[html5] r4581 - [acgiow] (0) Provide a safe way to host hostile content for use with an <iframe [...]
whatwg at whatwg.org
whatwg at whatwg.org
Tue Jan 12 03:45:45 PST 2010
Author: ianh
Date: 2010-01-12 03:45:42 -0800 (Tue, 12 Jan 2010)
New Revision: 4581
Modified:
complete.html
index
source
Log:
[acgiow] (0) Provide a safe way to host hostile content for use with an <iframe sandbox> on the same site.
Modified: complete.html
===================================================================
--- complete.html 2010-01-12 08:16:48 UTC (rev 4580)
+++ complete.html 2010-01-12 11:45:42 UTC (rev 4581)
@@ -1193,12 +1193,13 @@
<li><a href=#iana><span class=secno>15 </span>IANA considerations</a>
<ol>
<li><a href=#text/html><span class=secno>15.1 </span><code>text/html</code></a></li>
- <li><a href=#application/xhtml+xml><span class=secno>15.2 </span><code>application/xhtml+xml</code></a></li>
- <li><a href=#text/cache-manifest><span class=secno>15.3 </span><code>text/cache-manifest</code></a></li>
- <li><a href=#text/ping><span class=secno>15.4 </span><code>text/ping</code></a></li>
- <li><a href=#application/microdata+json><span class=secno>15.5 </span><code>application/microdata+json</code></a></li>
- <li><a href=#ping-from><span class=secno>15.6 </span><code>Ping-From</code></a></li>
- <li><a href=#ping-to><span class=secno>15.7 </span><code>Ping-To</code></a></ol></li>
+ <li><a href=#text/sandboxed-html><span class=secno>15.2 </span><code>text/sandboxed-html</code></a></li>
+ <li><a href=#application/xhtml+xml><span class=secno>15.3 </span><code>application/xhtml+xml</code></a></li>
+ <li><a href=#text/cache-manifest><span class=secno>15.4 </span><code>text/cache-manifest</code></a></li>
+ <li><a href=#text/ping><span class=secno>15.5 </span><code>text/ping</code></a></li>
+ <li><a href=#application/microdata+json><span class=secno>15.6 </span><code>application/microdata+json</code></a></li>
+ <li><a href=#ping-from><span class=secno>15.7 </span><code>Ping-From</code></a></li>
+ <li><a href=#ping-to><span class=secno>15.8 </span><code>Ping-To</code></a></ol></li>
<li><a class=no-num href=#index>Index</a>
<ol>
<li><a class=no-num href=#elements-1>Elements</a></li>
@@ -1465,10 +1466,10 @@
<p>The first such concrete syntax is the HTML syntax. This is the
format suggested for most authors. It is compatible with most legacy
- Web browsers. If a document is transmitted with the <a href=#mime-type>MIME
- type</a> <code><a href=#text/html>text/html</a></code>, then it will be processed as an
- HTML document by Web browsers. This specification defines version 5
- of the HTML syntax, known as "HTML5".</p>
+ Web browsers. If a document is transmitted with an <a href=#html-mime-type>HTML MIME
+ type</a>, such as <code><a href=#text/html>text/html</a></code>, then it will be
+ processed as an HTML document by Web browsers. This specification
+ defines version 5 of the HTML syntax, known as "HTML5".</p>
<p>The second concrete syntax is the XHTML syntax, which is an
application of XML. When a document is transmitted with an <a href=#xml-mime-type>XML
@@ -1924,7 +1925,10 @@
SEMICOLON characters (;). In other words, if it consists only of a
type and subtype, with no MIME Type parameters. <a href=#refsHTTP>[HTTP]</a></p>
+ <p>The term <dfn id=html-mime-type>HTML MIME type</dfn> is used to refer to the <a href=#mime-type title="MIME type">MIME types</a> <code><a href=#text/html>text/html</a></code> and
+ <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>.</p>
+
<h4 id=xml><span class=secno>2.1.2 </span>XML</h4>
<p id=html-namespace>To ease migration from HTML to XHTML, UAs
@@ -2151,8 +2155,9 @@
element that forms part of the transform.</p>
<p>Web browsers that support <a href=#syntax>the HTML syntax</a> must
- process documents labeled as <code><a href=#text/html>text/html</a></code> as described
- in this specification, so that users can interact with them.</p>
+ process documents labeled with an <a href=#html-mime-type>HTML MIME type</a> as
+ described in this specification, so that users can interact with
+ them.</p>
<p>User agents that support scripting must also be conforming
implementations of the IDL fragments in this specification, as
@@ -6625,11 +6630,11 @@
<p>The <dfn id=xmlns-namespace>XMLNS namespace</dfn> is: <code>http://www.w3.org/2000/xmlns/</code></p>
<hr><p>Data mining tools and other user agents that perform operations
- on <code><a href=#text/html>text/html</a></code> content without running scripts,
- evaluating CSS or XPath expressions, or otherwise exposing the
- resulting DOM to arbitrary content, may "support namespaces" by just
- asserting that their DOM node analogues are in certain namespaces,
- without actually exposing the above strings.</p>
+ on content without running scripts, evaluating CSS or XPath
