- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 12 Jan 2010 02:41:46 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec In directory hutz:/tmp/cvs-serv7827 Modified Files: Overview.html Log Message: Make sandbox='' disallow using both allow-same-origin and allow-scripts (and make same-origin win). (whatwg r4577) Index: Overview.html =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.3652 retrieving revision 1.3653 diff -u -d -r1.3652 -r1.3653 --- Overview.html 11 Jan 2010 11:25:19 -0000 1.3652 +++ Overview.html 12 Jan 2010 02:41:42 -0000 1.3653 @@ -262,7 +262,7 @@ <h1>HTML5</h1> <h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2> - <h2 class="no-num no-toc" id="editor-s-draft-11-january-2010">Editor's Draft 11 January 2010</h2> + <h2 class="no-num no-toc" id="editor-s-draft-12-january-2010">Editor's Draft 12 January 2010</h2> <dl><dt>Latest Published Version:</dt> <dd><a href="http://www.w3.org/TR/html5/">http://www.w3.org/TR/html5/</a></dd> <dt>Latest Editor's Draft:</dt> @@ -361,7 +361,7 @@ specification's progress along the W3C Recommendation track. - This specification is the 11 January 2010 Editor's Draft. + This specification is the 12 January 2010 Editor's Draft. </p><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- relationship to other work (required) --><p>This specification is part of <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/">a larger specification</a> being produced by the <a href="http://www.whatwg.org/">WHATWG</a>. <!-- UNDER NO CIRCUMSTANCES IS THE FOLLOWING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --> @@ -16846,10 +16846,12 @@ prevented from targeting other <a href="#browsing-context" title="browsing context">browsing contexts</a>, and plugins are disabled. The <code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code> - token allows the content to be treated as being from the same origin + keyword allows the content to be treated as being from the same origin instead of forcing it into a unique origin, and the <code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code> and <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code> - tokens re-enable forms and scripts respectively (though scripts are - still prevented from creating popups).<div class="impl"> + keywords re-enable forms and scripts respectively (though scripts are + still prevented from creating popups).<p>The <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code> keyword + must not be specified if the <code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code> + keyword is specified.<div class="impl"> <!-- v2: Add a new attribute that enables new restrictions, e.g.: - disallow cross-origin loads of any kind (networking @@ -16968,6 +16970,7 @@ the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute's value, when <a href="#split-a-string-on-spaces" title="split a string on spaces">split on spaces</a>, is found to have the <dfn id="attr-iframe-sandbox-allow-scripts" title="attr-iframe-sandbox-allow-scripts"><code>allow-scripts</code></dfn> + keyword set and <em>not </em> to have the <code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code> keyword set</dt> <dd> @@ -16982,6 +16985,9 @@ or elsewhere) will continue to run. Only <em>new</em> scripts will be prevented from executing by this flag.</p> + <p>This keyword is ignored if the <code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code> + keyword is set.</p> + </dd> </dl><p>These flags must not be set unless the conditions listed above
Received on Tuesday, 12 January 2010 02:41:47 UTC