HTML Standard Tracker

Filter

File a bug

SVNBugCommentTime (UTC)
748518647[Gecko] [Internet Explorer] [Opera] [Webkit] Add sandbox=allow-pointer-lock, and some nearby cleanup.2012-10-25 18:10
@@ -28878,36 +28878,39 @@ href="?audio">audio&lt;/a> test instead.)&lt;/p></pre>
   </div>
 
 
   <hr> <!-- SANDBOX -->
 
   <p>The <dfn title="attr-iframe-sandbox"><code>sandbox</code></dfn> attribute, when specified,
   enables a set of extra restrictions on any content hosted by the <code>iframe</code>. Its value
   must be an <span>unordered set of unique space-separated tokens</span> that are <span>ASCII
   case-insensitive</span>. The allowed values are <code
   title="attr-iframe-sandbox-allow-forms">allow-forms</code>, <code
+  title="attr-iframe-sandbox-allow-pointer-lock">allow-pointer-lock</code>, <code
   title="attr-iframe-sandbox-allow-popups">allow-popups</code>, <code
   title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code>, <code
   title="attr-iframe-sandbox-allow-scripts">allow-scripts</code>, and <code
   title="attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</code>.</p>
 
   <p>When the attribute is set, the content is treated as being from a unique <span>origin</span>,
-  forms and scripts are disabled, links are prevented from targeting other <span title="browsing
-  context">browsing contexts</span>, and plugins are secured. The <code
-  title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code> keyword allows the content
-  to be treated as being from the same origin instead of forcing it into a unique origin, the <code
-  title="attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</code> keyword allows the
-  content to <span>navigate</span> its <span>top-level browsing context</span>, and the <code
-  title="attr-iframe-sandbox-allow-forms">allow-forms</code>, <code
+  forms, scripts, and various potentially annoying APIs are disabled, links are prevented from
+  targeting other <span title="browsing context">browsing contexts</span>, and plugins are secured.
+  The <code title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code> keyword allows
+  the content to be treated as being from the same origin instead of forcing it into a unique
+  origin; the <code title="attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</code>
+  keyword allows the content to <span>navigate</span> its <span>top-level browsing context</span>;
+  and the <code title="attr-iframe-sandbox-allow-forms">allow-forms</code>, <code
+  title="attr-iframe-sandbox-allow-pointer-lock">allow-pointer-lock</code>, <code
   title="attr-iframe-sandbox-allow-popups">allow-popups</code> and <code
-  title="attr-iframe-sandbox-allow-scripts">allow-scripts</code> keywords re-enable forms, popups,
-  and scripts respectively.</p>
+  title="attr-iframe-sandbox-allow-scripts">allow-scripts</code> keywords re-enable forms, the
+  pointer lock API, popups, and scripts respectively. <a
+  href="#refsPOINTERLOCK">[POINTERLOCK]</a></p>
 
   <p class="warning">Setting both the <code
   title="attr-iframe-sandbox-allow-scripts">allow-scripts</code> and <code
   title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code> keywords together when the
   embedded page has the <span>same origin</span> as the page containing the <code>iframe</code>
   allows the embedded page to simply remove the <code title="attr-iframe-sandbox">sandbox</code>
   attribute and then reload itself, effectively breaking out of the sandbox altogether.</p>
 
   <p class="warning">These flags only take effect when the <span>nested browsing context</span> of
   the <code>iframe</code> is <span title="navigate">navigated</span>. Removing them, or removing the
@@ -81189,264 +81192,244 @@ x === this; // true</pre>
   origins after the <code
   title="dom-document-domain">document.domain</code> attribute has
   been used.</p>
 <!--TOPIC:HTML-->
 
 
 
 
   <h3>Sandboxing</h3>
 
-  <p>A <dfn>sandboxing flag set</dfn> is a set of zero or more of the
-  following flags, which are used to restrict the abilities that
-  potentially untrusted resources have:</p>
+  <p>A <dfn>sandboxing flag set</dfn> is a set of zero or more of the following flags, which are
+  used to restrict the abilities that potentially untrusted resources have:</p>
 