+ expressions, or otherwise exposing the resulting DOM to arbitrary
+ content, may "support namespaces" by just asserting that their DOM
+ node analogues are in certain namespaces, without actually exposing
+ the above strings.</p>
<h2 id=dom><span class=secno>3 </span>Semantics, structure, and APIs of HTML documents</h2>
@@ -19790,11 +19795,6 @@
<p>This flag <a href=#sandboxScriptBlocked>blocks script
execution</a>.</p>
- <p class=warning>This flag only takes effect when the
- <a href=#nested-browsing-context>nested browsing context</a> of the <code><a href=#the-iframe-element>iframe</a></code> is
- <a href=#navigate title=navigate>navigated</a>. Removing it has no effect
- on an already-loaded page.</p>
-
</dd>
</dl><p>These flags must not be set unless the conditions listed above
@@ -19843,7 +19843,23 @@
</div>
+ <p class=note>Potentially hostile files can be served from the
+ same server as the file containing the <code><a href=#the-iframe-element>iframe</a></code> element
+ by labeling them as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> instead of
+ <code><a href=#text/html>text/html</a></code>. This ensures that scripts in the files are
+ unable to attack the site (as if they were actually served from
+ another server), even if the user is tricked into visiting those
+ pages directly, without the protection of the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute.</p>
+ <p class=warning>If the <code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>
+ keyword is set along with <code title=attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code>
+ keyword, and the file is from the <a href=#same-origin>same origin</a> as the
+ <code><a href=#the-iframe-element>iframe</a></code>'s <code>Document</code>, then a script in the
+ "sandboxed" iframe could just reach out, remove the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute, and then
+ reload itself, effectively breaking out of the sandbox
+ altogether.</p>
+
+
<hr><!-- v2: Might be interesting to have a value on seamless that
allowed event propagation of some sort, maybe based on the WICD
work: http://www.w3.org/TR/WICD/ --><p>The <dfn id=attr-iframe-seamless title=attr-iframe-seamless><code>seamless</code></dfn>
@@ -50674,6 +50690,9 @@
browsing context flag</a> was set when the
<code>Document</code> was created</dt>
+ <dt>If a <code>Document</code> was generated from a resource
+ labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code></dt>
+
<dd>The <a href=#origin>origin</a> is a globally unique identifier
assigned when the <code>Document</code> is created.</dd>
@@ -56356,7 +56375,8 @@
of the following types, jump to the appropriate entry in the
following list, and process the resource as described there:</p>
- <dl class=switch><dt>"<code><a href=#text/html>text/html</a></code>"</dt>
+ <dl class=switch><!-- an <span>HTML MIME type</span> --><dt>"<code><a href=#text/html>text/html</a></code>"</dt>
+ <dt>"<code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>"</dt>
<dd>Follow the steps given in the <a href=#read-html title=navigate-html>HTML document</a> section, and abort
these steps.</dd>
@@ -56790,9 +56810,10 @@
fragment identifiers for <a href=#xml-mime-type title="XML MIME type">XML MIME
types</a> is the responsibility of RFC3023).</p>
- <p>For HTML documents (and the <code><a href=#text/html>text/html</a></code> <a href=#mime-type>MIME type</a>),
- the following processing model must be followed to determine what
- <a href=#the-indicated-part-of-the-document>the indicated part of the document</a> is.</p>
+ <p>For HTML documents (and <a href=#html-mime-type title="HTML MIME type">HTML MIME
+ types</a>), the following processing model must be followed to
+ determine what <a href=#the-indicated-part-of-the-document>the indicated part of the document</a>
+ is.</p>
<ol><li><p><a href=#parse-a-url title="parse a url">Parse</a> the <a href=#url>URL</a>,
and let <var title="">fragid</var> be the <a href=#url-fragment title=url-fragment><fragment></a> component of the
@@ -68711,9 +68732,9 @@
<h2 id=syntax><span class=secno>11 </span><dfn>The HTML syntax</dfn></h2>
- <p class=note>This section only describes the rules for
- <code><a href=#text/html>text/html</a></code> resources. Rules for XML resources are
- discussed in the section below entitled "<a href=#the-xhtml-syntax>The XHTML
+ <p class=note>This section only describes the rules for resources
+ labeled with an <a href=#html-mime-type>HTML MIME type</a>. Rules for XML resources
+ are discussed in the section below entitled "<a href=#the-xhtml-syntax>The XHTML
syntax</a>".</p>
@@ -83643,13 +83664,86 @@
refer to <a href=#the-indicated-part-of-the-document>the indicated part of the document</a>.</p>
- <h3 id=application/xhtml+xml><span class=secno>15.2 </span><dfn><code>application/xhtml+xml</code></dfn></h3>
