[html5] r7054 - [giow] (0) sandbox='allow-popups' feature Affected topics: DOM APIs, HTML
whatwg at whatwg.org
whatwg at whatwg.org
Mon Apr 16 22:02:28 PDT 2012
Author: ianh
Date: 2012-04-16 22:02:26 -0700 (Mon, 16 Apr 2012)
New Revision: 7054
Modified:
complete.html
index
source
Log:
[giow] (0) sandbox='allow-popups' feature
Affected topics: DOM APIs, HTML
Modified: complete.html
===================================================================
--- complete.html 2012-04-13 23:10:03 UTC (rev 7053)
+++ complete.html 2012-04-17 05:02:26 UTC (rev 7054)
@@ -240,7 +240,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 13 April 2012</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 17 April 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -25320,6 +25320,7 @@
<a href=#unordered-set-of-unique-space-separated-tokens>unordered set of unique space-separated tokens</a> that are
<a href=#ascii-case-insensitive>ASCII case-insensitive</a>. The allowed values are
<code title=attr-iframe-sandbox-allow-forms><a href=#attr-iframe-sandbox-allow-forms>allow-forms</a></code>,
+ <code title=attr-iframe-sandbox-allow-popups><a href=#attr-iframe-sandbox-allow-popups>allow-popups</a></code>,
<code title=attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code>,
<code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>, and
<code title=attr-iframe-sandbox-allow-top-navigation><a href=#attr-iframe-sandbox-allow-top-navigation>allow-top-navigation</a></code>.
@@ -25332,9 +25333,8 @@
keyword allows the content to be treated as being from the same
origin instead of forcing it into a unique origin, the <code title=attr-iframe-sandbox-allow-top-navigation><a href=#attr-iframe-sandbox-allow-top-navigation>allow-top-navigation</a></code>
keyword allows the content to <a href=#navigate>navigate</a> its
- <a href=#top-level-browsing-context>top-level browsing context</a>, and the <code title=attr-iframe-sandbox-allow-forms><a href=#attr-iframe-sandbox-allow-forms>allow-forms</a></code> and <code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>
- keywords re-enable forms and scripts respectively (though scripts
- are still prevented from creating popups).</p>
+ <a href=#top-level-browsing-context>top-level browsing context</a>, and the <code title=attr-iframe-sandbox-allow-forms><a href=#attr-iframe-sandbox-allow-forms>allow-forms</a></code>, <code title=attr-iframe-sandbox-allow-popups><a href=#attr-iframe-sandbox-allow-popups>allow-popups</a></code> and <code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>
+ keywords re-enable forms, popups, and scripts respectively.</p>
<p class=warning>Setting both the
<code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code> and
@@ -63805,10 +63805,10 @@
context</a> of the one the link or script is in, "new" means a
new <a href=#top-level-browsing-context>top-level browsing context</a> or <a href=#auxiliary-browsing-context>auxiliary
browsing context</a> is to be created, subject to various user
- preferences and user agent policies, "maybe new" means the same as
- "new" but the requirements for those cases encourage user agents to
- treat it more like "none", and "none" means that by default nothing
- will happen.</p>
+ preferences and user agent policies, "none" means that nothing will
+ happen, and "maybe new" means the same as "new" if the "<code title=attr-iframe-sandbox-allow-popups><a href=#attr-iframe-sandbox-allow-popups>allow-popups</a></code>"
+ keyword is also specified on the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute (or if the user
+ overrode the sandboxing), and the same as "none" otherwise.</p>
<table><thead><tr><th rowspan=2>Keyword
<th rowspan=2>Ordinary effect
@@ -64007,20 +64007,30 @@
<dl class=switch><dt id=sandboxWindowOpen>If the current browsing context's
<a href=#active-document>active document</a>'s <a href=#active-sandboxing-flag-set>active sandboxing flag
- set</a> has the <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context
- flag</a> set.</dt>
+ set</a> has the <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing
+ context flag</a> set.</dt>
- <dd><p>The user agent may offer to create a new <a href=#top-level-browsing-context>top-level
- browsing context</a> or reuse an existing <a href=#top-level-browsing-context>top-level
