hixie: Give a summary of how target='' and sandbox='' interact. (whatwg r6217) from poot on 2011-06-17 (public-html-diffs@w3.org from June 2011)

From: poot <cvsmail@w3.org>
Date: Fri, 17 Jun 2011 05:53:06 -0400
To: public-html-diffs@w3.org
Message-Id: <E1QXVje-0004mC-2t@jay.w3.org>
hixie: Give a summary of how target='' and sandbox='' interact. (whatwg
r6217)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.4982&r2=1.4983&f=h
http://html5.org/tools/web-apps-tracker?from=6216&to=6217

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4982
retrieving revision 1.4983
diff -u -d -r1.4982 -r1.4983
--- Overview.html 13 Jun 2011 19:41:54 -0000 1.4982
+++ Overview.html 13 Jun 2011 22:15:58 -0000 1.4983
@@ -16612,14 +16612,18 @@
   that create <a href="#hyperlink" title="hyperlink">hyperlinks</a> is to run the
   following steps:</p>
 
-  <ol><li><p>If the <code title="event-click"><a href="#event-click">click</a></code>
-   event in question is not <a href="#concept-events-trusted" title="concept-events-trusted">trusted</a> (i.e. a <code title="dom-click"><a href="#dom-click">click()</a></code> method call was the reason for the
-   event being dispatched), and the <code><a href="#the-a-element">a</a></code> element's <code title="attr-hyperlink-target"><a href="#attr-hyperlink-target">target</a></code> attribute is such that
-   applying <a href="#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name">the rules for choosing a browsing context given a
-   browsing context name</a>, using the value of the <code title="attr-hyperlink-target"><a href="#attr-hyperlink-target">target</a></code> attribute as the
-   browsing context name, would result in there not being a chosen
-   browsing context, then raise an <code><a href="#invalid_access_err">INVALID_ACCESS_ERR</a></code>
-   exception and abort these steps.</li>
+  <ol><li><p>If the <code title="event-click"><a href="#event-click">click</a></code> event in
+   question is not <a href="#concept-events-trusted" title="concept-events-trusted">trusted</a>
+   (i.e. a <code title="dom-click"><a href="#dom-click">click()</a></code> method call was the
+   reason for the event being dispatched), and the <code><a href="#the-a-element">a</a></code>
+   element's <code title="attr-hyperlink-target"><a href="#attr-hyperlink-target">target</a></code>
+   attribute is present and applying <a href="#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name">the rules for choosing a
+   browsing context given a browsing context name</a>, using the
+   value of the <code title="attr-hyperlink-target"><a href="#attr-hyperlink-target">target</a></code>
+   attribute as the browsing context name, would result in there not
+   being a chosen browsing context, then raise an
+   <code><a href="#invalid_access_err">INVALID_ACCESS_ERR</a></code> exception and abort these
+   steps.</li>
 