+ <h3 id=text/sandboxed-html><span class=secno>15.2 </span><dfn><code>text/sandboxed-html</code></dfn></h3>
<p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p>
<!--
To: ietf-types at iana.org
+ Subject: Registration of media type text/sandboxed-html
+ -->
+
+ <dl><dt>Type name:</dt>
+ <dd>text</dd>
+ <dt>Subtype name:</dt>
+ <dd>sandboxed-html</dd>
+ <dt>Required parameters:</dt>
+ <dd>No required parameters</dd>
+ <dt>Optional parameters:</dt>
+ <dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
+ <dt>Encoding considerations:</dt>
+ <dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
+ <dt>Security considerations:</dt>
+ <dd>
+ <p>The purpose of the <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> MIME type
+ is to provide a way for content providers to indicate that they
+ want the file to be interpreted in a manner that does not give the
+ file's contents access to the rest of the site. This is achieved
+ by assigning the <code>Document</code> objects generated from
+ resources labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> unique
+ origins.</p>
+ <p>To avoid having legacy user agents treating resources labeled
+ as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> as regular
+ <code><a href=#text/html>text/html</a></code> files, authors should avoid using the <code title="">.html</code> or <code title="">.htm</code> extensions for
+ resources labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>.</p>
+ <p>Beyond this, the type is identical to <code><a href=#text/html>text/html</a></code>,
+ and the same considerations apply.</p>
+ </dd>
+ <dt>Interoperability considerations:</dt>
+ <dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
+ <dt>Published specification:</dt>
+ <dd>
+ This document is the relevant specification. Labeling a resource
+ with the <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> type asserts that the
+ resource is an <a href=#html-documents title="HTML documents">HTML document</a>
+ using <a href=#syntax>the HTML syntax</a>.
+ </dd>
+ <dt>Applications that use this media type:</dt>
+ <dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
+ <dt>Additional information:</dt>
+ <dd>
+ <dl><dt>Magic number(s):</dt>
+ <dd>Documents labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> are
+ heuristically indistinguishable from those labeled as
+ <code><a href=#text/html>text/html</a></code>.</dd>
+ <dt>File extension(s):</dt>
+ <dd>"<code title="">sandboxed</code>"</dd>
+ <dt>Macintosh file type code(s):</dt>
+ <dd><code title="">TEXT</code></dd>
+ </dl></dd>
+ <dt>Person & email address to contact for further information:</dt>
+ <dd>Ian Hickson <ian at hixie.ch></dd>
+ <dt>Intended usage:</dt>
+ <dd>Common</dd>
+ <dt>Restrictions on usage:</dt>
+ <dd>No restrictions apply.</dd>
+ <dt>Author:</dt>
+ <dd>Ian Hickson <ian at hixie.ch></dd>
+ <dt>Change controller:</dt>
+ <dd>W3C and WHATWG</dd>
+ </dl><p>Fragment identifiers used with <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>
+ resources refer to <a href=#the-indicated-part-of-the-document>the indicated part of the
+ document</a>.</p>
+
+
+ <h3 id=application/xhtml+xml><span class=secno>15.3 </span><dfn><code>application/xhtml+xml</code></dfn></h3>
+
+ <p>This registration is for community review and will be submitted
+ to the IESG for review, approval, and registration with IANA.</p>
+
+ <!--
+ To: ietf-types at iana.org
Subject: Registration of media type application/xhtml+xml
-->
@@ -83708,7 +83802,7 @@
type</a>. <a href=#refsRFC3023>[RFC3023]</a></p>
- <h3 id=text/cache-manifest><span class=secno>15.3 </span><dfn><code>text/cache-manifest</code></dfn></h3>
+ <h3 id=text/cache-manifest><span class=secno>15.4 </span><dfn><code>text/cache-manifest</code></dfn></h3>
<p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p>
@@ -83778,7 +83872,7 @@
<code><a href=#text/cache-manifest>text/cache-manifest</a></code> resources.</p>
- <h3 id=text/ping><span class=secno>15.4 </span><dfn><code>text/ping</code></dfn></h3>
+ <h3 id=text/ping><span class=secno>15.5 </span><dfn><code>text/ping</code></dfn></h3>
<p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p>
@@ -83842,7 +83936,7 @@
- <h3 id=application/microdata+json><span class=secno>15.5 </span><dfn><code>application/microdata+json</code></dfn></h3>
+ <h3 id=application/microdata+json><span class=secno>15.6 </span><dfn><code>application/microdata+json</code></dfn></h3>
<p>This registration is for community review and will be submitted
@@ -83910,7 +84004,7 @@
- <h3 id=ping-from><span class=secno>15.6 </span><dfn title=http-ping-from><code>Ping-From</code></dfn></h3>
+ <h3 id=ping-from><span class=secno>15.7 </span><dfn title=http-ping-from><code>Ping-From</code></dfn></h3>