   <dl>
 
    <dt>The <dfn>sandboxed navigation browsing context flag</dfn></dt>
 
    <dd>
 
-    <p>This flag <a href="#sandboxLinks">prevents content from
-    navigating browsing contexts other than the sandboxed browsing
-    context itself</a> (or browsing contexts further nested inside
-    it), <span title="auxiliary browsing context">auxiliary browsing
-    contexts</span> (which are protected by the <span>sandboxed
-    auxiliary navigation browsing context flag</span> defined next),
-    and the <span>top-level browsing context</span> (which is
-    protected by the <span>sandboxed top-level navigation browsing
-    context flag</span> defined below).</p>
+    <p>This flag <a href="#sandboxLinks">prevents content from navigating browsing contexts other
+    than the sandboxed browsing context itself</a> (or browsing contexts further nested inside it),
+    <span title="auxiliary browsing context">auxiliary browsing contexts</span> (which are protected
+    by the <span>sandboxed auxiliary navigation browsing context flag</span> defined next), and the
+    <span>top-level browsing context</span> (which is protected by the <span>sandboxed top-level
+    navigation browsing context flag</span> defined below).</p>
 
-    <p>If the <span>sandboxed auxiliary navigation browsing context
-    flag</span> is not set, then in certain cases the restrictions
-    nonetheless allow popups (new <span title="top-level browsing
-    context">top-level browsing contexts</span>) to be opened. These
-    <span title="browsing context">browsing contexts</span> always
-    have <dfn>one permitted sandboxed navigator</dfn>, set when the
-    browsing context is created, which allows the <span>browsing
-    context</span> that created them to actually navigate them.
-    (Otherwise, the <span>sandboxed navigation browsing context
-    flag</span> would prevent them from being navigated even if they
-    were opened.)</p>
+    <p>If the <span>sandboxed auxiliary navigation browsing context flag</span> is not set, then in
+    certain cases the restrictions nonetheless allow popups (new <span title="top-level browsing
+    context">top-level browsing contexts</span>) to be opened. These <span title="browsing
+    context">browsing contexts</span> always have <dfn>one permitted sandboxed navigator</dfn>, set
+    when the browsing context is created, which allows the <span>browsing context</span> that
+    created them to actually navigate them. (Otherwise, the <span>sandboxed navigation browsing
+    context flag</span> would prevent them from being navigated even if they were opened.)</p>
 
    </dd>
 
 
    <dt>The <dfn>sandboxed auxiliary navigation browsing context flag</dfn></dt>
 
    <dd>
 
-    <p>This flag <a href="#sandboxWindowOpen">prevents content from
-    creating new auxiliary browsing contexts</a>, e.g. using the <code
-    title="attr-hyperlink-target">target</code> attribute, the <code
-    title="dom-open">window.open()</code> method, or the <code
+    <p>This flag <a href="#sandboxWindowOpen">prevents content from creating new auxiliary browsing
+    contexts</a>, e.g. using the <code title="attr-hyperlink-target">target</code> attribute, the
+    <code title="dom-open">window.open()</code> method, or the <code
     title="dom-showModalDialog">showModalDialog()</code> method.</p>
 
    </dd>
 
 
    <dt>The <dfn>sandboxed top-level navigation browsing context flag</dfn></dt>
 
    <dd>
 
-    <p>This flag <a href="#sandboxLinks">prevents content from
-    navigating their <span>top-level browsing context</span></a>.</p>
+    <p>This flag <a href="#sandboxLinks">prevents content from navigating their <span>top-level
+    browsing context</span></a>.</p>
 
