[html5] r6217 - [e] (0) Give a summary of how target='' and sandbox='' interact. Fixing http://w [...]
whatwg at whatwg.org
whatwg at whatwg.org
Mon Jun 13 15:15:53 PDT 2011
Author: ianh
Date: 2011-06-13 15:15:51 -0700 (Mon, 13 Jun 2011)
New Revision: 6217
Modified:
complete.html
index
source
Log:
[e] (0) Give a summary of how target='' and sandbox='' interact.
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=12392
Modified: complete.html
===================================================================
--- complete.html 2011-06-13 19:41:48 UTC (rev 6216)
+++ complete.html 2011-06-13 22:15:51 UTC (rev 6217)
@@ -19735,14 +19735,18 @@
that create <a href=#hyperlink title=hyperlink>hyperlinks</a> is to run the
following steps:</p>
- <ol><li><p>If the <code title=event-click><a href=#event-click>click</a></code>
- event in question is not <a href=#concept-events-trusted title=concept-events-trusted>trusted</a> (i.e. a <code title=dom-click><a href=#dom-click>click()</a></code> method call was the reason for the
- event being dispatched), and the <code><a href=#the-a-element>a</a></code> element's <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code> attribute is such that
- applying <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a browsing context given a
- browsing context name</a>, using the value of the <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code> attribute as the
- browsing context name, would result in there not being a chosen
- browsing context, then raise an <code><a href=#invalid_access_err>INVALID_ACCESS_ERR</a></code>
- exception and abort these steps.</li>
+ <ol><li><p>If the <code title=event-click><a href=#event-click>click</a></code> event in
+ question is not <a href=#concept-events-trusted title=concept-events-trusted>trusted</a>
+ (i.e. a <code title=dom-click><a href=#dom-click>click()</a></code> method call was the
+ reason for the event being dispatched), and the <code><a href=#the-a-element>a</a></code>
+ element's <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code>
+ attribute is present and applying <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a
+ browsing context given a browsing context name</a>, using the
+ value of the <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code>
+ attribute as the browsing context name, would result in there not
+ being a chosen browsing context, then raise an
+ <code><a href=#invalid_access_err>INVALID_ACCESS_ERR</a></code> exception and abort these
+ steps.</li>
<li><p>If the target of the <code title=event-click><a href=#event-click>click</a></code>
event is an <code><a href=#the-img-element>img</a></code> element with an <code title=attr-img-ismap><a href=#attr-img-ismap>ismap</a></code> attribute specified, then
@@ -38112,7 +38116,7 @@
(i.e. a <code title=dom-click><a href=#dom-click>click()</a></code> method call was the
reason for the event being dispatched), and the <code><a href=#the-area-element>area</a></code>
element's <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code>
- attribute is such that applying <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a
+ attribute is present and applying <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a
browsing context given a browsing context name</a>, using the
value of the <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code>
attribute as the browsing context name, would result in there not
@@ -61071,6 +61075,153 @@
that is either a <a href=#valid-browsing-context-name>valid browsing context name</a> or that is
an <a href=#ascii-case-insensitive>ASCII case-insensitive</a> match for one of: <code title="">_blank</code>, <code title="">_self</code>, <code title="">_parent</code>, or <code title="">_top</code>.</p>
+ <p>These values have different meanings based on whether the page is
+ sandboxed or not, as summarized in the following (non-normative)
+ table. In this table, "current" means the <a href=#browsing-context>browsing
+ context</a> that the link or script is in, "parent" means the
+ <a href=#parent-browsing-context>parent browsing context</a> of the one the link or script
+ is in, "master" means the nearest <a href=#ancestor-browsing-context>ancestor browsing
+ context</a> of the one the link or script is in that is not
+ itself in a <a href=#attr-iframe-seamless title=attr-iframe-seamless>seamless
+ iframe</a>, "top" means the <a href=#top-level-browsing-context>top-level browsing
+ context</a> of the one the link or script is in, "new" means a
+ new <a href=#top-level-browsing-context>top-level browsing context</a> or <a href=#auxiliary-browsing-context>auxiliary
+ browsing context</a> is to be created, subject to various user
+ preferences and user agent policies, and "none" means that by
+ default nothing will happen.</p>
+
+ <table><thead><tr><th rowspan=2>Keyword
+ <th rowspan=2>Ordinary effect
+ <th colspan=5>Effect in an <code><a href=#the-iframe-element>iframe</a></code> with...
