Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[e] (0) Refactor the sandboxing flags further to make it even easier …
…to hook into for CSP.

Affected topics: HTML

git-svn-id: http://svn.whatwg.org/webapps@7053 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Apr 13, 2012
1 parent 7f5482c commit 8ed65f1
Show file tree
Hide file tree
Showing 3 changed files with 257 additions and 236 deletions.
155 changes: 80 additions & 75 deletions complete.html
Expand Up @@ -25359,80 +25359,12 @@ <h4 id=the-iframe-element><span class=secno>4.8.2 </span>The <dfn><code>iframe</
-->

<p>While the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code>
attribute is specified, the <code><a href=#the-iframe-element>iframe</a></code> element's
<a href=#nested-browsing-context>nested browsing context</a>'s <a href=#iframe-sandboxing-flag-set><code>iframe</code>
sandboxing flag set</a> must have the flags given in the
following list set.</p>

<ul><li><p>The <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a></li>

<li><p>The <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context
flag</a>, unless the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute's value, when
<a href=#split-a-string-on-spaces title="split a string on spaces">split on spaces</a>, is
found to have the <dfn id=attr-iframe-sandbox-allow-top-navigation title=attr-iframe-sandbox-allow-top-navigation><code>allow-top-navigation</code></dfn>
keyword set</li>

<li><p>The <a href=#sandboxed-plugins-browsing-context-flag>sandboxed plugins browsing context flag</a></li>

<li><p>The <a href=#sandboxed-seamless-iframes-flag>sandboxed seamless iframes flag</a></li>

<li>

<p>The <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a>, unless
the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute's
value, when <a href=#split-a-string-on-spaces title="split a string on spaces">split on
spaces</a>, is found to have the <dfn id=attr-iframe-sandbox-allow-same-origin title=attr-iframe-sandbox-allow-same-origin><code>allow-same-origin</code></dfn>
keyword set</p>

<div class=note>

<p>The <code title=attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code>
keyword is intended for two cases.</p>

<p>First, it can be used to allow content from the same site to
be sandboxed to disable scripting, while still allowing access to
the DOM of the sandboxed content.</p>

<p>Second, it can be used to embed content from a third-party
site, sandboxed to prevent that site from opening popup windows,
etc, without preventing the embedded page from communicating back
to its originating site, using the database APIs to store data,
etc.</p>

</div>

</li>

<li><p>The <a href=#sandboxed-forms-browsing-context-flag>sandboxed forms browsing context flag</a>, unless
the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute's
value, when <a href=#split-a-string-on-spaces title="split a string on spaces">split on
spaces</a>, is found to have the <dfn id=attr-iframe-sandbox-allow-forms title=attr-iframe-sandbox-allow-forms><code>allow-forms</code></dfn>
keyword set</li>

<li><p>The <a href=#sandboxed-scripts-browsing-context-flag>sandboxed scripts browsing context flag</a>, unless
the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute's
value, when <a href=#split-a-string-on-spaces title="split a string on spaces">split on
spaces</a>, is found to have the <dfn id=attr-iframe-sandbox-allow-scripts title=attr-iframe-sandbox-allow-scripts><code>allow-scripts</code></dfn>
keyword set</li>

<li>

<p>The <a href=#sandboxed-automatic-features-browsing-context-flag>sandboxed automatic features browsing context
flag</a>, unless the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute's value, when
<a href=#split-a-string-on-spaces title="split a string on spaces">split on spaces</a>, is
found to have the <code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>
keyword (defined above) set</p>

<p class=note>This flag is relaxed by the same flag as
scripts, because when scripts are enabled these features are
trivially possible anyway, and it would be unfortunate to force
authors to use script to do them when sandboxed rather than
allowing them to use the declarative features.</p>

</li>

</ul><p>These flags must not be set unless the conditions listed above
define them as being set.</p>
attribute is set or changed, the user agent must <a href=#parse-a-sandboxing-directive title="parse
a sandboxing directive">parse the sandboxing directive</a> using
the attribute's value as the <var title="">input</var> and the
<code><a href=#the-iframe-element>iframe</a></code> element's <a href=#nested-browsing-context>nested browsing context</a>'s
<a href=#iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag set</a> as the
output.</p>

<p class=warning>These flags only take effect when the
<a href=#nested-browsing-context>nested browsing context</a> of the <code><a href=#the-iframe-element>iframe</a></code> is
Expand Down Expand Up @@ -65547,7 +65479,80 @@ <h3 id=sandboxing><span class=secno>6.4 </span>Sandboxing</h3>

</dd>

</dl><p>Every <a href=#nested-browsing-context>nested browsing context</a> has an
</dl><p>When the user agent is to <dfn id=parse-a-sandboxing-directive>parse a sandboxing
directive</dfn>, given a string <var title="">input</var> and a
<a href=#sandboxing-flag-set>sandboxing flag set</a> <var title="">output</var>, it must
run the following steps:</p>