<p>This section describes a header field for registration in the
Permanent Message Header Field Registry. <a href=#refsRFC3864>[RFC3864]</a></p>
@@ -83929,7 +84023,7 @@
</dd>
<dt>Related information</dt>
<dd>None.</dd>
- </dl><h3 id=ping-to><span class=secno>15.7 </span><dfn title=http-ping-to><code>Ping-To</code></dfn></h3>
+ </dl><h3 id=ping-to><span class=secno>15.8 </span><dfn title=http-ping-to><code>Ping-To</code></dfn></h3>
<p>This section describes a header field for registration in the
Permanent Message Header Field Registry. <a href=#refsRFC3864>[RFC3864]</a></p>
Modified: index
===================================================================
--- index 2010-01-12 08:16:48 UTC (rev 4580)
+++ index 2010-01-12 11:45:42 UTC (rev 4581)
@@ -1071,12 +1071,13 @@
<li><a href=#iana><span class=secno>13 </span>IANA considerations</a>
<ol>
<li><a href=#text/html><span class=secno>13.1 </span><code>text/html</code></a></li>
- <li><a href=#application/xhtml+xml><span class=secno>13.2 </span><code>application/xhtml+xml</code></a></li>
- <li><a href=#text/cache-manifest><span class=secno>13.3 </span><code>text/cache-manifest</code></a></li>
- <li><a href=#text/ping><span class=secno>13.4 </span><code>text/ping</code></a></li>
- <li><a href=#application/microdata+json><span class=secno>13.5 </span><code>application/microdata+json</code></a></li>
- <li><a href=#ping-from><span class=secno>13.6 </span><code>Ping-From</code></a></li>
- <li><a href=#ping-to><span class=secno>13.7 </span><code>Ping-To</code></a></ol></li>
+ <li><a href=#text/sandboxed-html><span class=secno>13.2 </span><code>text/sandboxed-html</code></a></li>
+ <li><a href=#application/xhtml+xml><span class=secno>13.3 </span><code>application/xhtml+xml</code></a></li>
+ <li><a href=#text/cache-manifest><span class=secno>13.4 </span><code>text/cache-manifest</code></a></li>
+ <li><a href=#text/ping><span class=secno>13.5 </span><code>text/ping</code></a></li>
+ <li><a href=#application/microdata+json><span class=secno>13.6 </span><code>application/microdata+json</code></a></li>
+ <li><a href=#ping-from><span class=secno>13.7 </span><code>Ping-From</code></a></li>
+ <li><a href=#ping-to><span class=secno>13.8 </span><code>Ping-To</code></a></ol></li>
<li><a class=no-num href=#index>Index</a>
<ol>
<li><a class=no-num href=#elements-1>Elements</a></li>
@@ -1381,10 +1382,10 @@
<p>The first such concrete syntax is the HTML syntax. This is the
format suggested for most authors. It is compatible with most legacy
- Web browsers. If a document is transmitted with the <a href=#mime-type>MIME
- type</a> <code><a href=#text/html>text/html</a></code>, then it will be processed as an
- HTML document by Web browsers. This specification defines version 5
- of the HTML syntax, known as "HTML5".</p>
+ Web browsers. If a document is transmitted with an <a href=#html-mime-type>HTML MIME
+ type</a>, such as <code><a href=#text/html>text/html</a></code>, then it will be
+ processed as an HTML document by Web browsers. This specification
+ defines version 5 of the HTML syntax, known as "HTML5".</p>
<p>The second concrete syntax is the XHTML syntax, which is an
application of XML. When a document is transmitted with an <a href=#xml-mime-type>XML
@@ -1824,7 +1825,10 @@
SEMICOLON characters (;). In other words, if it consists only of a
type and subtype, with no MIME Type parameters. <a href=#refsHTTP>[HTTP]</a></p>
+ <p>The term <dfn id=html-mime-type>HTML MIME type</dfn> is used to refer to the <a href=#mime-type title="MIME type">MIME types</a> <code><a href=#text/html>text/html</a></code> and
+ <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>.</p>
+
<h4 id=xml><span class=secno>2.1.2 </span>XML</h4>
<p id=html-namespace>To ease migration from HTML to XHTML, UAs
@@ -2051,8 +2055,9 @@
element that forms part of the transform.</p>
<p>Web browsers that support <a href=#syntax>the HTML syntax</a> must
- process documents labeled as <code><a href=#text/html>text/html</a></code> as described
- in this specification, so that users can interact with them.</p>
+ process documents labeled with an <a href=#html-mime-type>HTML MIME type</a> as
+ described in this specification, so that users can interact with
+ them.</p>
<p>User agents that support scripting must also be conforming
implementations of the IDL fragments in this specification, as
@@ -6525,11 +6530,11 @@
<p>The <dfn id=xmlns-namespace>XMLNS namespace</dfn> is: <code>http://www.w3.org/2000/xmlns/</code></p>
<hr><p>Data mining tools and other user agents that perform operations
- on <code><a href=#text/html>text/html</a></code> content without running scripts,
- evaluating CSS or XPath expressions, or otherwise exposing the
- resulting DOM to arbitrary content, may "support namespaces" by just
- asserting that their DOM node analogues are in certain namespaces,