    <li><p>If the target of the <code title="event-click"><a href="#event-click">click</a></code>
    event is an <code><a href="#the-img-element">img</a></code> element with an <code title="attr-img-ismap"><a href="#attr-img-ismap">ismap</a></code> attribute specified, then
@@ -28026,7 +28030,7 @@
    (i.e. a <code title="dom-click"><a href="#dom-click">click()</a></code> method call was the
    reason for the event being dispatched), and the <code><a href="#the-area-element">area</a></code>
    element's <code title="attr-hyperlink-target"><a href="#attr-hyperlink-target">target</a></code>
-   attribute is such that applying <a href="#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name">the rules for choosing a
+   attribute is present and applying <a href="#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name">the rules for choosing a
    browsing context given a browsing context name</a>, using the
    value of the <code title="attr-hyperlink-target"><a href="#attr-hyperlink-target">target</a></code>
    attribute as the browsing context name, would result in there not
@@ -43266,7 +43270,150 @@
   character. (Names starting with an underscore are reserved for
   special keywords.)<p>A <dfn id="valid-browsing-context-name-or-keyword">valid browsing context name or keyword</dfn> is any string
   that is either a <a href="#valid-browsing-context-name">valid browsing context name</a> or that is
-  an <a href="#ascii-case-insensitive">ASCII case-insensitive</a> match for one of: <code title="">_blank</code>, <code title="">_self</code>, <code title="">_parent</code>, or <code title="">_top</code>.<div class="impl">
+  an <a href="#ascii-case-insensitive">ASCII case-insensitive</a> match for one of: <code title="">_blank</code>, <code title="">_self</code>, <code title="">_parent</code>, or <code title="">_top</code>.<p>These values have different meanings based on whether the page is
+  sandboxed or not, as summarized in the following (non-normative)
+  table. In this table, "current" means the <a href="#browsing-context">browsing
+  context</a> that the link or script is in, "parent" means the
+  <a href="#parent-browsing-context">parent browsing context</a> of the one the link or script
+  is in, "master" means the nearest <a href="#ancestor-browsing-context">ancestor browsing
+  context</a> of the one the link or script is in that is not
+  itself in a <a href="#attr-iframe-seamless" title="attr-iframe-seamless">seamless
+  iframe</a>, "top" means the <a href="#top-level-browsing-context">top-level browsing
+  context</a> of the one the link or script is in, "new" means a
+  new <a href="#top-level-browsing-context">top-level browsing context</a> or <a href="#auxiliary-browsing-context">auxiliary
+  browsing context</a> is to be created, subject to various user
+  preferences and user agent policies, and "none" means that by
+  default nothing will happen.<table><thead><tr><th rowspan="2">Keyword
+     <th rowspan="2">Ordinary effect
+     <th colspan="5">Effect in an <code><a href="#the-iframe-element">iframe</a></code> with...
+    <tr><th><code title="">seamless=""</code>
+     <th><code title="">sandbox=""</code>
+     <th><code title="">sandbox="" seamless=""</code>
+     <th><code title="">sandbox="allow-top-navigation"</code>
+     <th><code title="">sandbox="allow-top-navigation" seamless=""</code>
+
+   <tbody><tr><td>none specified, for links and form submissions 
+     <td>current
+     <td>master
+     <td>current
+     <td>master
+     <td>current
+     <td>master
+
+    <tr><td>none specified, for <code title="dom-open"><a href="#dom-open">window.open()</a></code> 
+     <td>new
+     <td>new
+     <td>new&dagger;
+     <td>new&dagger;
+     <td>new&dagger;
+     <td>new&dagger;
+
+    <tr><td>empty string
+     <td>current
+     <td>master
+     <td>current
+     <td>master
+     <td>current
+     <td>master
+
+    <tr><td><code title="">_blank</code>
+     <td>new
+     <td>new
+     <td>new
+     <td>new
+     <td>new
+     <td>new
+
+    <tr><td><code title="">_self</code>
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+
+    <tr><td><code title="">_parent</code> if there isn't a parent
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+
+    <tr><td><code title="">_parent</code> if parent is also top
+     <td>parent/top
+     <td>parent/top
+     <td>none
+     <td>none
+     <td>parent/top
+     <td>parent/top
+
+    <tr><td><code title="">_parent</code> if there is one and it's not top
+     <td>parent
+     <td>parent
+     <td>none
+     <td>none
+     <td>none
+     <td>none
+
+    <tr><td><code title="">_top</code> if top is current
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+
+    <tr><td><code title="">_top</code> if top is not current
+     <td>top
+     <td>top
+     <td>none
+     <td>none
+     <td>top
+     <td>top
+
+    <tr><td>name that doesn't exist
+     <td>new
+     <td>new
+     <td>new
+     <td>new
+     <td>new
+     <td>new
+
+    <tr><td>name that exists and is a descendant
+     <td>specified descendant
+     <td>specified descendant
+     <td>specified descendant
+     <td>specified descendant
+     <td>specified descendant
+     <td>specified descendant
+
+    <tr><td>name that exists and is current
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+     <td>current
+
+    <tr><td>name that exists and is a ancestor that is top
+     <td>specified ancestor
+     <td>specified ancestor
+     <td>none
+     <td>none
+     <td>specified ancestor/top
+     <td>specified ancestor/top
+
+    <tr><td>name that exists and is a ancestor that is not top
+     <td>specified ancestor
+     <td>specified ancestor
+     <td>none
+     <td>none
+     <td>none
+     <td>none
+
+  </table><p><small>&dagger; This case is only possible if the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute also allows
+  scripts.</small><div class="impl">
 
   <p><dfn id="the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name">The rules for choosing a browsing context given a browsing
   context name</dfn> are as follows. The rules assume that they are
Received on Friday, 17 June 2011 09:53:08 UTC