<ol><li><p><a href=#split-a-string-on-spaces title="split a string on spaces">Split <var title="">input</var> on spaces</a>, to obtain <var title="">tokens</var>.</li>

<li><p>Let <var title="">output</var> be empty.</li>

<li>

<p>Add the following flags to <var title="">output</var>:</p>

<ul><li><p>The <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a></li>

<li><p>The <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context
flag</a>, unless <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-top-navigation title=attr-iframe-sandbox-allow-top-navigation><code>allow-top-navigation</code></dfn>
keyword</li>

<li><p>The <a href=#sandboxed-plugins-browsing-context-flag>sandboxed plugins browsing context flag</a></li>

<li><p>The <a href=#sandboxed-seamless-iframes-flag>sandboxed seamless iframes flag</a></li>

<li>

<p>The <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a>,
unless the <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-same-origin title=attr-iframe-sandbox-allow-same-origin><code>allow-same-origin</code></dfn>
keyword</p>

<div class=note>

<p>The <code title=attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code>
keyword is intended for two cases.</p>

<p>First, it can be used to allow content from the same site to
be sandboxed to disable scripting, while still allowing access to
the DOM of the sandboxed content.</p>

<p>Second, it can be used to embed content from a third-party
site, sandboxed to prevent that site from opening popup windows,
etc, without preventing the embedded page from communicating back
to its originating site, using the database APIs to store data,
etc.</p>

</div>

</li>

<li><p>The <a href=#sandboxed-forms-browsing-context-flag>sandboxed forms browsing context flag</a>,
unless <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-forms title=attr-iframe-sandbox-allow-forms><code>allow-forms</code></dfn>
keyword</li>

<li><p>The <a href=#sandboxed-scripts-browsing-context-flag>sandboxed scripts browsing context flag</a>,
unless <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-scripts title=attr-iframe-sandbox-allow-scripts><code>allow-scripts</code></dfn>
keyword</li>

<li>

<p>The <a href=#sandboxed-automatic-features-browsing-context-flag>sandboxed automatic features browsing context
flag</a>, unless <var title="">tokens</var> contains the
<code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>
keyword (defined above)</p>

<p class=note>This flag is relaxed by the same keyword as
scripts, because when scripts are enabled these features are
trivially possible anyway, and it would be unfortunate to force
authors to use script to do them when sandboxed rather than
allowing them to use the declarative features.</p>

</li>

</ul></li>

</ol><hr><p>Every <a href=#nested-browsing-context>nested browsing context</a> has an
<dfn id=iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag set</dfn>, which is a
<a href=#sandboxing-flag-set>sandboxing flag set</a>. Which flags in a <a href=#nested-browsing-context>nested
browsing context</a>'s <a href=#iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag
Expand Down
155 changes: 80 additions & 75 deletions index
Expand Up @@ -25359,80 +25359,12 @@ href="?audio"&gt;audio&lt;/a&gt; test instead.)&lt;/p&gt;</pre>
-->

<p>While the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code>
attribute is specified, the <code><a href=#the-iframe-element>iframe</a></code> element's
<a href=#nested-browsing-context>nested browsing context</a>'s <a href=#iframe-sandboxing-flag-set><code>iframe</code>
sandboxing flag set</a> must have the flags given in the
following list set.</p>

<ul><li><p>The <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a></li>

<li><p>The <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context
flag</a>, unless the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute's value, when
<a href=#split-a-string-on-spaces title="split a string on spaces">split on spaces</a>, is
found to have the <dfn id=attr-iframe-sandbox-allow-top-navigation title=attr-iframe-sandbox-allow-top-navigation><code>allow-top-navigation</code></dfn>
keyword set</li>

<li><p>The <a href=#sandboxed-plugins-browsing-context-flag>sandboxed plugins browsing context flag</a></li>

<li><p>The <a href=#sandboxed-seamless-iframes-flag>sandboxed seamless iframes flag</a></li>

<li>

<p>The <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a>, unless
the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute's
value, when <a href=#split-a-string-on-spaces title="split a string on spaces">split on
spaces</a>, is found to have the <dfn id=attr-iframe-sandbox-allow-same-origin title=attr-iframe-sandbox-allow-same-origin><code>allow-same-origin</code></dfn>
keyword set</p>

<div class=note>

<p>The <code title=attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code>
keyword is intended for two cases.</p>

<p>First, it can be used to allow content from the same site to
be sandboxed to disable scripting, while still allowing access to
the DOM of the sandboxed content.</p>

<p>Second, it can be used to embed content from a third-party
site, sandboxed to prevent that site from opening popup windows,
etc, without preventing the embedded page from communicating back
to its originating site, using the database APIs to store data,
etc.</p>

</div>

</li>

<li><p>The <a href=#sandboxed-forms-browsing-context-flag>sandboxed forms browsing context flag</a>, unless
the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute's
value, when <a href=#split-a-string-on-spaces title="split a string on spaces">split on
spaces</a>, is found to have the <dfn id=attr-iframe-sandbox-allow-forms title=attr-iframe-sandbox-allow-forms><code>allow-forms</code></dfn>
keyword set</li>