- without actually exposing the above strings.</p>
+ on content without running scripts, evaluating CSS or XPath
+ expressions, or otherwise exposing the resulting DOM to arbitrary
+ content, may "support namespaces" by just asserting that their DOM
+ node analogues are in certain namespaces, without actually exposing
+ the above strings.</p>
<h2 id=dom><span class=secno>3 </span>Semantics, structure, and APIs of HTML documents</h2>
@@ -19690,11 +19695,6 @@
<p>This flag <a href=#sandboxScriptBlocked>blocks script
execution</a>.</p>
- <p class=warning>This flag only takes effect when the
- <a href=#nested-browsing-context>nested browsing context</a> of the <code><a href=#the-iframe-element>iframe</a></code> is
- <a href=#navigate title=navigate>navigated</a>. Removing it has no effect
- on an already-loaded page.</p>
-
</dd>
</dl><p>These flags must not be set unless the conditions listed above
@@ -19743,7 +19743,23 @@
</div>
+ <p class=note>Potentially hostile files can be served from the
+ same server as the file containing the <code><a href=#the-iframe-element>iframe</a></code> element
+ by labeling them as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> instead of
+ <code><a href=#text/html>text/html</a></code>. This ensures that scripts in the files are
+ unable to attack the site (as if they were actually served from
+ another server), even if the user is tricked into visiting those
+ pages directly, without the protection of the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute.</p>
+ <p class=warning>If the <code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>
+ keyword is set along with <code title=attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code>
+ keyword, and the file is from the <a href=#same-origin>same origin</a> as the
+ <code><a href=#the-iframe-element>iframe</a></code>'s <code>Document</code>, then a script in the
+ "sandboxed" iframe could just reach out, remove the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute, and then
+ reload itself, effectively breaking out of the sandbox
+ altogether.</p>
+
+
<hr><!-- v2: Might be interesting to have a value on seamless that
allowed event propagation of some sort, maybe based on the WICD
work: http://www.w3.org/TR/WICD/ --><p>The <dfn id=attr-iframe-seamless title=attr-iframe-seamless><code>seamless</code></dfn>
@@ -50574,6 +50590,9 @@
browsing context flag</a> was set when the
<code>Document</code> was created</dt>
+ <dt>If a <code>Document</code> was generated from a resource
+ labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code></dt>
+
<dd>The <a href=#origin>origin</a> is a globally unique identifier
assigned when the <code>Document</code> is created.</dd>
@@ -56270,7 +56289,8 @@
of the following types, jump to the appropriate entry in the
following list, and process the resource as described there:</p>
- <dl class=switch><dt>"<code><a href=#text/html>text/html</a></code>"</dt>
+ <dl class=switch><!-- an <span>HTML MIME type</span> --><dt>"<code><a href=#text/html>text/html</a></code>"</dt>
+ <dt>"<code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>"</dt>
<dd>Follow the steps given in the <a href=#read-html title=navigate-html>HTML document</a> section, and abort
these steps.</dd>
@@ -56704,9 +56724,10 @@
fragment identifiers for <a href=#xml-mime-type title="XML MIME type">XML MIME
types</a> is the responsibility of RFC3023).</p>
- <p>For HTML documents (and the <code><a href=#text/html>text/html</a></code> <a href=#mime-type>MIME type</a>),
- the following processing model must be followed to determine what
- <a href=#the-indicated-part-of-the-document>the indicated part of the document</a> is.</p>
+ <p>For HTML documents (and <a href=#html-mime-type title="HTML MIME type">HTML MIME
+ types</a>), the following processing model must be followed to
+ determine what <a href=#the-indicated-part-of-the-document>the indicated part of the document</a>
+ is.</p>
<ol><li><p><a href=#parse-a-url title="parse a url">Parse</a> the <a href=#url>URL</a>,
and let <var title="">fragid</var> be the <a href=#url-fragment title=url-fragment><fragment></a> component of the
@@ -63065,9 +63086,9 @@
<h2 id=syntax><span class=secno>9 </span><dfn>The HTML syntax</dfn></h2>
- <p class=note>This section only describes the rules for
- <code><a href=#text/html>text/html</a></code> resources. Rules for XML resources are
- discussed in the section below entitled "<a href=#the-xhtml-syntax>The XHTML
+ <p class=note>This section only describes the rules for resources
+ labeled with an <a href=#html-mime-type>HTML MIME type</a>. Rules for XML resources
+ are discussed in the section below entitled "<a href=#the-xhtml-syntax>The XHTML
syntax</a>".</p>
@@ -77997,13 +78018,86 @@
