HTML Standard Tracker

Diff (omit for latest revision)
Filter

Short URL: http://html5.org/r/6657

File a bug

SVNBugCommentTime (UTC)
665712390[Gecko] [Internet Explorer] [Opera] [Webkit] Drop text/html-sandboxed2011-10-11 00:26
Index: source
===================================================================
--- source	(revision 6656)
+++ source	(revision 6657)
@@ -1993,9 +1993,8 @@
   type and subtype, with no MIME Type parameters. <a
   href="#refsHTTP">[HTTP]</a></p>
 
-  <p>The term <dfn>HTML MIME type</dfn> is used to refer to the <span
-  title="MIME type">MIME types</span> <code>text/html</code> and
-  <code>text/html-sandboxed</code>.</p>
+  <p>The term <dfn>HTML MIME type</dfn> is used to refer to the
+  <span>MIME type</span> <code>text/html</code>.</p>
 
   <p>A resource's <dfn>critical subresources</dfn> are those that the
   resource needs to have available to be correctly processed. Which
@@ -9451,8 +9450,7 @@
     <p>If the contents are <span title="sandboxed origin browsing
     context flag">sandboxed into a unique origin</span> (in an
     <code>iframe</code> with the <code
-    title="attr-iframe-sandbox">sandbox</code> attribute) or the
-    resource was labeled as <code>text/html-sandboxed</code>, a
+    title="attr-iframe-sandbox">sandbox</code> attribute), a
     <code>SecurityError</code> exception will be thrown on getting and
     setting.</p>
    </dd>
@@ -25812,7 +25810,7 @@
   an attacker can convince the user to just visit the hostile content
   directly, rather than in the <code>iframe</code>. To limit the
   damage that can be caused by hostile HTML content, it should be
-  served using the <code>text/html-sandboxed</code> MIME type.</p>
+  served from a separate dedicated domain.</p>
 
   <div class="impl">
 
@@ -26027,30 +26025,20 @@
 
    <p>In this example, some completely-unknown, potentially hostile,
    user-provided HTML content is embedded in a page. Because it is
-   sandboxed, it is treated by the user agent as being from a unique
-   origin, despite the content being served from the same site. Thus
-   it is affected by all the normal cross-site restrictions. In
-   addition, the embedded page has scripting disabled, plugins
-   disabled, forms disabled, and it cannot navigate any frames or
-   windows other than itself (or any frames or windows it itself
-   embeds).</p>
+   served from a separate domain, it is affected by all the normal
+   cross-site restrictions. In addition, the embedded page has
+   scripting disabled, plugins disabled, forms disabled, and it cannot
+   navigate any frames or windows other than itself (or any frames or
+   windows it itself embeds).</p>
 
    <pre>&lt;p>We're not scared of you! Here is your content, unedited:&lt;/p>
-&lt;iframe sandbox src="getusercontent.cgi?id=12193">&lt;/iframe></pre>
+&lt;iframe sandbox src="http://usercontent.example.net/getusercontent.cgi?id=12193">&lt;/iframe></pre>
 
-   <p>Note that cookies are still sent to the server in the <code
-   title="">getusercontent.cgi</code> request, though they are not
-   visible in the <code
-   title="dom-document-cookie">document.cookie</code> IDL
-   attribute.</p>
+   <p class="warning">It is important to use a separate domain so that
+   if the attacker convinces the user to visit that page directly, the
+   page doesn't run in the context of the site's origin, which would
+   make the user vulnerable to any attack found in the page.</p>
 
-   <p class="warning">It is important that the server serve the
-   user-provided HTML using the <code>text/html-sandboxed</code> MIME
-   type so that if the attacker convinces the user to visit that page
-   directly, the page doesn't run in the context of the site's origin,
-   which would make the user vulnerable to any attack found in the
-   page.</p>
-
   </div>
 
   <div class="example">
@@ -26113,13 +26101,11 @@
 
   </div>
 
-  <p class="note">Potentially hostile files can be served from the
-  same server as the file containing the <code>iframe</code> element
-  by labeling them as <code>text/html-sandboxed</code> instead of
-  <code>text/html</code>. This ensures that scripts in the files are
-  unable to attack the site (as if they were actually served from
-  another server), even if the user is tricked into visiting those
-  pages directly, without the protection of the <code
+  <p class="note">Potentially hostile files should not be served from
+  the same server as the file containing the <code>iframe</code>
+  element. Using a different domain ensures that scripts in the files
+  are unable to attack the site, even if the user is tricked into
+  visiting those pages directly, without the protection of the <code
   title="attr-iframe-sandbox">sandbox</code> attribute.</p>
 
