Short URL: http://html5.org/r/7053
| SVN | Bug | Comment | Time (UTC) |
|---|---|---|---|
| 7053 | Refactor the sandboxing flags further to make it even easier to hook into for CSP. | 2012-04-13 23:10 |
Index: source =================================================================== --- source (revision 7052) +++ source (revision 7053) @@ -27244,93 +27244,13 @@ --> <p>While the <code title="attr-iframe-sandbox">sandbox</code> - attribute is specified, the <code>iframe</code> element's - <span>nested browsing context</span>'s <span><code>iframe</code> - sandboxing flag set</span> must have the flags given in the - following list set.</p> + attribute is set or changed, the user agent must <span title="parse + a sandboxing directive">parse the sandboxing directive</span> using + the attribute's value as the <var title="">input</var> and the + <code>iframe</code> element's <span>nested browsing context</span>'s + <span><code>iframe</code> sandboxing flag set</span> as the + output.</p> - <ul> - - <li><p>The <span>sandboxed navigation browsing context flag</span></p></li> - - <li><p>The <span>sandboxed top-level navigation browsing context - flag</span>, unless the <code - title="attr-iframe-sandbox">sandbox</code> attribute's value, when - <span title="split a string on spaces">split on spaces</span>, is - found to have the <dfn - title="attr-iframe-sandbox-allow-top-navigation"><code>allow-top-navigation</code></dfn> - keyword set</p></li> - - <li><p>The <span>sandboxed plugins browsing context flag</span></p></li> - - <li><p>The <span>sandboxed seamless iframes flag</span></p></li> - - <li> - - <p>The <span>sandboxed origin browsing context flag</span>, unless - the <code title="attr-iframe-sandbox">sandbox</code> attribute's - value, when <span title="split a string on spaces">split on - spaces</span>, is found to have the <dfn - title="attr-iframe-sandbox-allow-same-origin"><code>allow-same-origin</code></dfn> - keyword set</p> - - <div class="note"> - - <p>The <code - title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code> - keyword is intended for two cases.</p> - - <p>First, it can be used to allow content from the same site to - be sandboxed to disable scripting, while still allowing access to - the DOM of the sandboxed content.</p> - - <p>Second, it can be used to embed content from a third-party - site, sandboxed to prevent that site from opening popup windows, - etc, without preventing the embedded page from communicating back - to its originating site, using the database APIs to store data, - etc.</p> - - </div> - - </li> - - <li><p>The <span>sandboxed forms browsing context flag</span>, unless - the <code title="attr-iframe-sandbox">sandbox</code> attribute's - value, when <span title="split a string on spaces">split on - spaces</span>, is found to have the <dfn - title="attr-iframe-sandbox-allow-forms"><code>allow-forms</code></dfn> - keyword set</p></li> - - <li><p>The <span>sandboxed scripts browsing context flag</span>, unless - the <code title="attr-iframe-sandbox">sandbox</code> attribute's - value, when <span title="split a string on spaces">split on - spaces</span>, is found to have the <dfn - title="attr-iframe-sandbox-allow-scripts"><code>allow-scripts</code></dfn> - keyword set</p></li> - - <li> - - <p>The <span>sandboxed automatic features browsing context - flag</span>, unless the <code - title="attr-iframe-sandbox">sandbox</code> attribute's value, when - <span title="split a string on spaces">split on spaces</span>, is - found to have the <code - title="attr-iframe-sandbox-allow-scripts">allow-scripts</code> - keyword (defined above) set</p> - - <p class="note">This flag is relaxed by the same flag as - scripts, because when scripts are enabled these features are - trivially possible anyway, and it would be unfortunate to force - authors to use script to do them when sandboxed rather than - allowing them to use the declarative features.</p> - - </li> - - </ul> - - <p>These flags must not be set unless the conditions listed above - define them as being set.</p> - <p class="warning">These flags only take effect when the <span>nested browsing context</span> of the <code>iframe</code> is <span title="navigate">navigated</span>. Removing them, or removing @@ -76727,6 +76647,97 @@ </dl> + <p>When the user agent is to <dfn>parse a sandboxing + directive</dfn>, given a string <var title="">input</var> and a + <span>sandboxing flag set</span> <var title="">output</var>, it must + run the following steps:</p> + + <ol> + + <li><p><span title="split a string on spaces">Split <var + title="">input</var> on spaces</span>, to obtain <var + title="">tokens</var>.</p></li> + + <li><p>Let <var title="">output</var> be empty.</p></li> + + <li> + + <p>Add the following flags to <var title="">output</var>:</p> + + <ul> + + <li><p>The <span>sandboxed navigation browsing context flag</span></p></li> + + <li><p>The <span>sandboxed top-level navigation browsing context + flag</span>, unless <var title="">tokens</var> contains the <dfn + title="attr-iframe-sandbox-allow-top-navigation"><code>allow-top-navigation</code></dfn> + keyword</p></li> + + <li><p>The <span>sandboxed plugins browsing context flag</span></p></li> + + <li><p>The <span>sandboxed seamless iframes flag</span></p></li> + + <li> + + <p>The <span>sandboxed origin browsing context flag</span>, + unless the <var title="">tokens</var> contains the <dfn + title="attr-iframe-sandbox-allow-same-origin"><code>allow-same-origin</code></dfn> + keyword</p> + + <div class="note"> + + <p>The <code + title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code> + keyword is intended for two cases.</p> + + <p>First, it can be used to allow content from the same site to + be sandboxed to disable scripting, while still allowing access to + the DOM of the sandboxed content.</p> + + <p>Second, it can be used to embed content from a third-party + site, sandboxed to prevent that site from opening popup windows, + etc, without preventing the embedded page from communicating back + to its originating site, using the database APIs to store data, + etc.</p> + + </div> + + </li> + + <li><p>The <span>sandboxed forms browsing context flag</span>, + unless <var title="">tokens</var> contains the <dfn + title="attr-iframe-sandbox-allow-forms"><code>allow-forms</code></dfn> + keyword</p></li> + + <li><p>The <span>sandboxed scripts browsing context flag</span>, + unless <var title="">tokens</var> contains the <dfn + title="attr-iframe-sandbox-allow-scripts"><code>allow-scripts</code></dfn> + keyword</p></li> + + <li> + + <p>The <span>sandboxed automatic features browsing context + flag</span>, unless <var title="">tokens</var> contains the + <code + title="attr-iframe-sandbox-allow-scripts">allow-scripts</code> + keyword (defined above)</p> + + <p class="note">This flag is relaxed by the same keyword as + scripts, because when scripts are enabled these features are + trivially possible anyway, and it would be unfortunate to force + authors to use script to do them when sandboxed rather than + allowing them to use the declarative features.</p> + + </li> + + </ul> + + </li> + + </ol> + + <hr> + <p>Every <span>nested browsing context</span> has an <dfn><code>iframe</code> sandboxing flag set</dfn>, which is a <span>sandboxing flag set</span>. Which flags in a <span>nested