-    <p>When the <code
-    title="attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</code>
-    is set, content can navigate its <span>top-level browsing
-    context</span>, but other <span title="browsing context">browsing
-    contexts</span> are still protected by the <span>sandboxed
-    navigation browsing context flag</span> and possibly the
-    <span>sandboxed auxiliary navigation browsing context
-    flag</span>.</p>
+    <p>When the <span>sandboxed top-level navigation browsing context flag</span> is <em>not</em>
+    set, content can navigate its <span>top-level browsing context</span>, but other <span
+    title="browsing context">browsing contexts</span> are still protected by the <span>sandboxed
+    navigation browsing context flag</span> and possibly the <span>sandboxed auxiliary navigation
+    browsing context flag</span>.</p>
 
    </dd>
 
 
    <dt>The <dfn>sandboxed plugins browsing context flag</dfn></dt>
 
    <dd>
 
-    <p>This flag prevents content from instantiating <span
-    title="plugin">plugins</span>, whether using <a
-    href="#sandboxPluginEmbed">the <code>embed</code> element</a>, <a
-    href="#sandboxPluginObject">the <code>object</code> element</a>,
-    <a href="#sandboxPluginApplet">the <code>applet</code>
-    element</a>, or through <a
-    href="#sandboxPluginNavigate">navigation</a> of a <span>nested
-    browsing context</span>, unless those <span
-    title="plugin">plugins</span> can be <span
+    <p>This flag prevents content from instantiating <span title="plugin">plugins</span>, whether
+    using <a href="#sandboxPluginEmbed">the <code>embed</code> element</a>, <a
+    href="#sandboxPluginObject">the <code>object</code> element</a>, <a
+    href="#sandboxPluginApplet">the <code>applet</code> element</a>, or through <a
+    href="#sandboxPluginNavigate">navigation</a> of a <span>nested browsing context</span>, unless
+    those <span title="plugin">plugins</span> can be <span
     title="concept-plugin-secure">secured</span>.</p>
 
    </dd>
 
 
    <dt>The <dfn>sandboxed seamless iframes flag</dfn></dt>
 
    <dd>
 
-    <p>This flag prevents content from using the <code
-    title="attr-iframe-seamless">seamless</code> attribute on
-    descendant <code>iframe</code> elements.</p>
+    <p>This flag prevents content from using the <code title="attr-iframe-seamless">seamless</code>
+    attribute on descendant <code>iframe</code> elements.</p>
 
     <p class="note">This prevents a page inserted using the <code
-    title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code>
-    keyword from using a CSS-selector-based method of probing the DOM
-    of other pages on the same site (in particular, pages that contain
-    user-sensitive information).</p>
+    title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code> keyword from using a
+    CSS-selector-based method of probing the DOM of other pages on the same site (in particular,
+    pages that contain user-sensitive information).</p>
 
     <!-- http://lists.w3.org/Archives/Public/public-web-security/2009Dec/thread.html#msg51 -->
 
    </dd>
 
 
    <dt>The <dfn>sandboxed origin browsing context flag</dfn></dt>
 
    <dd>
 
-    <p>This flag <a href="#sandboxOrigin">forces content into a unique
-    origin</a>, thus preventing it from accessing other content from
-    the same <span>origin</span>.</p>
+    <p>This flag <a href="#sandboxOrigin">forces content into a unique origin</a>, thus preventing
+    it from accessing other content from the same <span>origin</span>.</p>
 
-    <p>This flag also <a href="#sandboxCookies">prevents script from
-    reading from or writing to the <code
-    title="dom-document-cookie">document.cookie</code> IDL
-    attribute</a>, and blocks access to <code
-    title="dom-localStorage">localStorage</code>.
+    <p>This flag also <a href="#sandboxCookies">prevents script from reading from or writing to the
+    <code title="dom-document-cookie">document.cookie</code> IDL attribute</a>, and blocks access to
+    <code title="dom-localStorage">localStorage</code>.
     <!--END complete-->
     <a href="#refsWEBSTORAGE">[WEBSTORAGE]</a>
     <!--START complete-->
     </p>
 