   <p class="warning">If the <code
@@ -26444,7 +26430,6 @@
    <li>The element's <code>Document</code> is <span>fully active</span>.</li>
    <li>The element has either a <code title="attr-embed-src">src</code> attribute set or a <code title="attr-embed-type">type</code> attribute set (or both).</li>
    <li>The element's <code title="attr-embed-src">src</code> attribute is either absent or its value is the empty string.</li>
-   <li>The element's <code>Document</code> was not parsed from a resource whose <span title="Content-Type sniffing">sniffed type</span> as determined during <span title="navigate">navigation</span> is <code>text/html-sandboxed</code> (unless this has been overridden as described above).</li>
    <li>The element is not a descendant of a <span>media element</span>.</li>
    <li>The element is not a descendant of an <code>object</code> element that is not showing its <span>fallback content</span>.</li>
   </ul>
@@ -26516,32 +26501,19 @@
 
   <p id="sandboxPluginEmbed">When a <span>plugin</span> is to be
   instantiated but it cannot be <span
-  title="concept-plugin-secure">secured</span> and either:
+  title="concept-plugin-secure">secured</span> and the <span>sandboxed
+  plugins browsing context flag</span> was set on the <span>browsing
+  context</span> for which the <code>embed</code> element's
+  <code>Document</code> is the <span>active document</span> when that
+  <code>Document</code> was created, then the user agent must not
+  instantiate the <span>plugin</span>, and must instead render the
+  <code>embed</code> element in a manner that conveys that the
+  <span>plugin</span> was disabled. The user agent may offer the user
+  the option to override the sandbox and instantiate the
+  <span>plugin</span> anyway; if the user invokes such an option, the
+  user agent must act as if the conditions above did not apply for the
+  purposes of this element.</p>
 
-  <ul>
-
-   <li>the <span>sandboxed plugins browsing context flag</span> was
-   set on the <span>browsing context</span> for which the
-   <code>embed</code> element's <code>Document</code> is the
-   <span>active document</span> when that <code>Document</code> was
-   created, or</li>
-
-   <li>the <code>embed</code> element's <code>Document</code> was
-   parsed from a resource whose <span title="Content-Type
-   sniffing">sniffed type</span> as determined during <span
-   title="navigate">navigation</span> is
-   <code>text/html-sandboxed</code></li>
-
-  </ul>
-
-  <p>...then the user agent must not instantiate the
-  <span>plugin</span>, and must instead render the <code>embed</code>
-  element in a manner that conveys that the <span>plugin</span> was
-  disabled. The user agent may offer the user the option to override
-  the sandbox and instantiate the <span>plugin</span> anyway; if the
-  user invokes such an option, the user agent must act as if the
-  conditions above did not apply for the purposes of this element.</p>
-
   <p class="warning">Plugins that cannot be <span
   title="concept-plugin-secure">secured</span> are disabled in
   sandboxed browsing contexts because they might not honor the
@@ -27419,23 +27391,11 @@
   context</span>.</p>
 
   <p id="sandboxPluginObject">Plugins are considered sandboxed for the
-  purpose of an <code>object</code> element if either:</p>
+  purpose of an <code>object</code> element if the <span>sandboxed
+  plugins browsing context flag</span> was set on the
+  <code>object</code> element's <code>Document</code>'s <span>browsing
+  context</span> when the <code>Document</code> was created.</p>
 
-  <ul>
-
-   <li>the <span>sandboxed plugins browsing context flag</span> was
-   set on the <code>object</code> element's <code>Document</code>'s
-   <span>browsing context</span> when the <code>Document</code> was
-   created, or</li>
-
-   <li>the <code>object</code> element's <code>Document</code> was
-   parsed from a resource whose <span title="Content-Type
-   sniffing">sniffed type</span> as determined during <span
-   title="navigate">navigation</span> is
-   <code>text/html-sandboxed</code></li>
-
-  </ul>
-
   <p class="note">The above algorithm is independent of CSS properties
   (including 'display', 'overflow', and 'visibility'). For example, it
   runs even if the element is hidden with a 'display:none' CSS style,
@@ -71871,9 +71831,6 @@
      browsing context flag</span> was set when the
      <code>Document</code> was created</dt>
 
-     <dt>If a <code>Document</code> was generated from a resource
-     labeled as <code>text/html-sandboxed</code></dt>
-
      <dd>The <span>origin</span> is a globally unique identifier
      assigned when the <code>Document</code> is created.</dd>
 
@@ -73678,7 +73635,6 @@
 
      <!-- an <span>HTML MIME type</span> -->
      <dt>"<code>text/html</code>"</dt>
-     <dt>"<code>text/html-sandboxed</code>"</dt>
      <dd>Follow the steps given in the <span
      title="navigate-html">HTML document</span> section, and abort
      these steps.</dd>
@@ -80646,7 +80602,6 @@
 
