- From: poot <cvsmail@w3.org>
- Date: Wed, 7 Apr 2010 14:10:48 +0900 (JST)
- To: public-html-diffs@w3.org
hixie: Make <iframe sandbox> also block autoplay, autofocus, and meta
refresh. (whatwg r4982)
http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.4002&r2=1.4003&f=h
http://html5.org/tools/web-apps-tracker?from=4981&to=4982
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4002
retrieving revision 1.4003
diff -u -d -r1.4002 -r1.4003
--- Overview.html 6 Apr 2010 09:01:50 -0000 1.4002
+++ Overview.html 7 Apr 2010 05:10:32 -0000 1.4003
@@ -285,7 +285,7 @@
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
- <h2 class="no-num no-toc" id="editor-s-draft-6-april-2010">Editor's Draft 6 April 2010</h2>
+ <h2 class="no-num no-toc" id="editor-s-draft-7-april-2010">Editor's Draft 7 April 2010</h2>
<dl><dt>Latest Published Version:</dt>
<dd><a href="http://www.w3.org/TR/html5/">http://www.w3.org/TR/html5/</a></dd>
<dt>Latest Editor's Draft:</dt>
@@ -392,7 +392,7 @@
specification's progress along the W3C Recommendation
track.
- This specification is the 6 April 2010 Editor's Draft.
+ This specification is the 7 April 2010 Editor's Draft.
</p><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- relationship to other work (required) --><p>The contents of this specification are also part of <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/">a
specification</a> published by the <a href="http://www.whatwg.org/">WHATWG</a>, which is available under a
license that permits reuse of the specification text.</p><!-- UNDER NO CIRCUMSTANCES IS THE FOLLOWING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- required patent boilerplate --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5
@@ -11112,9 +11112,14 @@
<ul><li><p>Set a timer so that in <var title="">time</var> seconds,
adjusted to take into account user or user agent preferences,
- if the user has not canceled the redirect, the user agent <a href="#navigate" title="navigate">navigates</a> the document's browsing
- context to <var title="">url</var>, with <a href="#replacement-enabled">replacement
- enabled</a>, and with the document's browsing context as the
+ if the user has not canceled the redirect and if the
+ <code><a href="#meta">meta</a></code> element's <code><a href="#document">Document</a></code>'s
+ <a href="#browsing-context">browsing context</a> did not have the <a href="#sandboxed-automatic-features-browsing-context-flag">sandboxed
+ automatic features browsing context flag</a> set when the
+ <code><a href="#document">Document</a></code> was created, the user agent <a href="#navigate" title="navigate">navigates</a> the <code><a href="#document">Document</a></code>'s
+ <a href="#browsing-context">browsing context</a> to <var title="">url</var>, with
+ <a href="#replacement-enabled">replacement enabled</a>, and with the
+ <code><a href="#document">Document</a></code>'s <a href="#browsing-context">browsing context</a> as the
<a href="#source-browsing-context">source browsing context</a>.</li>
<li><p>Provide the user with an interface that, when selected,
@@ -18356,6 +18361,26 @@
</dd>
+
+ <dt>The <dfn id="sandboxed-automatic-features-browsing-context-flag">sandboxed automatic features browsing context
+ flag</dfn>, unless the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute's value, when
+ <a href="#split-a-string-on-spaces" title="split a string on spaces">split on spaces</a>, is
+ found to have the <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code>
+ keyword (defined above) set</dt>
+
+ <dd>
+
+ <p>This flag blocks features that trigger automatically, such as
+ <a href="#attr-media-autoplay" title="attr-media-autoplay">automatically playing a
+ video</a> or <a href="#attr-fe-autofocus" title="attr-fe-autofocus">automatically
+ focusing a form control</a>. It is relaxed by the same flag as
+ scripts, because when scripts are enabled these features are
+ trivially possible anyway, and it would be unfortunate to force
+ authors to use script to do them when sandboxed rather than
+ allowing them to use the declarative features.</p>
+
+ </dd>
+
</dl><p>These flags must not be set unless the conditions listed above
define them as being set.</p>
@@ -21426,10 +21451,14 @@
<p>If the <a href="#autoplaying-flag">autoplaying flag</a> is true, and the <code title="dom-media-paused"><a href="#dom-media-paused">paused</a></code> attribute is true, and the
<a href="#media-element">media element</a> has an <code title="attr-media-autoplay"><a href="#attr-media-autoplay">autoplay</a></code> attribute specified,
- then the user agent may also set the <code title="dom-media-paused"><a href="#dom-media-paused">paused</a></code> attribute to false,
+ and the <a href="#media-element">media element</a> is in a <code><a href="#document">Document</a></code>
+ whose <a href="#browsing-context">browsing context</a> did not have the
+ <a href="#sandboxed-automatic-features-browsing-context-flag">sandboxed automatic features browsing context flag</a>
+ set when the <code><a href="#document">Document</a></code> was created, then the user
+ agent may also set the <code title="dom-media-paused"><a href="#dom-media-paused">paused</a></code> attribute to false,
<a href="#queue-a-task">queue a task</a> to <a href="#fire-a-simple-event">fire a simple event</a>
- named <code title="event-media-play"><a href="#event-media-play">play</a></code>, and <a href="#queue-a-task">queue a
- task</a> to <a href="#fire-a-simple-event">fire a simple event</a> named <code title="event-media-playing"><a href="#event-media-playing">playing</a></code>.</p>
+ named <code title="event-media-play"><a href="#event-media-play">play</a></code>, and <a href="#queue-a-task">queue
+ a task</a> to <a href="#fire-a-simple-event">fire a simple event</a> named <code title="event-media-playing"><a href="#event-media-playing">playing</a></code>.</p>
<p class="note">User agents are not required to autoplay, and it
is suggested that user agents honor user preferences on the
@@ -33257,13 +33286,16 @@
<p>Whenever an element with the <code title="attr-fe-autofocus"><a href="#attr-fe-autofocus">autofocus</a></code> attribute specified is
<a href="#insert-an-element-into-a-document" title="insert an element into a document">inserted into a
- document</a>, the user agent should <a href="#queue-a-task">queue a task</a>
- that checks to see if the element is <a href="#focusable">focusable</a>, and if
- so, runs the <a href="#focusing-steps">focusing steps</a> for that element. User
- agents may also change the scrolling position of the document, or
- perform some other action that brings the element to the user's
- attention. The <a href="#task-source">task source</a> for this task is the
- <a href="#dom-manipulation-task-source">DOM manipulation task source</a>.</p>
+ document</a> whose <a href="#browsing-context">browsing context</a> did not have the
+ <a href="#sandboxed-automatic-features-browsing-context-flag">sandboxed automatic features browsing context flag</a> set
+ when the <code><a href="#document">Document</a></code> was created, the user agent should
+ <a href="#queue-a-task">queue a task</a> that checks to see if the element is
+ <a href="#focusable">focusable</a>, and if so, runs the <a href="#focusing-steps">focusing
+ steps</a> for that element. User agents may also change the
+ scrolling position of the document, or perform some other action
+ that brings the element to the user's attention. The <a href="#task-source">task
+ source</a> for this task is the <a href="#dom-manipulation-task-source">DOM manipulation task
+ source</a>.</p>
<p>User agents may ignore this attribute if the user has indicated
(for example, by starting to type in a form control) that he does
Received on Wednesday, 7 April 2010 05:11:17 UTC