- From: poot <cvsmail@w3.org>
- Date: Wed, 17 Jun 2009 03:55:55 +0900 (JST)
- To: public-html-diffs@w3.org
cleanup some suggestions we had noted (whatwg r3279) http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.2425&r2=1.2426&f=h http://html5.org/tools/web-apps-tracker?from=3278&to=3279 =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.2425 retrieving revision 1.2426 diff -u -d -r1.2425 -r1.2426 --- Overview.html 16 Jun 2009 01:59:34 -0000 1.2425 +++ Overview.html 16 Jun 2009 18:55:39 -0000 1.2426 @@ -15483,6 +15483,13 @@ tokens re-enable forms and scripts respectively (though scripts are still prevented from creating popups).<div class="impl"> + <!-- v2: Add a new attribute that enables new restrictions, e.g.: + - disallow cross-origin loads of any kind (networking + override that only allows same-origin URLs or about:, + javascript:, data:) + - block access to 'parent.frames' from sandbox + --> + <p>While the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute is specified, the <code><a href="#the-iframe-element">iframe</a></code> element's <a href="#nested-browsing-context">nested browsing context</a>, and all the browsing contexts @@ -15490,9 +15497,7 @@ (either directly or indirectly through other nested browsing contexts) must have the following flags set:</p> - <dl><!-- XXX disallow cross-origin loads of any kind (networking - override that only allows same-origin URLs or about:, - javascript:, data:) --><!-- XXX block access to 'contentWindow.frames' from iframe owner --><!-- XXX block access to 'parent.frames' from sandbox --><dt>The <dfn id="sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</dfn></dt> + <dl><dt>The <dfn id="sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</dfn></dt> <dd>
Received on Tuesday, 16 June 2009 18:56:28 UTC