    </dd>
 
 
    <dt>The <dfn>sandboxed forms browsing context flag</dfn></dt>
 
    <dd>
 
-    <p>This flag <a href="#sandboxSubmitBlocked">blocks form
-    submission</a>.</p>
+    <p>This flag <a href="#sandboxSubmitBlocked">blocks form submission</a>.</p>
+
+   </dd>
+
+
+   <dt>The <dfn>sandboxed pointer lock browsing context flag</dfn></dt>
+
+   <dd>
+
+    <p>This flag disables the Pointer Lock API. <a href="#refsPOINTERLOCK">[POINTERLOCK]</a></p>
 
    </dd>
 
 
    <dt>The <dfn>sandboxed scripts browsing context flag</dfn></dt>
 
    <dd>
 
-    <p>This flag <a href="#sandboxScriptBlocked">blocks script
-    execution</a>.</p>
+    <p>This flag <a href="#sandboxScriptBlocked">blocks script execution</a>.</p>
 
    </dd>
 
 
    <dt>The <dfn>sandboxed automatic features browsing context
    flag</dfn></dt>
 
    <dd>
 
-    <p>This flag blocks features that trigger automatically, such as
-    <span title="attr-media-autoplay">automatically playing a
-    video</span> or <span title="attr-fe-autofocus">automatically
-    focusing a form control</span>.</p>
+    <p>This flag blocks features that trigger automatically, such as <span
+    title="attr-media-autoplay">automatically playing a video</span> or <span
+    title="attr-fe-autofocus">automatically focusing a form control</span>.</p>
 
    </dd>
 
   </dl>
 
-  <p>When the user agent is to <dfn>parse a sandboxing
-  directive</dfn>, given a string <var title="">input</var> and a
-  <span>sandboxing flag set</span> <var title="">output</var>, it must
+  <p>When the user agent is to <dfn>parse a sandboxing directive</dfn>, given a string <var
+  title="">input</var> and a <span>sandboxing flag set</span> <var title="">output</var>, it must
   run the following steps:</p>
 
   <ol>
 
    <li><p><span title="split a string on spaces">Split <var
    title="">input</var> on spaces</span>, to obtain <var
    title="">tokens</var>.</p></li>
 
    <li><p>Let <var title="">output</var> be empty.</p></li>
 
    <li>
 
     <p>Add the following flags to <var title="">output</var>:</p>
 
     <ul>
 
-     <li><p>The <span>sandboxed navigation browsing context flag</span></p></li>
+     <li><p>The <span>sandboxed navigation browsing context flag</span>.</p></li>
 
-     <li><p>The <span>sandboxed auxiliary navigation browsing context
-     flag</span>, unless <var title="">tokens</var> contains the <dfn
-     title="attr-iframe-sandbox-allow-popups"><code>allow-popups</code></dfn>
-     keyword</p></li>
+     <li><p>The <span>sandboxed auxiliary navigation browsing context flag</span>, unless <var
+     title="">tokens</var> contains the <dfn
+     title="attr-iframe-sandbox-allow-popups"><code>allow-popups</code></dfn> keyword.</p></li>
 
-     <li><p>The <span>sandboxed top-level navigation browsing context
-     flag</span>, unless <var title="">tokens</var> contains the <dfn
+     <li><p>The <span>sandboxed top-level navigation browsing context flag</span>, unless <var
+     title="">tokens</var> contains the <dfn
      title="attr-iframe-sandbox-allow-top-navigation"><code>allow-top-navigation</code></dfn>
-     keyword</p></li>
+     keyword.</p></li>
 
-     <li><p>The <span>sandboxed plugins browsing context flag</span></p></li>
+     <li><p>The <span>sandboxed plugins browsing context flag</span>.</p></li>
 
-     <li><p>The <span>sandboxed seamless iframes flag</span></p></li>
+     <li><p>The <span>sandboxed seamless iframes flag</span>.</p></li>
 