refer to <a href=#the-indicated-part-of-the-document>the indicated part of the document</a>.</p>
- <h3 id=application/xhtml+xml><span class=secno>13.2 </span><dfn><code>application/xhtml+xml</code></dfn></h3>
+ <h3 id=text/sandboxed-html><span class=secno>13.2 </span><dfn><code>text/sandboxed-html</code></dfn></h3>
<p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p>
<!--
To: ietf-types at iana.org
+ Subject: Registration of media type text/sandboxed-html
+ -->
+
+ <dl><dt>Type name:</dt>
+ <dd>text</dd>
+ <dt>Subtype name:</dt>
+ <dd>sandboxed-html</dd>
+ <dt>Required parameters:</dt>
+ <dd>No required parameters</dd>
+ <dt>Optional parameters:</dt>
+ <dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
+ <dt>Encoding considerations:</dt>
+ <dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
+ <dt>Security considerations:</dt>
+ <dd>
+ <p>The purpose of the <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> MIME type
+ is to provide a way for content providers to indicate that they
+ want the file to be interpreted in a manner that does not give the
+ file's contents access to the rest of the site. This is achieved
+ by assigning the <code>Document</code> objects generated from
+ resources labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> unique
+ origins.</p>
+ <p>To avoid having legacy user agents treating resources labeled
+ as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> as regular
+ <code><a href=#text/html>text/html</a></code> files, authors should avoid using the <code title="">.html</code> or <code title="">.htm</code> extensions for
+ resources labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>.</p>
+ <p>Beyond this, the type is identical to <code><a href=#text/html>text/html</a></code>,
+ and the same considerations apply.</p>
+ </dd>
+ <dt>Interoperability considerations:</dt>
+ <dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
+ <dt>Published specification:</dt>
+ <dd>
+ This document is the relevant specification. Labeling a resource
+ with the <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> type asserts that the
+ resource is an <a href=#html-documents title="HTML documents">HTML document</a>
+ using <a href=#syntax>the HTML syntax</a>.
+ </dd>
+ <dt>Applications that use this media type:</dt>
+ <dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
+ <dt>Additional information:</dt>
+ <dd>
+ <dl><dt>Magic number(s):</dt>
+ <dd>Documents labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> are
+ heuristically indistinguishable from those labeled as
+ <code><a href=#text/html>text/html</a></code>.</dd>
+ <dt>File extension(s):</dt>
+ <dd>"<code title="">sandboxed</code>"</dd>
+ <dt>Macintosh file type code(s):</dt>
+ <dd><code title="">TEXT</code></dd>
+ </dl></dd>
+ <dt>Person & email address to contact for further information:</dt>
+ <dd>Ian Hickson <ian at hixie.ch></dd>
+ <dt>Intended usage:</dt>
+ <dd>Common</dd>
+ <dt>Restrictions on usage:</dt>
+ <dd>No restrictions apply.</dd>
+ <dt>Author:</dt>
+ <dd>Ian Hickson <ian at hixie.ch></dd>
+ <dt>Change controller:</dt>
+ <dd>W3C and WHATWG</dd>
+ </dl><p>Fragment identifiers used with <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>
+ resources refer to <a href=#the-indicated-part-of-the-document>the indicated part of the
+ document</a>.</p>
+
+
+ <h3 id=application/xhtml+xml><span class=secno>13.3 </span><dfn><code>application/xhtml+xml</code></dfn></h3>
+
+ <p>This registration is for community review and will be submitted
+ to the IESG for review, approval, and registration with IANA.</p>
+
+ <!--
+ To: ietf-types at iana.org
Subject: Registration of media type application/xhtml+xml
-->
@@ -78062,7 +78156,7 @@
type</a>. <a href=#refsRFC3023>[RFC3023]</a></p>
- <h3 id=text/cache-manifest><span class=secno>13.3 </span><dfn><code>text/cache-manifest</code></dfn></h3>
+ <h3 id=text/cache-manifest><span class=secno>13.4 </span><dfn><code>text/cache-manifest</code></dfn></h3>
<p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p>
@@ -78132,7 +78226,7 @@
<code><a href=#text/cache-manifest>text/cache-manifest</a></code> resources.</p>
- <h3 id=text/ping><span class=secno>13.4 </span><dfn><code>text/ping</code></dfn></h3>
+ <h3 id=text/ping><span class=secno>13.5 </span><dfn><code>text/ping</code></dfn></h3>
<p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p>
@@ -78196,7 +78290,7 @@
- <h3 id=application/microdata+json><span class=secno>13.5 </span><dfn><code>application/microdata+json</code></dfn></h3>
+ <h3 id=application/microdata+json><span class=secno>13.6 </span><dfn><code>application/microdata+json</code></dfn></h3>
<p>This registration is for community review and will be submitted
@@ -78264,7 +78358,7 @@
- <h3 id=ping-from><span class=secno>13.6 </span><dfn title=http-ping-from><code>Ping-From</code></dfn></h3>