+ <tr><!-- nothing --><th><code title="">seamless=""</code>
+ <th><code title="">sandbox=""</code>
+ <th><code title="">sandbox="" seamless=""</code>
+ <th><code title="">sandbox="allow-top-navigation"</code>
+ <th><code title="">sandbox="allow-top-navigation" seamless=""</code>
+
+ <tbody><tr><td>none specified, for links and form submissions <!-- same as empty string -->
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+
+ <tr><td>none specified, for <code title=dom-open><a href=#dom-open>window.open()</a></code> <!-- same as _blank -->
+ <td>new
+ <td>new
+ <td>new†
+ <td>new†
+ <td>new†
+ <td>new†
+
+ <tr><td>empty string
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+
+ <tr><td><code title="">_blank</code>
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+
+ <tr><td><code title="">_self</code>
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr><td><code title="">_parent</code> if there isn't a parent
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr><td><code title="">_parent</code> if parent is also top
+ <td>parent/top
+ <td>parent/top
+ <td>none
+ <td>none
+ <td>parent/top
+ <td>parent/top
+
+ <tr><td><code title="">_parent</code> if there is one and it's not top
+ <td>parent
+ <td>parent
+ <td>none
+ <td>none
+ <td>none
+ <td>none
+
+ <tr><td><code title="">_top</code> if top is current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr><td><code title="">_top</code> if top is not current
+ <td>top
+ <td>top
+ <td>none
+ <td>none
+ <td>top
+ <td>top
+
+ <tr><td>name that doesn't exist
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+
+ <tr><td>name that exists and is a descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+
+ <tr><td>name that exists and is current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr><td>name that exists and is a ancestor that is top
+ <td>specified ancestor
+ <td>specified ancestor
+ <td>none
+ <td>none
+ <td>specified ancestor/top
+ <td>specified ancestor/top
+
+ <tr><td>name that exists and is a ancestor that is not top
+ <td>specified ancestor
+ <td>specified ancestor
+ <td>none
+ <td>none
+ <td>none
+ <td>none
+
+ </table><p><small>† This case is only possible if the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute also allows
+ scripts.</small></p>
+
<div class=impl>
<p><dfn id=the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>The rules for choosing a browsing context given a browsing
Modified: index
===================================================================
--- index 2011-06-13 19:41:48 UTC (rev 6216)
+++ index 2011-06-13 22:15:51 UTC (rev 6217)
@@ -19725,14 +19725,18 @@
that create <a href=#hyperlink title=hyperlink>hyperlinks</a> is to run the
following steps:</p>
- <ol><li><p>If the <code title=event-click><a href=#event-click>click</a></code>
- event in question is not <a href=#concept-events-trusted title=concept-events-trusted>trusted</a> (i.e. a <code title=dom-click><a href=#dom-click>click()</a></code> method call was the reason for the
- event being dispatched), and the <code><a href=#the-a-element>a</a></code> element's <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code> attribute is such that
- applying <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a browsing context given a
- browsing context name</a>, using the value of the <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code> attribute as the
- browsing context name, would result in there not being a chosen
- browsing context, then raise an <code><a href=#invalid_access_err>INVALID_ACCESS_ERR</a></code>
- exception and abort these steps.</li>
+ <ol><li><p>If the <code title=event-click><a href=#event-click>click</a></code> event in
+ question is not <a href=#concept-events-trusted title=concept-events-trusted>trusted</a>
+ (i.e. a <code title=dom-click><a href=#dom-click>click()</a></code> method call was the
+ reason for the event being dispatched), and the <code><a href=#the-a-element>a</a></code>
+ element's <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code>
+ attribute is present and applying <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a
+ browsing context given a browsing context name</a>, using the
+ value of the <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code>
+ attribute as the browsing context name, would result in there not
+ being a chosen browsing context, then raise an
+ <code><a href=#invalid_access_err>INVALID_ACCESS_ERR</a></code> exception and abort these
+ steps.</li>
<li><p>If the target of the <code title=event-click><a href=#event-click>click</a></code>
event is an <code><a href=#the-img-element>img</a></code> element with an <code title=attr-img-ismap><a href=#attr-img-ismap>ismap</a></code> attribute specified, then
@@ -38105,7 +38109,7 @@
(i.e. a <code title=dom-click><a href=#dom-click>click()</a></code> method call was the
reason for the event being dispatched), and the <code><a href=#the-area-element>area</a></code>
element's <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code>
- attribute is such that applying <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a
+ attribute is present and applying <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a
browsing context given a browsing context name</a>, using the
value of the <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code>
attribute as the browsing context name, would result in there not
@@ -61064,6 +61068,153 @@
that is either a <a href=#valid-browsing-context-name>valid browsing context name</a> or that is
an <a href=#ascii-case-insensitive>ASCII case-insensitive</a> match for one of: <code title="">_blank</code>, <code title="">_self</code>, <code title="">_parent</code>, or <code title="">_top</code>.</p>
+ <p>These values have different meanings based on whether the page is
+ sandboxed or not, as summarized in the following (non-normative)
+ table. In this table, "current" means the <a href=#browsing-context>browsing
+ context</a> that the link or script is in, "parent" means the
+ <a href=#parent-browsing-context>parent browsing context</a> of the one the link or script
+ is in, "master" means the nearest <a href=#ancestor-browsing-context>ancestor browsing
+ context</a> of the one the link or script is in that is not
+ itself in a <a href=#attr-iframe-seamless title=attr-iframe-seamless>seamless
+ iframe</a>, "top" means the <a href=#top-level-browsing-context>top-level browsing
+ context</a> of the one the link or script is in, "new" means a
+ new <a href=#top-level-browsing-context>top-level browsing context</a> or <a href=#auxiliary-browsing-context>auxiliary
+ browsing context</a> is to be created, subject to various user
+ preferences and user agent policies, and "none" means that by
+ default nothing will happen.</p>
+
+ <table><thead><tr><th rowspan=2>Keyword
+ <th rowspan=2>Ordinary effect
+ <th colspan=5>Effect in an <code><a href=#the-iframe-element>iframe</a></code> with...
