- From: poot <cvsmail@w3.org>
- Date: Tue, 17 Apr 2012 01:02:55 -0400
- To: public-html-diffs@w3.org
hixie: sandbox='allow-popups' feature (whatwg r7054)
http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.5624&r2=1.5625&f=h
http://html5.org/tools/web-apps-tracker?from=7053&to=7054
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.5624
retrieving revision 1.5625
diff -u -d -r1.5624 -r1.5625
--- Overview.html 13 Apr 2012 23:10:08 -0000 1.5624
+++ Overview.html 17 Apr 2012 05:02:33 -0000 1.5625
@@ -24105,6 +24105,7 @@
<a href="#unordered-set-of-unique-space-separated-tokens">unordered set of unique space-separated tokens</a> that are
<a href="#ascii-case-insensitive">ASCII case-insensitive</a>. The allowed values are
<code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code>,
+ <code title="attr-iframe-sandbox-allow-popups"><a href="#attr-iframe-sandbox-allow-popups">allow-popups</a></code>,
<code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code>,
<code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code>, and
<code title="attr-iframe-sandbox-allow-top-navigation"><a href="#attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</a></code>.
@@ -24117,9 +24118,8 @@
keyword allows the content to be treated as being from the same
origin instead of forcing it into a unique origin, the <code title="attr-iframe-sandbox-allow-top-navigation"><a href="#attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</a></code>
keyword allows the content to <a href="#navigate">navigate</a> its
- <a href="#top-level-browsing-context">top-level browsing context</a>, and the <code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code> and <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code>
- keywords re-enable forms and scripts respectively (though scripts
- are still prevented from creating popups).</p>
+ <a href="#top-level-browsing-context">top-level browsing context</a>, and the <code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code>, <code title="attr-iframe-sandbox-allow-popups"><a href="#attr-iframe-sandbox-allow-popups">allow-popups</a></code> and <code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code>
+ keywords re-enable forms, popups, and scripts respectively.</p>
<p class="warning">Setting both the
<code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code> and
@@ -52351,10 +52351,10 @@
context</a> of the one the link or script is in, "new" means a
new <a href="#top-level-browsing-context">top-level browsing context</a> or <a href="#auxiliary-browsing-context">auxiliary
browsing context</a> is to be created, subject to various user
- preferences and user agent policies, "maybe new" means the same as
- "new" but the requirements for those cases encourage user agents to
- treat it more like "none", and "none" means that by default nothing
- will happen.</p>
+ preferences and user agent policies, "none" means that nothing will
+ happen, and "maybe new" means the same as "new" if the "<code title="attr-iframe-sandbox-allow-popups"><a href="#attr-iframe-sandbox-allow-popups">allow-popups</a></code>"
+ keyword is also specified on the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute (or if the user
+ overrode the sandboxing), and the same as "none" otherwise.</p>
<table><thead><tr><th rowspan="2">Keyword
<th rowspan="2">Ordinary effect
@@ -52553,18 +52553,28 @@
<dl class="switch"><dt id="sandboxWindowOpen">If the current browsing context's
<a href="#active-document">active document</a>'s <a href="#active-sandboxing-flag-set">active sandboxing flag
- set</a> has the <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context
- flag</a> set.</dt>
+ set</a> has the <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing
+ context flag</a> set.</dt>
- <dd><p>The user agent may offer to create a new <a href="#top-level-browsing-context">top-level
- browsing context</a> or reuse an existing <a href="#top-level-browsing-context">top-level
- browsing context</a>. If the user picks one of those options,
- then the designated browsing context must be the chosen one (the
- browsing context's name isn't set to the given browsing context
- name). The default behaviour (if the user agent doesn't offer the
- option to the user, or if the user declines to allow a browsing
- context to be used) there must not be a chosen browsing
- context.</dd>
+ <dd>
+
+ <p>Typically, there is no chosen browsing context.</p>
+
+ <p>The user agent may offer to create a new <a href="#top-level-browsing-context">top-level
+ browsing context</a> or reuse an existing <a href="#top-level-browsing-context">top-level
+ browsing context</a>. If the user picks one of those options,
+ then the designated browsing context must be the chosen one (the
+ browsing context's name isn't set to the given browsing context
+ name). The default behaviour (if the user agent doesn't offer
+ the option to the user, or if the user declines to allow a
+ browsing context to be used) must be that there must not be a
+ chosen browsing context.</p>
+
+ <p class="warning">If this case occurs, it means that an author
+ has explicitly sandboxed the document that is trying to open a
+ link.</p>
+
+ </dd>
<dt id="noopener">If the user agent has been configured such that
@@ -52613,6 +52623,18 @@
users to configure the user agent to always reuse the current
browsing context.</p>
+ <p>If the current browsing context's <a href="#active-document">active