+ <h3 id=ping-from><span class=secno>13.7 </span><dfn title=http-ping-from><code>Ping-From</code></dfn></h3>
<p>This section describes a header field for registration in the
Permanent Message Header Field Registry. <a href=#refsRFC3864>[RFC3864]</a></p>
@@ -78283,7 +78377,7 @@
</dd>
<dt>Related information</dt>
<dd>None.</dd>
- </dl><h3 id=ping-to><span class=secno>13.7 </span><dfn title=http-ping-to><code>Ping-To</code></dfn></h3>
+ </dl><h3 id=ping-to><span class=secno>13.8 </span><dfn title=http-ping-to><code>Ping-To</code></dfn></h3>
<p>This section describes a header field for registration in the
Permanent Message Header Field Registry. <a href=#refsRFC3864>[RFC3864]</a></p>
Modified: source
===================================================================
--- source 2010-01-12 08:16:48 UTC (rev 4580)
+++ source 2010-01-12 11:45:42 UTC (rev 4581)
@@ -326,10 +326,10 @@
<p>The first such concrete syntax is the HTML syntax. This is the
format suggested for most authors. It is compatible with most legacy
- Web browsers. If a document is transmitted with the <span>MIME
- type</span> <code>text/html</code>, then it will be processed as an
- HTML document by Web browsers. This specification defines version 5
- of the HTML syntax, known as "HTML5".</p>
+ Web browsers. If a document is transmitted with an <span>HTML MIME
+ type</span>, such as <code>text/html</code>, then it will be
+ processed as an HTML document by Web browsers. This specification
+ defines version 5 of the HTML syntax, known as "HTML5".</p>
<p>The second concrete syntax is the XHTML syntax, which is an
application of XML. When a document is transmitted with an <span>XML
@@ -827,7 +827,11 @@
type and subtype, with no MIME Type parameters. <a
href="#refsHTTP">[HTTP]</a></p>
+ <p>The term <dfn>HTML MIME type</dfn> is used to refer to the <span
+ title="MIME type">MIME types</span> <code>text/html</code> and
+ <code>text/sandboxed-html</code>.</p>
+
<h4>XML</h4>
<p id="html-namespace">To ease migration from HTML to XHTML, UAs
@@ -1075,8 +1079,9 @@
element that forms part of the transform.</p>
<p>Web browsers that support <span>the HTML syntax</span> must
- process documents labeled as <code>text/html</code> as described
- in this specification, so that users can interact with them.</p>
+ process documents labeled with an <span>HTML MIME type</span> as
+ described in this specification, so that users can interact with
+ them.</p>
<p>User agents that support scripting must also be conforming
implementations of the IDL fragments in this specification, as
@@ -6408,11 +6413,11 @@
<hr>
<p>Data mining tools and other user agents that perform operations
- on <code>text/html</code> content without running scripts,
- evaluating CSS or XPath expressions, or otherwise exposing the
- resulting DOM to arbitrary content, may "support namespaces" by just
- asserting that their DOM node analogues are in certain namespaces,
- without actually exposing the above strings.</p>
+ on content without running scripts, evaluating CSS or XPath
+ expressions, or otherwise exposing the resulting DOM to arbitrary
+ content, may "support namespaces" by just asserting that their DOM
+ node analogues are in certain namespaces, without actually exposing
+ the above strings.</p>
<h2 id="dom">Semantics, structure, and APIs of HTML documents</h2>
@@ -21062,11 +21067,6 @@
<p>This flag <a href="#sandboxScriptBlocked">blocks script
execution</a>.</p>
- <p class="warning">This flag only takes effect when the
- <span>nested browsing context</span> of the <code>iframe</code> is
- <span title="navigate">navigated</span>. Removing it has no effect
- on an already-loaded page.</p>
-
</dd>
</dl>
@@ -21119,7 +21119,27 @@
</div>
+ <p class="note">Potentially hostile files can be served from the
+ same server as the file containing the <code>iframe</code> element
+ by labeling them as <code>text/sandboxed-html</code> instead of
+ <code>text/html</code>. This ensures that scripts in the files are
+ unable to attack the site (as if they were actually served from
+ another server), even if the user is tricked into visiting those
+ pages directly, without the protection of the <code
+ title="attr-iframe-sandbox">sandbox</code> attribute.</p>
+ <p class="warning">If the <code
+ title="attr-iframe-sandbox-allow-scripts">allow-scripts</code>
+ keyword is set along with <code
+ title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code>
+ keyword, and the file is from the <span>same origin</span> as the
+ <code>iframe</code>'s <code>Document</code>, then a script in the
+ "sandboxed" iframe could just reach out, remove the <code
+ title="attr-iframe-sandbox">sandbox</code> attribute, and then
+ reload itself, effectively breaking out of the sandbox
+ altogether.</p>
+
+
<hr>