      <li>
 
-      <p>The <span>sandboxed origin browsing context flag</span>,
-      unless the <var title="">tokens</var> contains the <dfn
+      <p>The <span>sandboxed origin browsing context flag</span>, unless the <var
+      title="">tokens</var> contains the <dfn
       title="attr-iframe-sandbox-allow-same-origin"><code>allow-same-origin</code></dfn>
-      keyword</p>
+      keyword.</p>
 
       <div class="note">
 
-       <p>The <code
-       title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code>
-       keyword is intended for two cases.</p>
+       <p>The <code title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code> keyword
+       is intended for two cases.</p>
 
-       <p>First, it can be used to allow content from the same site to
-       be sandboxed to disable scripting, while still allowing access to
-       the DOM of the sandboxed content.</p>
+       <p>First, it can be used to allow content from the same site to be sandboxed to disable
+       scripting, while still allowing access to the DOM of the sandboxed content.</p>
 
-       <p>Second, it can be used to embed content from a third-party
-       site, sandboxed to prevent that site from opening popup windows,
-       etc, without preventing the embedded page from communicating back
-       to its originating site, using the database APIs to store data,
-       etc.</p>
+       <p>Second, it can be used to embed content from a third-party site, sandboxed to prevent that
+       site from opening popup windows, etc, without preventing the embedded page from communicating
+       back to its originating site, using the database APIs to store data, etc.</p>
 
       </div>
 
      </li>
 
-     <li><p>The <span>sandboxed forms browsing context flag</span>,
-     unless <var title="">tokens</var> contains the <dfn
-     title="attr-iframe-sandbox-allow-forms"><code>allow-forms</code></dfn>
-     keyword</p></li>
+     <li><p>The <span>sandboxed forms browsing context flag</span>, unless <var
+     title="">tokens</var> contains the <dfn
+     title="attr-iframe-sandbox-allow-forms"><code>allow-forms</code></dfn> keyword.</p></li>
 
-     <li><p>The <span>sandboxed scripts browsing context flag</span>,
-     unless <var title="">tokens</var> contains the <dfn
-     title="attr-iframe-sandbox-allow-scripts"><code>allow-scripts</code></dfn>
-     keyword</p></li>
+     <li><p>The <span>sandboxed pointer lock browsing context flag</span>, unless <var
+     title="">tokens</var> contains the <dfn
+     title="attr-iframe-sandbox-pointer-lock"><code>allow-pointer-lock</code></dfn>
+     keyword.</p></li>
+
+     <li><p>The <span>sandboxed scripts browsing context flag</span>, unless <var
+     title="">tokens</var> contains the <dfn
+     title="attr-iframe-sandbox-allow-scripts"><code>allow-scripts</code></dfn> keyword.</p></li>
 
      <li>
 
-      <p>The <span>sandboxed automatic features browsing context
-      flag</span>, unless <var title="">tokens</var> contains the
-      <code
-      title="attr-iframe-sandbox-allow-scripts">allow-scripts</code>
-      keyword (defined above)</p>
+      <p>The <span>sandboxed automatic features browsing context flag</span>, unless <var
+      title="">tokens</var> contains the <code
+      title="attr-iframe-sandbox-allow-scripts">allow-scripts</code> keyword (defined above).</p>
 
-      <p class="note">This flag is relaxed by the same keyword as
-      scripts, because when scripts are enabled these features are
-      trivially possible anyway, and it would be unfortunate to force
-      authors to use script to do them when sandboxed rather than
-      allowing them to use the declarative features.</p>
+      <p class="note">This flag is relaxed by the same keyword as scripts, because when scripts are
+      enabled these features are trivially possible anyway, and it would be unfortunate to force
+      authors to use script to do them when sandboxed rather than allowing them to use the
+      declarative features.</p>
 