+ document</a>'s <a href="#active-sandboxing-flag-set">active sandboxing flag set</a> has the
+ <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</a> set and
+ chosen browsing context picked above, if any, is a new browsing
+ context (whether top-level or auxiliary), then all the flags that
+ are set in the current browsing context's <a href="#active-document">active
+ document</a>'s <a href="#active-sandboxing-flag-set">active sandboxing flag set</a> when the
+ new browsing context is created must be set in the new browsing
+ context's <a href="#popup-sandboxing-flag-set">popup sandboxing flag set</a>, and the current
+ browsing context must be set as the new browsing context's
+ <a href="#one-permitted-sandboxed-navigator">one permitted sandboxed navigator</a>.</p>
+
</li>
</ol></div>
@@ -53886,20 +53908,39 @@
<p>This flag <a href="#sandboxLinks">prevents content from
navigating browsing contexts other than the sandboxed browsing
context itself</a> (or browsing contexts further nested inside
- it), and the <a href="#top-level-browsing-context">top-level browsing context</a> (which is
+ it), <a href="#auxiliary-browsing-context" title="auxiliary browsing context">auxiliary browsing
+ contexts</a> (which are protected by the <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed
+ auxiliary navigation browsing context flag</a> defined next),
+ and the <a href="#top-level-browsing-context">top-level browsing context</a> (which is
protected by the <a href="#sandboxed-top-level-navigation-browsing-context-flag">sandboxed top-level navigation browsing
- context flag</a> defined next).</p>
+ context flag</a> defined below).</p>
- <p>This flag also <a href="#sandboxWindowOpen">prevents content
- from creating new auxiliary browsing contexts</a>, e.g. using the
- <code title="attr-hyperlink-target"><a href="#attr-hyperlink-target">target</a></code> attribute, the
- <code title="dom-open"><a href="#dom-open">window.open()</a></code> method, or the <code title="dom-showModalDialog"><a href="#dom-showmodaldialog">showModalDialog()</a></code> method.</p>
+ <p>If the <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing context
+ flag</a> is not set, then in certain cases the restrictions
+ nonetheless allow popups (new <a href="#top-level-browsing-context" title="top-level browsing
+ context">top-level browsing contexts</a>) to be opened. These
+ <a href="#browsing-context" title="browsing context">browsing contexts</a> always
+ have <dfn id="one-permitted-sandboxed-navigator">one permitted sandboxed navigator</dfn>, set when the
+ browsing context is created, which allows the <a href="#browsing-context">browsing
+ context</a> that created them to actually navigate them.
+ (Otherwise, the <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context
+ flag</a> would prevent them from being navigated even if they
+ were opened.)</p>
</dd>
- <dt>The <dfn id="sandboxed-top-level-navigation-browsing-context-flag">sandboxed top-level navigation browsing context
- flag</dfn></dt>
+ <dt>The <dfn id="sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing context flag</dfn></dt>
+
+ <dd>
+
+ <p>This flag <a href="#sandboxWindowOpen">prevents content from
+ creating new auxiliary browsing contexts</a>, e.g. using the <code title="attr-hyperlink-target"><a href="#attr-hyperlink-target">target</a></code> attribute, the <code title="dom-open"><a href="#dom-open">window.open()</a></code> method, or the <code title="dom-showModalDialog"><a href="#dom-showmodaldialog">showModalDialog()</a></code> method.</p>
+
+ </dd>
+
+
+ <dt>The <dfn id="sandboxed-top-level-navigation-browsing-context-flag">sandboxed top-level navigation browsing context flag</dfn></dt>
<dd>
@@ -53910,7 +53951,9 @@
is set, content can navigate its <a href="#top-level-browsing-context">top-level browsing
context</a>, but other <a href="#browsing-context" title="browsing context">browsing
contexts</a> are still protected by the <a href="#sandboxed-navigation-browsing-context-flag">sandboxed
- navigation browsing context flag</a> defined above.</p>
+ navigation browsing context flag</a> and possibly the
+ <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing context
+ flag</a>.</p>
</dd>
@@ -54010,6 +54053,10 @@
<ul><li><p>The <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</a></li>
+ <li><p>The <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing context
+ flag</a>, unless <var title="">tokens</var> contains the <dfn id="attr-iframe-sandbox-allow-popups" title="attr-iframe-sandbox-allow-popups"><code>allow-popups</code></dfn>
+ keyword</li>
+
<li><p>The <a href="#sandboxed-top-level-navigation-browsing-context-flag">sandboxed top-level navigation browsing context
flag</a>, unless <var title="">tokens</var> contains the <dfn id="attr-iframe-sandbox-allow-top-navigation" title="attr-iframe-sandbox-allow-top-navigation"><code>allow-top-navigation</code></dfn>
keyword</li>
@@ -54068,7 +54115,13 @@
</ul></li>
- </ol><hr><p>Every <a href="#nested-browsing-context">nested browsing context</a> has an
+ </ol><hr><p>Every <a href="#top-level-browsing-context">top-level browsing context</a> has a <dfn id="popup-sandboxing-flag-set">popup
+ sandboxing flag set</dfn>. When a <a href="#browsing-context">browsing context</a> is
+ created, its <a href="#popup-sandboxing-flag-set">popup sandboxing flag set</a> must be empty.
