- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Wed, 24 Mar 2010 08:48:15 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv18248
Modified Files:
Overview.html
Log Message:
Add a value for 'sandbox' that enables top-level navigation. (whatwg r4862)
Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3894
retrieving revision 1.3895
diff -u -d -r1.3894 -r1.3895
--- Overview.html 23 Mar 2010 08:46:28 -0000 1.3894
+++ Overview.html 24 Mar 2010 08:48:11 -0000 1.3895
@@ -17336,6 +17336,7 @@
any content hosted by the <code><a href="#the-iframe-element">iframe</a></code>. Its value must be an
<a href="#unordered-set-of-unique-space-separated-tokens">unordered set of unique space-separated tokens</a>. The
allowed values are <code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code>,
+ <code title="attr-iframe-sandbox-allow-top-navigation"><a href="#attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</a></code>,
<code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code>,
and <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code>. When
the attribute is set, the content is treated as being from a unique
@@ -17343,10 +17344,12 @@
prevented from targeting other <a href="#browsing-context" title="browsing
context">browsing contexts</a>, and plugins are disabled. The
<code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code>
- keyword allows the content to be treated as being from the same origin
- instead of forcing it into a unique origin, and the <code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code> and <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code>
- keywords re-enable forms and scripts respectively (though scripts are
- still prevented from creating popups).<p class="warning">Setting both the <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code> and
+ keyword allows the content to be treated as being from the same
+ origin instead of forcing it into a unique origin, the <code title="attr-iframe-sandbox-allow-top-navigation"><a href="#attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</a></code>
+ keyword allows the content to <a href="#navigate">navigate</a> its
+ <a href="#top-level-browsing-context">top-level browsing context</a>, and the <code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code> and <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code>
+ keywords re-enable forms and scripts respectively (though scripts
+ are still prevented from creating popups).<p class="warning">Setting both the <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code> and
<code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code>
keywords together when the embedded page has the <a href="#same-origin">same
origin</a> as the page containing the <code><a href="#the-iframe-element">iframe</a></code> allows
@@ -17379,7 +17382,9 @@
<p>This flag <a href="#sandboxLinks">prevents content from
navigating browsing contexts other than the sandboxed browsing
context itself</a> (or browsing contexts further nested inside
- it).</p>
+ it), and the <a href="#top-level-browsing-context">top-level browsing context</a> (which is
+ protected by the <a href="#sandboxed-top-level-navigation-browsing-context-flag">sandboxed top-level navigation browsing
+ context flag</a> defined next).</p>
<p>This flag also <a href="#sandboxWindowOpen">prevents content
from creating new auxiliary browsing contexts</a>, e.g. using the
@@ -17389,6 +17394,26 @@
</dd>
+ <dt>The <dfn id="sandboxed-top-level-navigation-browsing-context-flag">sandboxed top-level navigation browsing context
+ flag</dfn>, unless the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute's value, when
+ <a href="#split-a-string-on-spaces" title="split a string on spaces">split on spaces</a>, is
+ found to have the <dfn id="attr-iframe-sandbox-allow-top-navigation" title="attr-iframe-sandbox-allow-top-navigation"><code>allow-top-navigation</code></dfn>
+ keyword set</dt>
+
+ <dd>
+
+ <p>This flag <a href="#sandboxLinks">prevents content from
+ navigating their <span>top-level browsing context</span></a>.</p>
+
+ <p>When the <code title="attr-iframe-sandbox-allow-top-navigation"><a href="#attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</a></code>
+ is set, content can navigate its <a href="#top-level-browsing-context">top-level browsing
+ context</a>, but other <a href="#browsing-context" title="browsing context">browsing
+ contexts</a> are still protected by the <a href="#sandboxed-navigation-browsing-context-flag">sandboxed
+ navigation browsing context flag</a> defined above.</p>
+
+ </dd>
+
+
<dt>The <dfn id="sandboxed-plugins-browsing-context-flag">sandboxed plugins browsing context flag</dfn></dt>
<dd>
@@ -41549,21 +41574,38 @@
<ol><li><p>Release the <a href="#storage-mutex">storage mutex</a>.</li>
- <li id="sandboxLinks"><p>If the <a href="#source-browsing-context">source browsing
- context</a> is not the same as the <a href="#browsing-context">browsing context</a>
- being navigated, and the <a href="#source-browsing-context">source browsing context</a> is
- not one of the <a href="#ancestor-browsing-context" title="ancestor browsing context">ancestor
- browsing contexts</a> of the <a href="#browsing-context">browsing context</a> being
- navigated, and the <a href="#source-browsing-context">source browsing context</a> had its
- <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</a> set when
- its <a href="#active-document">active document</a> was created, then abort these
- steps. The user agent may offer to open the new resource in a new
- <a href="#top-level-browsing-context">top-level browsing context</a> or in the <a href="#top-level-browsing-context">top-level
- browsing context</a> of the <a href="#source-browsing-context">source browsing
- context</a>, at the user's option, in which case the user agent
- must <a href="#navigate">navigate</a> that designated <a href="#top-level-browsing-context">top-level browsing
- context</a> to the new resource as if the user had requested it
- independently.</li>
+ <li id="sandboxLinks">
+
+ <p>If the <a href="#source-browsing-context">source browsing context</a> is not the same as
+ the <a href="#browsing-context">browsing context</a> being navigated, and the
+ <a href="#source-browsing-context">source browsing context</a> is not one of the <a href="#ancestor-browsing-context" title="ancestor browsing context">ancestor browsing
+ contexts</a> of the <a href="#browsing-context">browsing context</a> being
+ navigated, and the <a href="#browsing-context">browsing context</a> being navigated is
+ not both a <a href="#top-level-browsing-context">top-level browsing context</a> and one of the
+ <a href="#ancestor-browsing-context" title="ancestor browsing context">ancestor browsing
+ contexts</a> of the <a href="#source-browsing-context">source browsing context</a>, and
+ the <a href="#source-browsing-context">source browsing context</a> had its <a href="#sandboxed-navigation-browsing-context-flag">sandboxed
+ navigation browsing context flag</a> set when its <a href="#active-document">active
+ document</a> was created, then abort these steps.</p>
+
+ <p>Otherwise, if the <a href="#browsing-context">browsing context</a> being navigated
+ is a <a href="#top-level-browsing-context">top-level browsing context</a>, and is one of the
+ <a href="#ancestor-browsing-context" title="ancestor browsing context">ancestor browsing
+ contexts</a> of the <a href="#source-browsing-context">source browsing context</a>, and
+ the <a href="#source-browsing-context">source browsing context</a> had its <a href="#sandboxed-top-level-navigation-browsing-context-flag">sandboxed
+ top-level navigation browsing context flag</a> set when its
+ <a href="#active-document">active document</a> was created, then abort these
+ steps.</p>
+
+ <p>In both cases, the user agent may additionally offer to open
+ the new resource in a new <a href="#top-level-browsing-context">top-level browsing context</a>
+ or in the <a href="#top-level-browsing-context">top-level browsing context</a> of the
+ <a href="#source-browsing-context">source browsing context</a>, at the user's option, in
+ which case the user agent must <a href="#navigate">navigate</a> that
+ designated <a href="#top-level-browsing-context">top-level browsing context</a> to the new
+ resource as if the user had requested it independently.</p>
+
+ </li>
<li id="seamlessLinks"><p>If the <a href="#source-browsing-context">source browsing
context</a> is the same as the <a href="#browsing-context">browsing context</a>
Received on Wednesday, 24 March 2010 08:48:16 UTC