[whatwg] Content Restrictions

[Gervase Markham]

Alexey Feldgendler wrote:
> 1. "create". The options aren't very useful because one can add nodes by
> cloning, and you can't control what nodes are cloned. The definitions
> should rather be changed to "insertion of nodes into the document". So,
> the script is free to create or clone elements, but they can't be added
> to the document.

That's really smart! So that would restrict appendChild, insertBefore,
and replaceChild on the element interface, plus document.write() and
innerHTML?

Do you think "noblock" and "nosub" are of any use? Or are there better
ways to divide elements?

> 2. "request". Of the options "none" and "nopost", neither is a subset of
> the other.

True; it's a non-liner hierarchy, like "cookie" (see para 2. under
"Restrictions"). How would you resolve the situation, if at all?

> 3. What should happen when UA receives the header with a version number
> greater than the version it supports?

It should ignore the header, just as if it did not support
Content-Restrictions at all.

The draft says the following about having multiple versions:
"The implementation should then use the policy string with the highest
version number it understands. Later versions are not guaranteed to
maintain compatible syntax past the semi-colon. If there are multiple
such strings, the implementation should use the first one it encounters."

So if there were multiple versions floating around, a site might send:

Content-Restrictions: 2;<some XML foo>
Content-Restrictions: 1;script=none

Gerv