Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[e] (0) Mention that this example should use text/html-sandboxed.
git-svn-id: http://svn.whatwg.org/webapps@4625 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Jan 24, 2010
1 parent 836d3d3 commit 53ef3ca
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 0 deletions.
7 changes: 7 additions & 0 deletions complete.html
Expand Up @@ -19960,6 +19960,13 @@ <h4 id=the-iframe-element><span class=secno>4.8.3 </span>The <dfn><code>iframe</
visible in the <code title=dom-document-cookie><a href=#dom-document-cookie>document.cookie</a></code> IDL
attribute.</p>

<p class=warning>It is important that the server serve the
user-provided HTML using the <code><a href=#text/html-sandboxed>text/html-sandboxed</a></code> MIME
type so that if the attacker convinces the user to visit that page
directly, the page doesn't run in the context of the site's origin,
which would make the user vulnerable to any attack found in the
page.</p>

</div>

<div class=example>
Expand Down
7 changes: 7 additions & 0 deletions index
Expand Up @@ -19860,6 +19860,13 @@ href="?audio"&gt;audio&lt;/a&gt; test instead.)&lt;/p&gt;</pre>
visible in the <code title=dom-document-cookie><a href=#dom-document-cookie>document.cookie</a></code> IDL
attribute.</p>

<p class=warning>It is important that the server serve the
user-provided HTML using the <code><a href=#text/html-sandboxed>text/html-sandboxed</a></code> MIME
type so that if the attacker convinces the user to visit that page
directly, the page doesn't run in the context of the site's origin,
which would make the user vulnerable to any attack found in the
page.</p>

</div>

<div class=example>
Expand Down
7 changes: 7 additions & 0 deletions source
Expand Up @@ -21257,6 +21257,13 @@ href="?audio">audio&lt;/a> test instead.)&lt;/p></pre>
title="dom-document-cookie">document.cookie</code> IDL
attribute.</p>

<p class="warning">It is important that the server serve the
user-provided HTML using the <code>text/html-sandboxed</code> MIME
type so that if the attacker convinces the user to visit that page
directly, the page doesn't run in the context of the site's origin,
which would make the user vulnerable to any attack found in the
page.</p>

</div>

<div class="example">
Expand Down

0 comments on commit 53ef3ca

Please sign in to comment.