@@ -57077,6 +57097,9 @@
browsing context flag</span> was set when the
<code>Document</code> was created</dt>
+ <dt>If a <code>Document</code> was generated from a resource
+ labeled as <code>text/sandboxed-html</code></dt>
+
<dd>The <span>origin</span> is a globally unique identifier
assigned when the <code>Document</code> is created.</dd>
@@ -63698,7 +63721,9 @@
<dl class="switch">
+ <!-- an <span>HTML MIME type</span> -->
<dt>"<code>text/html</code>"</dt>
+ <dt>"<code>text/sandboxed-html</code>"</dt>
<dd>Follow the steps given in the <span
title="navigate-html">HTML document</span> section, and abort
these steps.</dd>
@@ -64198,9 +64223,10 @@
fragment identifiers for <span title="XML MIME type">XML MIME
types</span> is the responsibility of RFC3023).</p>
- <p>For HTML documents (and the <code>text/html</code> <span>MIME type</span>),
- the following processing model must be followed to determine what
- <span>the indicated part of the document</span> is.</p>
+ <p>For HTML documents (and <span title="HTML MIME type">HTML MIME
+ types</span>), the following processing model must be followed to
+ determine what <span>the indicated part of the document</span>
+ is.</p>
<ol>
@@ -78470,9 +78496,9 @@
<h2 id="syntax"><dfn>The HTML syntax</dfn></h2>
- <p class="note">This section only describes the rules for
- <code>text/html</code> resources. Rules for XML resources are
- discussed in the section below entitled "<span>The XHTML
+ <p class="note">This section only describes the rules for resources
+ labeled with an <span>HTML MIME type</span>. Rules for XML resources
+ are discussed in the section below entitled "<span>The XHTML
syntax</span>".</p>
@@ -93111,6 +93137,85 @@
refer to <span>the indicated part of the document</span>.</p>
+ <h3><dfn><code>text/sandboxed-html</code></dfn></h3>
+
+ <p>This registration is for community review and will be submitted
+ to the IESG for review, approval, and registration with IANA.</p>
+
+ <!--
+ To: ietf-types at iana.org
+ Subject: Registration of media type text/sandboxed-html
+ -->
+
+ <dl>
+ <dt>Type name:</dt>
+ <dd>text</dd>
+ <dt>Subtype name:</dt>
+ <dd>sandboxed-html</dd>
+ <dt>Required parameters:</dt>
+ <dd>No required parameters</dd>
+ <dt>Optional parameters:</dt>
+ <dd>Same as for <code>text/html</code></dd>
+ <dt>Encoding considerations:</dt>
+ <dd>Same as for <code>text/html</code></dd>
+ <dt>Security considerations:</dt>
+ <dd>
+ <p>The purpose of the <code>text/sandboxed-html</code> MIME type
+ is to provide a way for content providers to indicate that they
+ want the file to be interpreted in a manner that does not give the
+ file's contents access to the rest of the site. This is achieved
+ by assigning the <code>Document</code> objects generated from
+ resources labeled as <code>text/sandboxed-html</code> unique
+ origins.</p>
+ <p>To avoid having legacy user agents treating resources labeled
+ as <code>text/sandboxed-html</code> as regular
+ <code>text/html</code> files, authors should avoid using the <code
+ title="">.html</code> or <code title="">.htm</code> extensions for
+ resources labeled as <code>text/sandboxed-html</code>.</p>
+ <p>Beyond this, the type is identical to <code>text/html</code>,
+ and the same considerations apply.</p>
+ </dd>
+ <dt>Interoperability considerations:</dt>
+ <dd>Same as for <code>text/html</code></dd>
+ <dt>Published specification:</dt>
+ <dd>
+ This document is the relevant specification. Labeling a resource
+ with the <code>text/sandboxed-html</code> type asserts that the
+ resource is an <span title="HTML documents">HTML document</span>
+ using <span>the HTML syntax</span>.
+ </dd>
+ <dt>Applications that use this media type:</dt>
+ <dd>Same as for <code>text/html</code></dd>
+ <dt>Additional information:</dt>
+ <dd>
+ <dl>
+ <dt>Magic number(s):</dt>
+ <dd>Documents labeled as <code>text/sandboxed-html</code> are
+ heuristically indistinguishable from those labeled as
+ <code>text/html</code>.</dd>
+ <dt>File extension(s):</dt>
+ <dd>"<code title="">sandboxed</code>"</dd>
+ <dt>Macintosh file type code(s):</dt>
+ <dd><code title="">TEXT</code></dd>
+ </dl>
+ </dd>
+ <dt>Person & email address to contact for further information:</dt>
+ <dd>Ian Hickson <ian at hixie.ch></dd>
+ <dt>Intended usage:</dt>
+ <dd>Common</dd>
+ <dt>Restrictions on usage:</dt>
+ <dd>No restrictions apply.</dd>
+ <dt>Author:</dt>
+ <dd>Ian Hickson <ian at hixie.ch></dd>
+ <dt>Change controller:</dt>
+ <dd>W3C and WHATWG</dd>
+ </dl>
+
+ <p>Fragment identifiers used with <code>text/sandboxed-html</code>
+ resources refer to <span>the indicated part of the
+ document</span>.</p>
+
+
<h3><dfn><code>application/xhtml+xml</code></dfn></h3>
<p>This registration is for community review and will be submitted
More information about the Commit-Watchers
mailing list