<li><p>The <a href=#sandboxed-scripts-browsing-context-flag>sandboxed scripts browsing context flag</a>, unless
the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute's
value, when <a href=#split-a-string-on-spaces title="split a string on spaces">split on
spaces</a>, is found to have the <dfn id=attr-iframe-sandbox-allow-scripts title=attr-iframe-sandbox-allow-scripts><code>allow-scripts</code></dfn>
keyword set</li>

<li>

<p>The <a href=#sandboxed-automatic-features-browsing-context-flag>sandboxed automatic features browsing context
flag</a>, unless the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute's value, when
<a href=#split-a-string-on-spaces title="split a string on spaces">split on spaces</a>, is
found to have the <code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>
keyword (defined above) set</p>

<p class=note>This flag is relaxed by the same flag as
scripts, because when scripts are enabled these features are
trivially possible anyway, and it would be unfortunate to force
authors to use script to do them when sandboxed rather than
allowing them to use the declarative features.</p>

</li>

</ul><p>These flags must not be set unless the conditions listed above
define them as being set.</p>
attribute is set or changed, the user agent must <a href=#parse-a-sandboxing-directive title="parse
a sandboxing directive">parse the sandboxing directive</a> using
the attribute's value as the <var title="">input</var> and the
<code><a href=#the-iframe-element>iframe</a></code> element's <a href=#nested-browsing-context>nested browsing context</a>'s
<a href=#iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag set</a> as the
output.</p>

<p class=warning>These flags only take effect when the
<a href=#nested-browsing-context>nested browsing context</a> of the <code><a href=#the-iframe-element>iframe</a></code> is
Expand Down Expand Up @@ -65547,7 +65479,80 @@ x === this; // true</pre>

</dd>

</dl><p>Every <a href=#nested-browsing-context>nested browsing context</a> has an
</dl><p>When the user agent is to <dfn id=parse-a-sandboxing-directive>parse a sandboxing
directive</dfn>, given a string <var title="">input</var> and a
<a href=#sandboxing-flag-set>sandboxing flag set</a> <var title="">output</var>, it must
run the following steps:</p>

<ol><li><p><a href=#split-a-string-on-spaces title="split a string on spaces">Split <var title="">input</var> on spaces</a>, to obtain <var title="">tokens</var>.</li>

<li><p>Let <var title="">output</var> be empty.</li>

<li>

<p>Add the following flags to <var title="">output</var>:</p>

<ul><li><p>The <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a></li>

<li><p>The <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context
flag</a>, unless <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-top-navigation title=attr-iframe-sandbox-allow-top-navigation><code>allow-top-navigation</code></dfn>
keyword</li>

<li><p>The <a href=#sandboxed-plugins-browsing-context-flag>sandboxed plugins browsing context flag</a></li>

<li><p>The <a href=#sandboxed-seamless-iframes-flag>sandboxed seamless iframes flag</a></li>

<li>

<p>The <a href=#sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a>,
unless the <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-same-origin title=attr-iframe-sandbox-allow-same-origin><code>allow-same-origin</code></dfn>
keyword</p>

<div class=note>

<p>The <code title=attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code>
keyword is intended for two cases.</p>

<p>First, it can be used to allow content from the same site to
be sandboxed to disable scripting, while still allowing access to
the DOM of the sandboxed content.</p>

<p>Second, it can be used to embed content from a third-party
site, sandboxed to prevent that site from opening popup windows,
etc, without preventing the embedded page from communicating back
to its originating site, using the database APIs to store data,
etc.</p>

</div>

</li>

<li><p>The <a href=#sandboxed-forms-browsing-context-flag>sandboxed forms browsing context flag</a>,
unless <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-forms title=attr-iframe-sandbox-allow-forms><code>allow-forms</code></dfn>
keyword</li>

<li><p>The <a href=#sandboxed-scripts-browsing-context-flag>sandboxed scripts browsing context flag</a>,
unless <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-scripts title=attr-iframe-sandbox-allow-scripts><code>allow-scripts</code></dfn>
keyword</li>

<li>

<p>The <a href=#sandboxed-automatic-features-browsing-context-flag>sandboxed automatic features browsing context
flag</a>, unless <var title="">tokens</var> contains the
<code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>
keyword (defined above)</p>

<p class=note>This flag is relaxed by the same keyword as
scripts, because when scripts are enabled these features are
trivially possible anyway, and it would be unfortunate to force
authors to use script to do them when sandboxed rather than
allowing them to use the declarative features.</p>

</li>

</ul></li>

</ol><hr><p>Every <a href=#nested-browsing-context>nested browsing context</a> has an
<dfn id=iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag set</dfn>, which is a
<a href=#sandboxing-flag-set>sandboxing flag set</a>. Which flags in a <a href=#nested-browsing-context>nested
browsing context</a>'s <a href=#iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag
Expand Down

0 comments on commit 8ed65f1

Please sign in to comment.