[html5] r3279 - [e] (0) cleanup some suggestions we had noted

whatwg at whatwg.org whatwg at whatwg.org
Tue Jun 16 11:55:35 PDT 2009


Author: ianh
Date: 2009-06-16 11:55:34 -0700 (Tue, 16 Jun 2009)
New Revision: 3279

Modified:
   index
   source
Log:
[e] (0) cleanup some suggestions we had noted

Modified: index
===================================================================
--- index	2009-06-16 17:43:13 UTC (rev 3278)
+++ index	2009-06-16 18:55:34 UTC (rev 3279)
@@ -17924,6 +17924,13 @@
 
   <div class=impl>
 
+  <!-- v2: Add a new attribute that enables new restrictions, e.g.:
+       - disallow cross-origin loads of any kind (networking
+         override that only allows same-origin URLs or about:,
+         javascript:, data:)
+       - block access to 'parent.frames' from sandbox
+  -->
+
   <p>While the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code>
   attribute is specified, the <code><a href=#the-iframe-element>iframe</a></code> element's
   <a href=#nested-browsing-context>nested browsing context</a>, and all the browsing contexts
@@ -17931,9 +17938,7 @@
   (either directly or indirectly through other nested browsing
   contexts) must have the following flags set:</p>
 
-  <dl><!-- XXX disallow cross-origin loads of any kind (networking
-        override that only allows same-origin URLs or about:,
-        javascript:, data:) --><!-- XXX block access to 'contentWindow.frames' from iframe owner --><!-- XXX block access to 'parent.frames' from sandbox --><dt>The <dfn id=sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</dfn></dt>
+  <dl><dt>The <dfn id=sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</dfn></dt>
 
    <dd>
 

Modified: source
===================================================================
--- source	2009-06-16 17:43:13 UTC (rev 3278)
+++ source	2009-06-16 18:55:34 UTC (rev 3279)
@@ -19075,6 +19075,13 @@
 
   <div class="impl">
 
+  <!-- v2: Add a new attribute that enables new restrictions, e.g.:
+       - disallow cross-origin loads of any kind (networking
+         override that only allows same-origin URLs or about:,
+         javascript:, data:)
+       - block access to 'parent.frames' from sandbox
+  -->
+
   <p>While the <code title="attr-iframe-sandbox">sandbox</code>
   attribute is specified, the <code>iframe</code> element's
   <span>nested browsing context</span>, and all the browsing contexts
@@ -19084,12 +19091,6 @@
 
   <dl>
 
-   <!-- XXX disallow cross-origin loads of any kind (networking
-        override that only allows same-origin URLs or about:,
-        javascript:, data:) -->
-   <!-- XXX block access to 'contentWindow.frames' from iframe owner -->
-   <!-- XXX block access to 'parent.frames' from sandbox -->
-
    <dt>The <dfn>sandboxed navigation browsing context flag</dfn></dt>
 
    <dd>




More information about the Commit-Watchers mailing list