+ It is populated by <a href="#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name">the rules for choosing a browsing context
+ given a browsing context name</a>.</p>
+
+ <p>Every <a href="#nested-browsing-context">nested browsing context</a> has an
<dfn id="iframe-sandboxing-flag-set"><code>iframe</code> sandboxing flag set</dfn>, which is a
<a href="#sandboxing-flag-set">sandboxing flag set</a>. Which flags in a <a href="#nested-browsing-context">nested
browsing context</a>'s <a href="#iframe-sandboxing-flag-set"><code>iframe</code> sandboxing flag
@@ -54946,10 +54999,8 @@
<a href="#source-browsing-context">source browsing context</a> is not one of the <a href="#ancestor-browsing-context" title="ancestor browsing context">ancestor browsing
contexts</a> of the <a href="#browsing-context">browsing context</a> being
navigated, and the <a href="#browsing-context">browsing context</a> being navigated
- is not both a <a href="#top-level-browsing-context">top-level browsing context</a> and one of
- the <a href="#ancestor-browsing-context" title="ancestor browsing context">ancestor browsing
- contexts</a> of the <a href="#source-browsing-context">source browsing context</a>, and
- the <a href="#source-browsing-context">source browsing context</a>'s <a href="#active-document">active
+ is not a <a href="#top-level-browsing-context">top-level browsing context</a>, and the
+ <a href="#source-browsing-context">source browsing context</a>'s <a href="#active-document">active
document</a>'s <a href="#active-sandboxing-flag-set">active sandboxing flag set</a> has its
<a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</a> set, then
abort these steps.</p>
@@ -54963,14 +55014,29 @@
top-level navigation browsing context flag</a> set, then abort
these steps.</p>
- <p>In both cases, the user agent may additionally offer to open
- the new resource in a new <a href="#top-level-browsing-context">top-level browsing context</a>
- or in the <a href="#top-level-browsing-context">top-level browsing context</a> of the
- <a href="#source-browsing-context">source browsing context</a>, at the user's option, in
- which case the user agent must <a href="#navigate">navigate</a> that designated <a href="#top-level-browsing-context">top-level browsing
+ <p>Otherwise, if the <a href="#browsing-context">browsing context</a> being navigated
+ is a <a href="#top-level-browsing-context">top-level browsing context</a>, and is not one of
+ the <a href="#ancestor-browsing-context" title="ancestor browsing context">ancestor browsing
+ contexts</a> of the <a href="#source-browsing-context">source browsing context</a>, and
+ the <a href="#source-browsing-context">source browsing context</a>'s <code><a href="#document">Document</a></code>'s
+ <a href="#active-sandboxing-flag-set">active sandboxing flag set</a> has its <a href="#sandboxed-navigation-browsing-context-flag">sandboxed
+ navigation browsing context flag</a> set, and the <a href="#source-browsing-context">source
+ browsing context</a> is not the <a href="#one-permitted-sandboxed-navigator">one permitted sandboxed
+ navigator</a> of the <a href="#browsing-context">browsing context</a> being
+ navigated, then abort these steps.</p>
+
+ <p>In all of these cases, the user agent may additionally offer to
+ open the new resource in a new <a href="#top-level-browsing-context">top-level browsing
+ context</a> or in the <a href="#top-level-browsing-context">top-level browsing context</a>
+ of the <a href="#source-browsing-context">source browsing context</a>, at the user's option,
+ in which case the user agent must <a href="#navigate">navigate</a> that designated <a href="#top-level-browsing-context">top-level browsing
context</a> to the new resource as if the user had requested it
independently.</p>
+ <p class="note">Doing so, however, can be dangerous, as it means