      </li>
 
     </ul>
 
    </li>
 
   </ol>
 
   <hr>
@@ -122072,20 +122055,21 @@ if (s = prompt('What is your name?')) {
      <td> <code title="attr-tdth-rowspan">td</code>;
           <code title="attr-tdth-rowspan">th</code>
      <td> Number of rows that the cell is to span
      <td> <span>Valid non-negative integer</span>
     <tr>
      <th> <code title="">sandbox</code>
      <td> <code title="attr-iframe-sandbox">iframe</code>
      <td> Security rules for nested content
      <td> <span>Unordered set of unique space-separated tokens</span>, <span>ASCII case-insensitive</span>, consisting of
           "<code title="attr-iframe-sandbox-allow-forms">allow-forms</code>",
+          "<code title="attr-iframe-sandbox-allow-pointer-lock">allow-pointer-lock</code>",
           "<code title="attr-iframe-sandbox-allow-popups">allow-popups</code>",
           "<code title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code>",
           "<code title="attr-iframe-sandbox-allow-scripts">allow-scripts</code> and
           "<code title="attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</code>"
     <tr>
      <th> <code title="">spellcheck</code>
      <td> <span title="attr-spellcheck">HTML elements</span>
      <td> Whether the element is to have its spelling and grammar checked
      <td> "<code title="">true</code>"; "<code title="">false</code>"
     <tr>
@@ -123641,48 +123625,28 @@ if (s = prompt('What is your name?')) {
    <dd><cite><a href="http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf">The Keyed-Hash Message Authentication Code (HMAC)</a></cite>. NIST.</dd>
 
    <dt id="refsHPAAIG">[HPAAIG]</dt>
    <dd><cite><a href="http://dev.w3.org/html5/html-api-map/overview.html">HTML to Platform Accessibility APIs Implementation Guide</a></cite>. W3C.</dd>
 
    <dt id="refsHTML4">[HTML4]</dt>
    <dd>(Non-normative) <cite><a
    href="http://www.w3.org/TR/html4/">HTML 4.01
    Specification</a></cite>, D. Raggett, A. Le Hors, I. Jacobs.  W3C.</dd>
 
-<!--END complete-->
    <dt id="refsHTML">[HTML]</dt>
-   <dd><cite><a
-   href="http://www.whatwg.org/specs/web-apps/current-work/">HTML</a></cite>,
-   I. Hickson. WHATWG.</dd>
-
-<!--END dev-html-->
-   <dt id="refsHTML5">[HTML5]</dt>
-   <dd>
-<!--END vocabs--><!--END vCard--><!--END vEvent--><!--END work--><!--END websocket-api--><!--END storage--><!--END eventsource--><!--END whatwg-workers--><!--END workers--><!--END html-device--><!--END microdata--><!--END 2dcontext--><!--END postmsg--><!--END w3c-html-->
-   (Non-normative) <!--YYY-->
-<!--START html-device--><!--START microdata--><!--START 2dcontext--><!--START postmsg--><!--START w3c-html--><!--START websocket-api--><!--START storage--><!--START eventsource--><!--START whatwg-workers--><!--START workers--><!--START vocabs--><!--START vCard--><!--START vEvent--><!--START work-->
-   <cite><a href="http://dev.w3.org/html5/spec/">HTML5</a></cite>,
-   I. Hickson. W3C.</dd>
-<!--START complete--><!--START dev-html-->
+   <dd><cite><a href="http://www.whatwg.org/specs/web-apps/current-work/">HTML</a></cite>, I. Hickson. WHATWG.</dd>
 
    <dt id="refsHTMLALTTECHS">[HTMLALTTECHS]</dt>
    <dd>(Non-normative) <cite><a href="http://dev.w3.org/html5/alt-techniques/">HTML5: Techniques for providing useful text alternatives</a></cite>, S. Faulkner. W3C.</dd>
 