- browsing context</a>. If the user picks one of those options,
- then the designated browsing context must be the chosen one (the
- browsing context's name isn't set to the given browsing context
- name). The default behaviour (if the user agent doesn't offer the
- option to the user, or if the user declines to allow a browsing
- context to be used) there must not be a chosen browsing
- context.</dd>
+ <dd>
+ <p>Typically, there is no chosen browsing context.</p>
+ <p>The user agent may offer to create a new <a href=#top-level-browsing-context>top-level
+ browsing context</a> or reuse an existing <a href=#top-level-browsing-context>top-level
+ browsing context</a>. If the user picks one of those options,
+ then the designated browsing context must be the chosen one (the
+ browsing context's name isn't set to the given browsing context
+ name). The default behaviour (if the user agent doesn't offer
+ the option to the user, or if the user declines to allow a
+ browsing context to be used) must be that there must not be a
+ chosen browsing context.</p>
+
+ <p class=warning>If this case occurs, it means that an author
+ has explicitly sandboxed the document that is trying to open a
+ link.</p>
+
+ </dd>
+
+
<dt id=noopener>If the user agent has been configured such that
in this instance it will create a new browsing context, and the
browsing context is being requested as part of <a href=#following-hyperlinks title="following hyperlinks">following a hyperlink</a> whose
@@ -64067,6 +64077,18 @@
users to configure the user agent to always reuse the current
browsing context.</p>
+ <p>If the current browsing context's <a href=#active-document>active
+ document</a>'s <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> has the
+ <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a> set and
+ chosen browsing context picked above, if any, is a new browsing
+ context (whether top-level or auxiliary), then all the flags that
+ are set in the current browsing context's <a href=#active-document>active
+ document</a>'s <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> when the
+ new browsing context is created must be set in the new browsing
+ context's <a href=#popup-sandboxing-flag-set>popup sandboxing flag set</a>, and the current
+ browsing context must be set as the new browsing context's
+ <a href=#one-permitted-sandboxed-navigator>one permitted sandboxed navigator</a>.</p>
+
</li>
</ol></div>
@@ -65373,23 +65395,42 @@
<p>This flag <a href=#sandboxLinks>prevents content from
navigating browsing contexts other than the sandboxed browsing
context itself</a> (or browsing contexts further nested inside
- it), and the <a href=#top-level-browsing-context>top-level browsing context</a> (which is
+ it), <a href=#auxiliary-browsing-context title="auxiliary browsing context">auxiliary browsing
+ contexts</a> (which are protected by the <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed
+ auxiliary navigation browsing context flag</a> defined next),
+ and the <a href=#top-level-browsing-context>top-level browsing context</a> (which is
protected by the <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing
- context flag</a> defined next).</p>
+ context flag</a> defined below).</p>
- <p>This flag also <a href=#sandboxWindowOpen>prevents content
- from creating new auxiliary browsing contexts</a>, e.g. using the
- <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code> attribute, the
- <code title=dom-open><a href=#dom-open>window.open()</a></code> method, or the <code title=dom-showModalDialog><a href=#dom-showmodaldialog>showModalDialog()</a></code> method.</p>
+ <p>If the <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing context
+ flag</a> is not set, then in certain cases the restrictions
+ nonetheless allow popups (new <a href=#top-level-browsing-context title="top-level browsing
+ context">top-level browsing contexts</a>) to be opened. These
+ <a href=#browsing-context title="browsing context">browsing contexts</a> always
+ have <dfn id=one-permitted-sandboxed-navigator>one permitted sandboxed navigator</dfn>, set when the
+ browsing context is created, which allows the <a href=#browsing-context>browsing
+ context</a> that created them to actually navigate them.
