[e] (0) cleanup some suggestions we had noted

git-svn-id: http://svn.whatwg.org/webapps@3279 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Jun 16, 2009 · e28f637 · e28f637
1 parent 797c5c2
commit e28f637
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 9 deletions.
diff --git a/index b/index
@@ -17924,16 +17924,21 @@ href="?audio"&gt;audio&lt;/a&gt; test instead.)&lt;/p&gt;</pre>
 
   <div class=impl>
 
+  <!-- v2: Add a new attribute that enables new restrictions, e.g.:
+       - disallow cross-origin loads of any kind (networking
+         override that only allows same-origin URLs or about:,
+         javascript:, data:)
+       - block access to 'parent.frames' from sandbox
+  -->
+
   <p>While the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code>
   attribute is specified, the <code><a href=#the-iframe-element>iframe</a></code> element's
   <a href=#nested-browsing-context>nested browsing context</a>, and all the browsing contexts
   <a href=#nested-browsing-context title="nested browsing context">nested</a> within it
   (either directly or indirectly through other nested browsing
   contexts) must have the following flags set:</p>
 
-  <dl><!-- XXX disallow cross-origin loads of any kind (networking
-        override that only allows same-origin URLs or about:,
-        javascript:, data:) --><!-- XXX block access to 'contentWindow.frames' from iframe owner --><!-- XXX block access to 'parent.frames' from sandbox --><dt>The <dfn id=sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</dfn></dt>
+  <dl><dt>The <dfn id=sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</dfn></dt>
 
    <dd>
 

diff --git a/source b/source
@@ -19075,6 +19075,13 @@ href="?audio">audio&lt;/a> test instead.)&lt;/p></pre>
 
   <div class="impl">
 
+  <!-- v2: Add a new attribute that enables new restrictions, e.g.:
+       - disallow cross-origin loads of any kind (networking
+         override that only allows same-origin URLs or about:,
+         javascript:, data:)
+       - block access to 'parent.frames' from sandbox
+  -->
+
   <p>While the <code title="attr-iframe-sandbox">sandbox</code>
   attribute is specified, the <code>iframe</code> element's
   <span>nested browsing context</span>, and all the browsing contexts
@@ -19084,12 +19091,6 @@ href="?audio">audio&lt;/a> test instead.)&lt;/p></pre>
 
   <dl>
 
-   <!-- XXX disallow cross-origin loads of any kind (networking
-        override that only allows same-origin URLs or about:,
-        javascript:, data:) -->
-   <!-- XXX block access to 'contentWindow.frames' from iframe owner -->
-   <!-- XXX block access to 'parent.frames' from sandbox -->
-
    <dt>The <dfn>sandboxed navigation browsing context flag</dfn></dt>
 
    <dd>