html5/spec Overview.html,1.3520,1.3521 from Ian Hickson via cvs-syncmail on 2009-12-06 (public-html-commits@w3.org from December 2009)

From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
Date: Sun, 06 Dec 2009 07:11:37 +0000
To: public-html-commits@w3.org
Message-Id: <E1NHBHN-0003J8-Oe@lionel-hutz.w3.org>
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv12696

Modified Files:
	Overview.html 
Log Message:
Prevent seamless='' from being used in iframes embedded in sandboxed iframes. (whatwg r4407)

Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3520
retrieving revision 1.3521
diff -u -d -r1.3520 -r1.3521
--- Overview.html	4 Dec 2009 12:07:46 -0000	1.3520
+++ Overview.html	6 Dec 2009 07:11:34 -0000	1.3521
@@ -215,7 +215,7 @@
    <h1>HTML5</h1>
    <h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
 
-   <h2 class="no-num no-toc" id="editor-s-draft-4-december-2009">Editor's Draft 4 December 2009</h2>
+   <h2 class="no-num no-toc" id="editor-s-draft-6-december-2009">Editor's Draft 6 December 2009</h2>
    <dl><dt>Latest Published Version:</dt>
     <dd><a href="http://www.w3.org/TR/html5/">http://www.w3.org/TR/html5/</a></dd>
     <dt>Latest Editor's Draft:</dt>
@@ -308,7 +308,7 @@
   specification's progress along the W3C Recommendation
   track.
 
-  This specification is the 4 December 2009 Editor's Draft.
+  This specification is the 6 December 2009 Editor's Draft.
   </p><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- relationship to other work (required) --><p>This specification is also being produced by the <a href="http://www.whatwg.org/">WHATWG</a>. The two specifications are
   identical from the table of contents onwards.</p><!-- UNDER NO CIRCUMSTANCES IS THE FOLLOWING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- context and rationale (required) --><p>This specification is intended to replace (be a new version of)
   what was previously the HTML4, XHTML1, and DOM2 HTML
@@ -17681,6 +17681,23 @@
    </dd>
 
 
+   <dt>The <dfn id="sandboxed-seamless-iframes-flag">sandboxed seamless iframes flag</dfn></dt>
+
+   <dd>
+
+    <p>This flag prevents content from using the <code title="attr-iframe-seamless"><a href="#attr-iframe-seamless">seamless</a></code> attribute on
+    descendant <code><a href="#the-iframe-element">iframe</a></code> elements.</p>
+
+    <p class="note">This prevents a page inserted using the <code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code>
+    keyword from using a CSS-selector-based method of probing the DOM
+    of other pages on the same site (in particular, pages that contain
+    user-sensitive information).</p>
+
+    <!-- http://lists.w3.org/Archives/Public/public-web-security/2009Dec/thread.html#msg51 -->
+
+   </dd>
+
+
    <dt>The <dfn id="sandboxed-origin-browsing-context-flag">sandboxed origin browsing context flag</dfn>, unless
    the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute's
    value, when <a href="#split-a-string-on-spaces" title="split a string on spaces">split on
@@ -17796,13 +17813,16 @@
   context</a> is to be rendered in a manner that makes it appear to
   be part of the containing document (seamlessly included in the
   parent document). <span class="impl">Specifically, when the
-  attribute is set on an element and while the <a href="#browsing-context">browsing
-  context</a>'s <a href="#active-document">active document</a> has the <a href="#same-origin">same
-  origin</a> as the <code><a href="#the-iframe-element">iframe</a></code> element's document, or the
-  <a href="#browsing-context">browsing context</a>'s <a href="#active-document">active document</a>'s
-  <em><a href="#the-document-s-address" title="the document's address">address</a></em> has the
-  <a href="#same-origin">same origin</a> as the <code><a href="#the-iframe-element">iframe</a></code> element's
-  document, the following requirements apply:</span><div class="impl">
+  attribute is set on an <code><a href="#the-iframe-element">iframe</a></code> element whose owner
+  <code>Document</code>'s <a href="#browsing-context">browsing context</a> does not have
+  the <a href="#sandboxed-seamless-iframes-flag">sandboxed seamless iframes flag</a> set and while
+  either the <a href="#browsing-context">browsing context</a>'s <a href="#active-document">active
+  document</a> has the <a href="#same-origin">same origin</a> as the
+  <code><a href="#the-iframe-element">iframe</a></code> element's document, or the <a href="#browsing-context">browsing
+  context</a>'s <a href="#active-document">active document</a>'s <em><a href="#the-document-s-address" title="the
+  document's address">address</a></em> has the <a href="#same-origin">same
+  origin</a> as the <code><a href="#the-iframe-element">iframe</a></code> element's document, the
+  following requirements apply:</span><div class="impl">
 
   <ul><li><p>The user agent must set the <dfn id="seamless-browsing-context-flag">seamless browsing
    context flag</dfn> to true for that <a href="#browsing-context">browsing
@@ -71645,6 +71665,7 @@
   Drew Wilson,
   Edmund Lai,
   Eduard Pascual,
+  Eduardo Vela,
   Edward O'Connor,
   Edward Welbourne,
   Edward Z. Yang,
Received on Sunday, 6 December 2009 07:11:46 UTC