+ (Otherwise, the <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context
+ flag</a> would prevent them from being navigated even if they
+ were opened.)</p>
</dd>
- <dt>The <dfn id=sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context
- flag</dfn></dt>
+ <dt>The <dfn id=sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing context flag</dfn></dt>
<dd>
+ <p>This flag <a href=#sandboxWindowOpen>prevents content from
+ creating new auxiliary browsing contexts</a>, e.g. using the <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code> attribute, the <code title=dom-open><a href=#dom-open>window.open()</a></code> method, or the <code title=dom-showModalDialog><a href=#dom-showmodaldialog>showModalDialog()</a></code> method.</p>
+
+ </dd>
+
+
+ <dt>The <dfn id=sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context flag</dfn></dt>
+
+ <dd>
+
<p>This flag <a href=#sandboxLinks>prevents content from
navigating their <span>top-level browsing context</span></a>.</p>
@@ -65397,7 +65438,9 @@
is set, content can navigate its <a href=#top-level-browsing-context>top-level browsing
context</a>, but other <a href=#browsing-context title="browsing context">browsing
contexts</a> are still protected by the <a href=#sandboxed-navigation-browsing-context-flag>sandboxed
- navigation browsing context flag</a> defined above.</p>
+ navigation browsing context flag</a> and possibly the
+ <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing context
+ flag</a>.</p>
</dd>
@@ -65494,6 +65537,10 @@
<ul><li><p>The <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a></li>
+ <li><p>The <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing context
+ flag</a>, unless <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-popups title=attr-iframe-sandbox-allow-popups><code>allow-popups</code></dfn>
+ keyword</li>
+
<li><p>The <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context
flag</a>, unless <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-top-navigation title=attr-iframe-sandbox-allow-top-navigation><code>allow-top-navigation</code></dfn>
keyword</li>
@@ -65552,7 +65599,13 @@
</ul></li>
- </ol><hr><p>Every <a href=#nested-browsing-context>nested browsing context</a> has an
+ </ol><hr><p>Every <a href=#top-level-browsing-context>top-level browsing context</a> has a <dfn id=popup-sandboxing-flag-set>popup
+ sandboxing flag set</dfn>. When a <a href=#browsing-context>browsing context</a> is
+ created, its <a href=#popup-sandboxing-flag-set>popup sandboxing flag set</a> must be empty.
+ It is populated by <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a browsing context
+ given a browsing context name</a>.</p>
+
+ <p>Every <a href=#nested-browsing-context>nested browsing context</a> has an
<dfn id=iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag set</dfn>, which is a
<a href=#sandboxing-flag-set>sandboxing flag set</a>. Which flags in a <a href=#nested-browsing-context>nested
browsing context</a>'s <a href=#iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag
@@ -66437,10 +66490,8 @@
<a href=#source-browsing-context>source browsing context</a> is not one of the <a href=#ancestor-browsing-context title="ancestor browsing context">ancestor browsing
contexts</a> of the <a href=#browsing-context>browsing context</a> being
navigated, and the <a href=#browsing-context>browsing context</a> being navigated
- is not both a <a href=#top-level-browsing-context>top-level browsing context</a> and one of
- the <a href=#ancestor-browsing-context title="ancestor browsing context">ancestor browsing
- contexts</a> of the <a href=#source-browsing-context>source browsing context</a>, and
- the <a href=#source-browsing-context>source browsing context</a>'s <a href=#active-document>active
+ is not a <a href=#top-level-browsing-context>top-level browsing context</a>, and the
+ <a href=#source-browsing-context>source browsing context</a>'s <a href=#active-document>active
document</a>'s <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> has its
<a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a> set, then
abort these steps.</p>
@@ -66454,15 +66505,33 @@
top-level navigation browsing context flag</a> set, then abort
these steps.</p>
- <p>In both cases, the user agent may additionally offer to open