    <dt id="refsHTMLDIFF">[HTMLDIFF]</dt>
-   <!--
-   <dd>(Non-normative) <cite><a
-   href="http://www.w3.org/TR/html5-diff/">HTML5 differences from
-   HTML4</a></cite>, A. van Kesteren. W3C.</dd>
-   -->
-   <dd>(Non-normative) <cite><a
-   href="http://dev.w3.org/html5/html4-differences/">HTML5
-   differences from HTML4</a></cite>, A. van Kesteren.  W3C.</dd>
+   <dd>(Non-normative) <cite><a href="http://dev.w3.org/html5/html4-differences/">HTML5 differences from HTML4</a></cite>, S. Pieters. W3C.</dd>
 
    <dt id="refsHTTP">[HTTP]</dt>
    <dd><cite><a href="http://tools.ietf.org/html/rfc2616">Hypertext
    Transfer Protocol &mdash; HTTP/1.1</a></cite>, R. Fielding, J. Gettys,
    J. Mogul, H.  Frystyk, L. Masinter, P. Leach, T. Berners-Lee. IETF.</dd>
 
    <dt id="refsHTTPS">[HTTPS]</dt>
    <dd>(Non-normative) <cite><a href="http://tools.ietf.org/html/rfc2818">HTTP Over TLS</a></cite>, E. Rescorla. IETF.</dd>
 
    <dt id="refsIANACHARSET">[IANACHARSET]</dt>
@@ -123758,34 +123722,24 @@ if (s = prompt('What is your name?')) {
 
    <dt id="refsMPEG2">[MPEG2]</dt>
    <dd><cite>ISO/IEC 13818-1: Information technology &mdash; Generic coding of moving pictures and associated audio information: Systems</cite>. ISO/IEC.</dd>
    <!-- search for ["bytes are removed from this buffer at a rate defined by sb_leak_rate"] to find it -->
 
    <dt id="refsMPEG4">[MPEG4]</dt>
    <dd><cite>ISO/IEC 14496-12: ISO base media file format</cite>. ISO/IEC.</dd>
    <!-- search for ["Box Structure was and subsequent clauses were re-organized"] to find it -->
 
    <dt id="refsMQ">[MQ]</dt>
-   <!--
-   <dd><cite><a href="http://www.w3.org/TR/css3-mediaqueries/">Media
-   Queries</a></cite>, H. Lie, T.  &Ccedil;elik, D. Glazman, A. van
-   Kesteren. W3C.</dd>
-   -->
-   <dd><cite><a
-   href="http://dev.w3.org/csswg/css3-mediaqueries/">Media
-   Queries</a></cite>, H. Lie, T.  &Ccedil;elik, D. Glazman, A. van
-   Kesteren. W3C.</dd>
+   <dd><cite><a href="http://dev.w3.org/csswg/css3-mediaqueries/">Media Queries</a></cite>, H. Lie, T.  &Ccedil;elik, D. Glazman, A. van Kesteren. W3C.</dd>
 
    <dt id="refsNPAPI">[NPAPI]</dt>
-   <dd>(Non-normative) <cite><a
-   href="https://developer.mozilla.org/en/Gecko_Plugin_API_Reference">Gecko
-   Plugin API Reference</a></cite>. Mozilla.</dd>
+   <dd>(Non-normative) <cite><a href="https://developer.mozilla.org/en/Gecko_Plugin_API_Reference">Gecko Plugin API Reference</a></cite>. Mozilla.</dd>
 
    <dt id="refsNPN">[NPN]</dt>
    <dd><cite><a href="http://tools.ietf.org/html/draft-agl-tls-nextprotoneg">Transport Layer Security (TLS) Next Protocol Negotiation Extension</a></cite>, A. Langley. IETF.</dd>
 
    <dt id="refsOGGSKELETONHEADERS">[OGGSKELETONHEADERS]</dt>
    <dd><cite><a href="http://wiki.xiph.org/SkeletonHeaders">SkeletonHeaders</a></cite>. Xiph.Org.</dd>
 