+ that the user is overriding the author's explicit request to
+ sandbox the content.</p>
+
</li>
<li id="seamlessLinks"><p>If the <a href="#source-browsing-context">source browsing
@@ -55334,6 +55400,11 @@
<code><a href="#document">Document</a></code> object is created:</p>
<ul><li><p>If the <code><a href="#document">Document</a></code>'s <a href="#browsing-context">browsing
+ context</a> is a <a href="#top-level-browsing-context">top-level browsing context</a>,
+ then: the flags set on the <a href="#browsing-context">browsing context</a>'s
+ <a href="#popup-sandboxing-flag-set">popup sandboxing flag set</a>.</li>
+
+ <li><p>If the <code><a href="#document">Document</a></code>'s <a href="#browsing-context">browsing
context</a> is a <a href="#nested-browsing-context">nested browsing context</a>, then:
the flags set on the <a href="#browsing-context">browsing context</a>'s
<a href="#iframe-sandboxing-flag-set"><code>iframe</code> sandboxing flag set</a>.</li>
@@ -60817,10 +60888,13 @@
<li>
- <p>If the current browsing context's <a href="#active-document">active
- document</a>'s <a href="#active-sandboxing-flag-set">active sandboxing flag set</a> has its
- <a href="#sandboxed-navigation-browsing-context-flag">sandboxed navigation browsing context flag</a> set, then
- return the empty string and abort these steps.</p>
+ <p>If the <a href="#active-sandboxing-flag-set">active sandboxing flag set</a>
+ of the <a href="#active-document">active document</a>
+ of the <a href="#script-s-browsing-context" title="script's browsing context">browsing context</a>
+ of the <a href="#concept-script" title="concept-script">script</a> that invoked the method
+ has its
+ <a href="#sandboxed-auxiliary-navigation-browsing-context-flag">sandboxed auxiliary navigation browsing context flag</a>
+ set, then return the empty string and abort these steps.</p>
</li>
@@ -60872,6 +60946,22 @@
<li>
+ <p>Set all the flags
+ in the new browsing context's <a href="#popup-sandboxing-flag-set">popup sandboxing flag set</a>
+ that are set in the
+ <a href="#active-sandboxing-flag-set">active sandboxing flag set</a>
+ of the <a href="#active-document">active document</a>
+ of the <a href="#script-s-browsing-context" title="script's browsing context">browsing context</a>
+ of the <a href="#concept-script" title="concept-script">script</a> that invoked the method.
+ The <a href="#script-s-browsing-context" title="script's browsing context">browsing context</a>
+ of the <a href="#concept-script" title="concept-script">script</a> that invoked the method
+ must be set as the new browsing context's
+ <a href="#one-permitted-sandboxed-navigator">one permitted sandboxed navigator</a>.</p>
+
+ </li>
+
+ <li>
+
<p>Let the <a href="#dialog-arguments">dialog arguments</a> of the new browsing
context be set to the value of <var title="">argument</var>, or
the 'undefined' value if the argument was omitted.</p>
@@ -81118,6 +81208,7 @@
<td> Security rules for nested content
<td> <a href="#unordered-set-of-unique-space-separated-tokens">Unordered set of unique space-separated tokens</a>, <a href="#ascii-case-insensitive">ASCII case-insensitive</a>, consisting of
"<code title="attr-iframe-sandbox-allow-forms"><a href="#attr-iframe-sandbox-allow-forms">allow-forms</a></code>",
+ "<code title="attr-iframe-sandbox-allow-popups"><a href="#attr-iframe-sandbox-allow-popups">allow-popups</a></code>",
"<code title="attr-iframe-sandbox-allow-same-origin"><a href="#attr-iframe-sandbox-allow-same-origin">allow-same-origin</a></code>",
"<code title="attr-iframe-sandbox-allow-scripts"><a href="#attr-iframe-sandbox-allow-scripts">allow-scripts</a></code> and
"<code title="attr-iframe-sandbox-allow-top-navigation"><a href="#attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</a></code>"
Received on Tuesday, 17 April 2012 05:03:02 UTC