- the new resource in a new <a href=#top-level-browsing-context>top-level browsing context</a>
- or in the <a href=#top-level-browsing-context>top-level browsing context</a> of the
- <a href=#source-browsing-context>source browsing context</a>, at the user's option, in
- which case the user agent must <a href=#navigate>navigate</a><!--DONAV
+ <p>Otherwise, if the <a href=#browsing-context>browsing context</a> being navigated
+ is a <a href=#top-level-browsing-context>top-level browsing context</a>, and is not one of
+ the <a href=#ancestor-browsing-context title="ancestor browsing context">ancestor browsing
+ contexts</a> of the <a href=#source-browsing-context>source browsing context</a>, and
+ the <a href=#source-browsing-context>source browsing context</a>'s <code><a href=#document>Document</a></code>'s
+ <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> has its <a href=#sandboxed-navigation-browsing-context-flag>sandboxed
+ navigation browsing context flag</a> set, and the <a href=#source-browsing-context>source
+ browsing context</a> is not the <a href=#one-permitted-sandboxed-navigator>one permitted sandboxed
+ navigator</a> of the <a href=#browsing-context>browsing context</a> being
+ navigated, then abort these steps.</p> <!-- we do not check the
+ /sandboxed auxiliary navigation browsing context flag/ here,
+ that's only for actually opening the new top-level browsing
+ context. -->
+
+ <p>In all of these cases, the user agent may additionally offer to
+ open the new resource in a new <a href=#top-level-browsing-context>top-level browsing
+ context</a> or in the <a href=#top-level-browsing-context>top-level browsing context</a>
+ of the <a href=#source-browsing-context>source browsing context</a>, at the user's option,
+ in which case the user agent must <a href=#navigate>navigate</a><!--DONAV
sandbox manual load--> that designated <a href=#top-level-browsing-context>top-level browsing
context</a> to the new resource as if the user had requested it
independently.</p>
+ <p class=note>Doing so, however, can be dangerous, as it means
+ that the user is overriding the author's explicit request to
+ sandbox the content.</p>
+
</li>
<li id=seamlessLinks><p>If the <a href=#source-browsing-context>source browsing
@@ -66844,6 +66913,11 @@
<code><a href=#document>Document</a></code> object is created:</p>
<ul><li><p>If the <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing
+ context</a> is a <a href=#top-level-browsing-context>top-level browsing context</a>,
+ then: the flags set on the <a href=#browsing-context>browsing context</a>'s
+ <a href=#popup-sandboxing-flag-set>popup sandboxing flag set</a>.</li>
+
+ <li><p>If the <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing
context</a> is a <a href=#nested-browsing-context>nested browsing context</a>, then:
the flags set on the <a href=#browsing-context>browsing context</a>'s
<a href=#iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag set</a>.</li>
@@ -72481,10 +72555,13 @@
<li>
- <p>If the current browsing context's <a href=#active-document>active
- document</a>'s <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> has its
- <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a> set, then
- return the empty string and abort these steps.</p>
+ <p>If the <a href=#active-sandboxing-flag-set>active sandboxing flag set</a>
+ of the <a href=#active-document>active document</a>
+ of the <a href="#script's-browsing-context" title="script's browsing context">browsing context</a>
+ of the <a href=#concept-script title=concept-script>script</a> that invoked the method
+ has its
+ <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing context flag</a>
+ set, then return the empty string and abort these steps.</p>
</li>
@@ -72538,6 +72615,22 @@
<li>
+ <p>Set all the flags
+ in the new browsing context's <a href=#popup-sandboxing-flag-set>popup sandboxing flag set</a>
+ that are set in the
+ <a href=#active-sandboxing-flag-set>active sandboxing flag set</a>
+ of the <a href=#active-document>active document</a>
+ of the <a href="#script's-browsing-context" title="script's browsing context">browsing context</a>
+ of the <a href=#concept-script title=concept-script>script</a> that invoked the method.