      <li><code>text/cache-manifest</code></li>
      <li><code>text/css</code></li>
-     <li><code>text/html-sandboxed</code></li>
      <li><code>text/html</code></li>
      <li><code>text/ping</code></li>
      <li><code>text/plain</code></li>
@@ -109150,11 +109105,7 @@
   <span>fully active</span>, and when the element's
   <code>Document</code>'s <span>browsing context</span> had its
   <span>sandboxed plugins browsing context flag</span> when that
-  <code>Document</code> was created, and when the element's
-  <code>Document</code> was parsed from a resource whose <span
-  title="Content-Type sniffing">sniffed type</span> as determined
-  during <span title="navigate">navigation</span> is
-  <code>text/html-sandboxed</code>, and when the element has an
+  <code>Document</code> was created, and when the element has an
   ancestor <span>media element</span>, and when the element has an
   ancestor <code>object</code> element that is <em>not</em> showing
   its <span>fallback content</span>, and when no Java Language runtime
@@ -110693,95 +110644,8 @@
   provide state information for in-page scripts.</p>
 
 
-  <h3><dfn><code>text/html-sandboxed</code></dfn></h3>
 
-  <p>This registration is for community review and will be submitted
-  to the IESG for review, approval, and registration with IANA.</p>
 
-  <!--
-   To: ietf-types@iana.org
-   Subject: Registration of media type text/html-sandboxed
-  -->
-
-  <dl>
-   <dt>Type name:</dt>
-   <dd>text</dd>
-   <dt>Subtype name:</dt>
-   <dd>html-sandboxed</dd>
-   <dt>Required parameters:</dt>
-   <dd>No required parameters</dd>
-   <dt>Optional parameters:</dt>
-   <dd>Same as for <code>text/html</code></dd>
-   <dt>Encoding considerations:</dt>
-   <dd>Same as for <code>text/html</code></dd>
-   <dt>Security considerations:</dt>
-   <dd>
-    <p>The purpose of the <code>text/html-sandboxed</code> MIME type
-    is to provide a way for content providers to indicate that they
-    want the file to be interpreted in a manner that does not give the
-    file's contents access to the rest of the site. This is achieved
-    by assigning the <code>Document</code> objects generated from
-    resources labeled as <code>text/html-sandboxed</code> unique
-    origins.</p>
-    <p>To avoid having legacy user agents treating resources labeled
-    as <code>text/html-sandboxed</code> as regular
-    <code>text/html</code> files, authors should avoid using the <code
-    title="">.html</code> or <code title="">.htm</code> extensions for
-    resources labeled as <code>text/html-sandboxed</code>.</p>
-    <p>Furthermore, since the <code>text/html-sandboxed</code> MIME
-    type impacts the origin security model, authors should be careful
-    to prevent tampering with the MIME type labeling mechanism itself
-    when documents are labeled as <code>text/html-sandboxed</code>. If
-    an attacker can cause a file to be served as
-    <code>text/html</code> instead of
-    <code>text/html-sandboxed</code>, then the sandboxing will not
-    take effect and a cross-site scripting attack will become
-    possible.</p>
-    <p>Beyond this, the type is identical to <code>text/html</code>,
-    and the same considerations apply.</p>
-   </dd>
-   <dt>Interoperability considerations:</dt>
-   <dd>Same as for <code>text/html</code></dd>
-   <dt>Published specification:</dt>
-   <dd>
-    This document is the relevant specification. Labeling a resource
-    with the <code>text/html-sandboxed</code> type asserts that the
-    resource is an <span title="HTML documents">HTML document</span>
-    using <span>the HTML syntax</span>.
-   </dd>
-   <dt>Applications that use this media type:</dt>
-   <dd>Same as for <code>text/html</code></dd>
-   <dt>Additional information:</dt>
-   <dd>
-    <dl>
-     <dt>Magic number(s):</dt>
-     <dd>Documents labeled as <code>text/html-sandboxed</code> are
-     heuristically indistinguishable from those labeled as
-     <code>text/html</code>.</dd>
-     <dt>File extension(s):</dt>
-     <dd>"<code title="">sandboxed</code>"</dd>
-     <dt>Macintosh file type code(s):</dt>
-     <dd><code title="">TEXT</code></dd>
-    </dl>
-   </dd>
-   <dt>Person &amp; email address to contact for further information:</dt>
-   <dd>Ian Hickson &lt;ian@hixie.ch></dd>
-   <dt>Intended usage:</dt>
-   <dd>Common</dd>
-   <dt>Restrictions on usage:</dt>
-   <dd>No restrictions apply.</dd>
-   <dt>Author:</dt>
-   <dd>Ian Hickson &lt;ian@hixie.ch></dd>
-   <dt>Change controller:</dt>
-   <dd>W3C</dd>
-  </dl>
-
-  <p>Fragment identifiers used with <code>text/html-sandboxed</code>
-  resources either refer to <span>the indicated part of the
-  document</span> or provide state information for in-page
-  scripts.</p>
-
-
   <h3><dfn><code>multipart/x-mixed-replace</code></dfn></h3>
 
   <p>This registration is for community review and will be submitted

|