+ <tr><!-- nothing --><th><code title="">seamless=""</code>
+ <th><code title="">sandbox=""</code>
+ <th><code title="">sandbox="" seamless=""</code>
+ <th><code title="">sandbox="allow-top-navigation"</code>
+ <th><code title="">sandbox="allow-top-navigation" seamless=""</code>
+
+ <tbody><tr><td>none specified, for links and form submissions <!-- same as empty string -->
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+
+ <tr><td>none specified, for <code title=dom-open><a href=#dom-open>window.open()</a></code> <!-- same as _blank -->
+ <td>new
+ <td>new
+ <td>new†
+ <td>new†
+ <td>new†
+ <td>new†
+
+ <tr><td>empty string
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+
+ <tr><td><code title="">_blank</code>
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+
+ <tr><td><code title="">_self</code>
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr><td><code title="">_parent</code> if there isn't a parent
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr><td><code title="">_parent</code> if parent is also top
+ <td>parent/top
+ <td>parent/top
+ <td>none
+ <td>none
+ <td>parent/top
+ <td>parent/top
+
+ <tr><td><code title="">_parent</code> if there is one and it's not top
+ <td>parent
+ <td>parent
+ <td>none
+ <td>none
+ <td>none
+ <td>none
+
+ <tr><td><code title="">_top</code> if top is current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr><td><code title="">_top</code> if top is not current
+ <td>top
+ <td>top
+ <td>none
+ <td>none
+ <td>top
+ <td>top
+
+ <tr><td>name that doesn't exist
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+
+ <tr><td>name that exists and is a descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+
+ <tr><td>name that exists and is current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr><td>name that exists and is a ancestor that is top
+ <td>specified ancestor
+ <td>specified ancestor
+ <td>none
+ <td>none
+ <td>specified ancestor/top
+ <td>specified ancestor/top
+
+ <tr><td>name that exists and is a ancestor that is not top
+ <td>specified ancestor
+ <td>specified ancestor
+ <td>none
+ <td>none
+ <td>none
+ <td>none
+
+ </table><p><small>† This case is only possible if the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute also allows
+ scripts.</small></p>
+
<div class=impl>
<p><dfn id=the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>The rules for choosing a browsing context given a browsing
Modified: source
===================================================================
--- source 2011-06-13 19:41:48 UTC (rev 6216)
+++ source 2011-06-13 22:15:51 UTC (rev 6217)
@@ -21265,18 +21265,18 @@
<ol>
- <li><p>If the <code title="event-click">click</code>
- event in question is not <span
- title="concept-events-trusted">trusted</span> (i.e. a <code
- title="dom-click">click()</code> method call was the reason for the
- event being dispatched), and the <code>a</code> element's <code
- title="attr-hyperlink-target">target</code> attribute is such that
- applying <span>the rules for choosing a browsing context given a
- browsing context name</span>, using the value of the <code
- title="attr-hyperlink-target">target</code> attribute as the
- browsing context name, would result in there not being a chosen
- browsing context, then raise an <code>INVALID_ACCESS_ERR</code>
- exception and abort these steps.</p></li>
+ <li><p>If the <code title="event-click">click</code> event in
+ question is not <span title="concept-events-trusted">trusted</span>
+ (i.e. a <code title="dom-click">click()</code> method call was the
+ reason for the event being dispatched), and the <code>a</code>
+ element's <code title="attr-hyperlink-target">target</code>
+ attribute is present and applying <span>the rules for choosing a
+ browsing context given a browsing context name</span>, using the
+ value of the <code title="attr-hyperlink-target">target</code>
+ attribute as the browsing context name, would result in there not
+ being a chosen browsing context, then raise an
+ <code>INVALID_ACCESS_ERR</code> exception and abort these
+ steps.</p></li>
<li><p>If the target of the <code title="event-click">click</code>
event is an <code>img</code> element with an <code
@@ -42434,7 +42434,7 @@