+ The <a href="#script's-browsing-context" title="script's browsing context">browsing context</a>
+ of the <a href=#concept-script title=concept-script>script</a> that invoked the method
+ must be set as the new browsing context's
+ <a href=#one-permitted-sandboxed-navigator>one permitted sandboxed navigator</a>.</p>
+
+ </li>
+
+ <li>
+
<p>Let the <a href=#dialog-arguments>dialog arguments</a> of the new browsing
context be set to the value of <var title="">argument</var>, or
the 'undefined' value if the argument was omitted.</p>
@@ -99696,6 +99789,7 @@
<td> Security rules for nested content
<td> <a href=#unordered-set-of-unique-space-separated-tokens>Unordered set of unique space-separated tokens</a>, <a href=#ascii-case-insensitive>ASCII case-insensitive</a>, consisting of
"<code title=attr-iframe-sandbox-allow-forms><a href=#attr-iframe-sandbox-allow-forms>allow-forms</a></code>",
+ "<code title=attr-iframe-sandbox-allow-popups><a href=#attr-iframe-sandbox-allow-popups>allow-popups</a></code>",
"<code title=attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code>",
"<code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code> and
"<code title=attr-iframe-sandbox-allow-top-navigation><a href=#attr-iframe-sandbox-allow-top-navigation>allow-top-navigation</a></code>"
Modified: index
===================================================================
--- index 2012-04-13 23:10:03 UTC (rev 7053)
+++ index 2012-04-17 05:02:26 UTC (rev 7054)
@@ -240,7 +240,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 13 April 2012</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 17 April 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -25320,6 +25320,7 @@
<a href=#unordered-set-of-unique-space-separated-tokens>unordered set of unique space-separated tokens</a> that are
<a href=#ascii-case-insensitive>ASCII case-insensitive</a>. The allowed values are
<code title=attr-iframe-sandbox-allow-forms><a href=#attr-iframe-sandbox-allow-forms>allow-forms</a></code>,
+ <code title=attr-iframe-sandbox-allow-popups><a href=#attr-iframe-sandbox-allow-popups>allow-popups</a></code>,
<code title=attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code>,
<code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>, and
<code title=attr-iframe-sandbox-allow-top-navigation><a href=#attr-iframe-sandbox-allow-top-navigation>allow-top-navigation</a></code>.
@@ -25332,9 +25333,8 @@
keyword allows the content to be treated as being from the same
origin instead of forcing it into a unique origin, the <code title=attr-iframe-sandbox-allow-top-navigation><a href=#attr-iframe-sandbox-allow-top-navigation>allow-top-navigation</a></code>
keyword allows the content to <a href=#navigate>navigate</a> its
- <a href=#top-level-browsing-context>top-level browsing context</a>, and the <code title=attr-iframe-sandbox-allow-forms><a href=#attr-iframe-sandbox-allow-forms>allow-forms</a></code> and <code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>
- keywords re-enable forms and scripts respectively (though scripts
- are still prevented from creating popups).</p>
+ <a href=#top-level-browsing-context>top-level browsing context</a>, and the <code title=attr-iframe-sandbox-allow-forms><a href=#attr-iframe-sandbox-allow-forms>allow-forms</a></code>, <code title=attr-iframe-sandbox-allow-popups><a href=#attr-iframe-sandbox-allow-popups>allow-popups</a></code> and <code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>
+ keywords re-enable forms, popups, and scripts respectively.</p>
<p class=warning>Setting both the
<code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code> and
@@ -63805,10 +63805,10 @@
context</a> of the one the link or script is in, "new" means a
new <a href=#top-level-browsing-context>top-level browsing context</a> or <a href=#auxiliary-browsing-context>auxiliary
browsing context</a> is to be created, subject to various user
- preferences and user agent policies, "maybe new" means the same as
- "new" but the requirements for those cases encourage user agents to
- treat it more like "none", and "none" means that by default nothing
- will happen.</p>
+ preferences and user agent policies, "none" means that nothing will
+ happen, and "maybe new" means the same as "new" if the "<code title=attr-iframe-sandbox-allow-popups><a href=#attr-iframe-sandbox-allow-popups>allow-popups</a></code>"
+ keyword is also specified on the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute (or if the user
+ overrode the sandboxing), and the same as "none" otherwise.</p>
<table><thead><tr><th rowspan=2>Keyword
<th rowspan=2>Ordinary effect
@@ -64007,20 +64007,30 @@
<dl class=switch><dt id=sandboxWindowOpen>If the current browsing context's
