invoked the method
+    has its
+    <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing context flag</a>
+    set, then return the empty string and abort these steps.</p>
 
    </li>
 
@@ -60872,6 +60946,22 @@
 
    <li>
 
+    <p>Set all the flags
+    in the new browsing context's <a href="#popup-sandboxing-flag-set">popup sandboxing flag set</a>
+    that are set in the
+    <a href="#active-sandboxing-flag-set">active sandboxing flag set</a>
+    of the <a href="#active-document">active document</a>
+    of the <a href="#script-s-browsing-context" title="script's browsing context">browsing context</a>
+    of the <a href="#concept-script" title="concept-script">script</a> that invoked the method.
+    The <a href="#script-s-browsing-context" title="script's browsing context">browsing context</a>
+    of the <a href="#concept-script" title="concept-script">script</a> that invoked the method
+    must be set as the new browsing context's
+    <a href="#one-permitted-sandboxed-navigator">one permitted sandboxed navigator</a>.</p>
+
+   </li>
+
+   <li>
+
     <p>Let the <a href="#dialog-arguments">dialog arguments</a> of the new browsing
     context be set to the value of <var title="">argument</var>, or
     the 'undefined' value if the argument was omitted.</p>
@@ -81118,6 +81208,7 @@
      <td> Security rules for nested content
      <td> <a href="#unordered-set-of-unique-space-separated-tokens">Unordered set of unique space-separated tokens</a>, <a href="#ascii-case-insensitive">ASCII case-insensitive</a>, consisting of
           "<code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code>",
+          "<code title="attr-iframe-sandbox-allow-popups"><a href="#attr-iframe-sandbox-allow-popups">allow-popups</a></code>",
           "<code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code>",
           "<code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code> and
           "<code title="attr-iframe-sandbox-allow-top-navigation"><a href="#attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</a></code>"
Received on Tuesday, 17 April 2012 05:03:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 April 2012 05:03:03 GMT