(i.e. a <code title="dom-click">click()</code> method call was the
reason for the event being dispatched), and the <code>area</code>
element's <code title="attr-hyperlink-target">target</code>
- attribute is such that applying <span>the rules for choosing a
+ attribute is present and applying <span>the rules for choosing a
browsing context given a browsing context name</span>, using the
value of the <code title="attr-hyperlink-target">target</code>
attribute as the browsing context name, would result in there not
@@ -69594,6 +69594,176 @@
title="">_blank</code>, <code title="">_self</code>, <code
title="">_parent</code>, or <code title="">_top</code>.</p>
+ <p>These values have different meanings based on whether the page is
+ sandboxed or not, as summarized in the following (non-normative)
+ table. In this table, "current" means the <span>browsing
+ context</span> that the link or script is in, "parent" means the
+ <span>parent browsing context</span> of the one the link or script
+ is in, "master" means the nearest <span>ancestor browsing
+ context</span> of the one the link or script is in that is not
+ itself in a <span title="attr-iframe-seamless">seamless
+ iframe</span>, "top" means the <span>top-level browsing
+ context</span> of the one the link or script is in, "new" means a
+ new <span>top-level browsing context</span> or <span>auxiliary
+ browsing context</span> is to be created, subject to various user
+ preferences and user agent policies, and "none" means that by
+ default nothing will happen.</p>
+
+ <table>
+ <thead>
+ <tr>
+ <th rowspan=2>Keyword
+ <th rowspan=2>Ordinary effect
+ <th colspan=5>Effect in an <code>iframe</code> with...
+ <tr> <!-- nothing -->
+ <th><code title="">seamless=""</code>
+ <th><code title="">sandbox=""</code>
+ <th><code title="">sandbox="" seamless=""</code>
+ <th><code title="">sandbox="allow-top-navigation"</code>
+ <th><code title="">sandbox="allow-top-navigation" seamless=""</code>
+
+ <tbody>
+ <tr>
+ <td>none specified, for links and form submissions <!-- same as empty string -->
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+
+ <tr>
+ <td>none specified, for <code title="dom-open">window.open()</code> <!-- same as _blank -->
+ <td>new
+ <td>new
+ <td>new†
+ <td>new†
+ <td>new†
+ <td>new†
+
+ <tr>
+ <td>empty string
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+ <td>current
+ <td>master
+
+ <tr>
+ <td><code title="">_blank</code>
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+
+ <tr>
+ <td><code title="">_self</code>
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr>
+ <td><code title="">_parent</code> if there isn't a parent
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr>
+ <td><code title="">_parent</code> if parent is also top
+ <td>parent/top
+ <td>parent/top
+ <td>none
+ <td>none
+ <td>parent/top
+ <td>parent/top
+
+ <tr>
+ <td><code title="">_parent</code> if there is one and it's not top
+ <td>parent
+ <td>parent
+ <td>none
+ <td>none
+ <td>none
+ <td>none
+
+ <tr>
+ <td><code title="">_top</code> if top is current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr>
+ <td><code title="">_top</code> if top is not current
+ <td>top
+ <td>top
+ <td>none
+ <td>none
+ <td>top
+ <td>top
+
+ <tr>
+ <td>name that doesn't exist
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+ <td>new
+
+ <tr>
+ <td>name that exists and is a descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+ <td>specified descendant
+
+ <tr>
+ <td>name that exists and is current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+ <td>current
+
+ <tr>
+ <td>name that exists and is a ancestor that is top
+ <td>specified ancestor
+ <td>specified ancestor
+ <td>none
+ <td>none
+ <td>specified ancestor/top
+ <td>specified ancestor/top
+
+ <tr>
+ <td>name that exists and is a ancestor that is not top
+ <td>specified ancestor
+ <td>specified ancestor
+ <td>none
+ <td>none
+ <td>none
+ <td>none
+
+ </table>
+
+ <p><small>† This case is only possible if the <code
+ title="attr-iframe-sandbox">sandbox</code> attribute also allows
+ scripts.</small></p>
+
<div class="impl">
<p><dfn>The rules for choosing a browsing context given a browsing
More information about the Commit-Watchers
mailing list