<a href=#active-document>active document</a>'s <a href=#active-sandboxing-flag-set>active sandboxing flag
- set</a> has the <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context
- flag</a> set.</dt>
+ set</a> has the <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing
+ context flag</a> set.</dt>
- <dd><p>The user agent may offer to create a new <a href=#top-level-browsing-context>top-level
- browsing context</a> or reuse an existing <a href=#top-level-browsing-context>top-level
- browsing context</a>. If the user picks one of those options,
- then the designated browsing context must be the chosen one (the
- browsing context's name isn't set to the given browsing context
- name). The default behaviour (if the user agent doesn't offer the
- option to the user, or if the user declines to allow a browsing
- context to be used) there must not be a chosen browsing
- context.</dd>
+ <dd>
+ <p>Typically, there is no chosen browsing context.</p>
+ <p>The user agent may offer to create a new <a href=#top-level-browsing-context>top-level
+ browsing context</a> or reuse an existing <a href=#top-level-browsing-context>top-level
+ browsing context</a>. If the user picks one of those options,
+ then the designated browsing context must be the chosen one (the
+ browsing context's name isn't set to the given browsing context
+ name). The default behaviour (if the user agent doesn't offer
+ the option to the user, or if the user declines to allow a
+ browsing context to be used) must be that there must not be a
+ chosen browsing context.</p>
+
+ <p class=warning>If this case occurs, it means that an author
+ has explicitly sandboxed the document that is trying to open a
+ link.</p>
+
+ </dd>
+
+
<dt id=noopener>If the user agent has been configured such that
in this instance it will create a new browsing context, and the
browsing context is being requested as part of <a href=#following-hyperlinks title="following hyperlinks">following a hyperlink</a> whose
@@ -64067,6 +64077,18 @@
users to configure the user agent to always reuse the current
browsing context.</p>
+ <p>If the current browsing context's <a href=#active-document>active
+ document</a>'s <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> has the
+ <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a> set and
+ chosen browsing context picked above, if any, is a new browsing
+ context (whether top-level or auxiliary), then all the flags that
+ are set in the current browsing context's <a href=#active-document>active
+ document</a>'s <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> when the
+ new browsing context is created must be set in the new browsing
+ context's <a href=#popup-sandboxing-flag-set>popup sandboxing flag set</a>, and the current
+ browsing context must be set as the new browsing context's
+ <a href=#one-permitted-sandboxed-navigator>one permitted sandboxed navigator</a>.</p>
+
</li>
</ol></div>
@@ -65373,23 +65395,42 @@
<p>This flag <a href=#sandboxLinks>prevents content from
navigating browsing contexts other than the sandboxed browsing
context itself</a> (or browsing contexts further nested inside
- it), and the <a href=#top-level-browsing-context>top-level browsing context</a> (which is
+ it), <a href=#auxiliary-browsing-context title="auxiliary browsing context">auxiliary browsing
+ contexts</a> (which are protected by the <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed
+ auxiliary navigation browsing context flag</a> defined next),
+ and the <a href=#top-level-browsing-context>top-level browsing context</a> (which is
protected by the <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing
- context flag</a> defined next).</p>
+ context flag</a> defined below).</p>
- <p>This flag also <a href=#sandboxWindowOpen>prevents content
- from creating new auxiliary browsing contexts</a>, e.g. using the
- <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code> attribute, the
- <code title=dom-open><a href=#dom-open>window.open()</a></code> method, or the <code title=dom-showModalDialog><a href=#dom-showmodaldialog>showModalDialog()</a></code> method.</p>
+ <p>If the <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing context
+ flag</a> is not set, then in certain cases the restrictions
+ nonetheless allow popups (new <a href=#top-level-browsing-context title="top-level browsing
+ context">top-level browsing contexts</a>) to be opened. These
+ <a href=#browsing-context title="browsing context">browsing contexts</a> always
+ have <dfn id=one-permitted-sandboxed-navigator>one permitted sandboxed navigator</dfn>, set when the
+ browsing context is created, which allows the <a href=#browsing-context>browsing
+ context</a> that created them to actually navigate them.
