- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 16 Jun 2009 18:55:42 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv26231
Modified Files:
Overview.html
Log Message:
cleanup some suggestions we had noted (whatwg r3279)
Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.2425
retrieving revision 1.2426
diff -u -d -r1.2425 -r1.2426
--- Overview.html 16 Jun 2009 01:59:34 -0000 1.2425
+++ Overview.html 16 Jun 2009 18:55:39 -0000 1.2426
@@ -15483,6 +15483,13 @@
tokens re-enable forms and scripts respectively (though scripts are
still prevented from creating popups).<div class="impl">
+ <!-- v2: Add a new attribute that enables new restrictions, e.g.:
+ - disallow cross-origin loads of any kind (networking
+ override that only allows same-origin URLs or about:,
+ javascript:, data:)
+ - block access to 'parent.frames' from sandbox
+ -->
+
<p>While the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code>
attribute is specified, the <code><a href="#the-iframe-element">iframe</a></code> element's
<a href="#nested-browsing-context">nested browsing context</a>, and all the browsing contexts
@@ -15490,9 +15497,7 @@
(either directly or indirectly through other nested browsing
contexts) must have the following flags set:</p>
- <dl><!-- XXX disallow cross-origin loads of any kind (networking
- override that only allows same-origin URLs or about:,
- javascript:, data:) --><!-- XXX block access to 'contentWindow.frames' from iframe owner --><!-- XXX block access to 'parent.frames' from sandbox --><dt>The <dfn id="sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</dfn></dt>
+ <dl><dt>The <dfn id="sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</dfn></dt>
<dd>
Received on Tuesday, 16 June 2009 18:55:49 UTC