    <dt id="refsOPENSEARCH">[OPENSEARCH]</dt>
    <dd><cite><a
    href="http://www.opensearch.org/Specifications/OpenSearch/1.1#Autodiscovery_in_HTML.2FXHTML">Autodiscovery
@@ -123803,49 +123757,48 @@ if (s = prompt('What is your name?')) {
 
    <dt id="refsPINGBACK">[PINGBACK]</dt>
    <dd><cite><a
    href="http://www.hixie.ch/specs/pingback/pingback">Pingback
    1.0</a></cite>, S. Langridge, I. Hickson.</dd>
 
    <dt id="refsPNG">[PNG]</dt>
    <dd><cite><a href="http://www.w3.org/TR/PNG/">Portable Network
    Graphics (PNG) Specification</a></cite>, D. Duce. W3C.</dd>
 
+   <dt id="refsPOINTERLOCK">[POINTERLOCK]</dt>
+   <dd><cite><a href="http://dvcs.w3.org/hg/pointerlock/raw-file/default/index.html">Pointer Lock</a></cite>, V. Scheib. W3C.</dd>
+
    <dt id="refsPOLYGLOT">[POLYGLOT]</dt>
    <dd>(Non-normative) <cite><a
    href="http://dev.w3.org/html5/html-xhtml-author-guide/html-xhtml-authoring-guide.html">Polyglot
    Markup: HTML-Compatible XHTML Documents</a></cite>, E. Graff.
    W3C.</dd>
 
    <dt id="refsPORTERDUFF">[PORTERDUFF]</dt>
    <dd><cite><a
    href="http://keithp.com/~keithp/porterduff/p253-porter.pdf">Compositing
    Digital Images</a></cite>, T. Porter, T. Duff. In <cite>Computer
    graphics</cite>, volume 18, number 3, pp. 253-259. ACM Press, July
    1984.</dd>
 
    <dt id="refsPPUTF8">[PPUTF8]</dt>
    <dd>(Non-normative) <cite><a href="http://www.sw.it.aoyama.ac.jp/2012/pub/IUC11-UTF-8.pdf">The Properties and Promises <!-- Promizes (sic) --> of UTF-8</a></cite>, M. D&uuml;rst. University of Z&uuml;rich. In <cite>Proceedings of the 11th International Unicode Conference</cite>.</dd>
 
    <dt id="refsPROGRESS">[PROGRESS]</dt>
-   <dd><cite><a
-   href="http://dev.w3.org/2006/webapi/progress/">Progress
-   Events</a></cite>, A. van Kesteren. W3C.</dd>
+   <dd><cite><a href="http://dev.w3.org/2006/webapi/progress/">Progress Events</a></cite>, A. van Kesteren. W3C.</dd>
 
    <dt id="refsPSL">[PSL]</dt>
    <dd><cite><a href="http://publicsuffix.org/">Public Suffix List</a></cite>.
    Mozilla Foundation.</dd>
 
    <dt id="refsRFC1034">[RFC1034]</dt>
-   <dd><cite><a href="http://tools.ietf.org/html/rfc1034">Domain
-   Names - Concepts and Facilities</a></cite>, P. Mockapetris. IETF,
-   November 1987.</dd>
+   <dd><cite><a href="http://tools.ietf.org/html/rfc1034">Domain Names - Concepts and Facilities</a></cite>, P. Mockapetris. IETF, November 1987.</dd>
 
    <dt id="refsRFC1321">[RFC1321]</dt>
    <dd><cite><a href="http://tools.ietf.org/html/rfc1321">The MD5
    Message-Digest Algorithm</a></cite>, R. Rivest. IETF.</dd>
 
    <dt id="refsRFC1345">[RFC1345]</dt>
    <dd><cite><a href="http://tools.ietf.org/html/rfc1345">Character Mnemonics
    and Character Sets</a></cite>, K. Simonsen. IETF.</dd>
 
    <dt id="refsRFC1468">[RFC1468]</dt>

|