+ (Otherwise, the <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context
+ flag</a> would prevent them from being navigated even if they
+ were opened.)</p>
</dd>
- <dt>The <dfn id=sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context
- flag</dfn></dt>
+ <dt>The <dfn id=sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing context flag</dfn></dt>
<dd>
+ <p>This flag <a href=#sandboxWindowOpen>prevents content from
+ creating new auxiliary browsing contexts</a>, e.g. using the <code title=attr-hyperlink-target><a href=#attr-hyperlink-target>target</a></code> attribute, the <code title=dom-open><a href=#dom-open>window.open()</a></code> method, or the <code title=dom-showModalDialog><a href=#dom-showmodaldialog>showModalDialog()</a></code> method.</p>
+
+ </dd>
+
+
+ <dt>The <dfn id=sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context flag</dfn></dt>
+
+ <dd>
+
<p>This flag <a href=#sandboxLinks>prevents content from
navigating their <span>top-level browsing context</span></a>.</p>
@@ -65397,7 +65438,9 @@
is set, content can navigate its <a href=#top-level-browsing-context>top-level browsing
context</a>, but other <a href=#browsing-context title="browsing context">browsing
contexts</a> are still protected by the <a href=#sandboxed-navigation-browsing-context-flag>sandboxed
- navigation browsing context flag</a> defined above.</p>
+ navigation browsing context flag</a> and possibly the
+ <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing context
+ flag</a>.</p>
</dd>
@@ -65494,6 +65537,10 @@
<ul><li><p>The <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a></li>
+ <li><p>The <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing context
+ flag</a>, unless <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-popups title=attr-iframe-sandbox-allow-popups><code>allow-popups</code></dfn>
+ keyword</li>
+
<li><p>The <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context
flag</a>, unless <var title="">tokens</var> contains the <dfn id=attr-iframe-sandbox-allow-top-navigation title=attr-iframe-sandbox-allow-top-navigation><code>allow-top-navigation</code></dfn>
keyword</li>
@@ -65552,7 +65599,13 @@
</ul></li>
- </ol><hr><p>Every <a href=#nested-browsing-context>nested browsing context</a> has an
+ </ol><hr><p>Every <a href=#top-level-browsing-context>top-level browsing context</a> has a <dfn id=popup-sandboxing-flag-set>popup
+ sandboxing flag set</dfn>. When a <a href=#browsing-context>browsing context</a> is
+ created, its <a href=#popup-sandboxing-flag-set>popup sandboxing flag set</a> must be empty.
+ It is populated by <a href=#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name>the rules for choosing a browsing context
+ given a browsing context name</a>.</p>
+
+ <p>Every <a href=#nested-browsing-context>nested browsing context</a> has an
<dfn id=iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag set</dfn>, which is a
<a href=#sandboxing-flag-set>sandboxing flag set</a>. Which flags in a <a href=#nested-browsing-context>nested
browsing context</a>'s <a href=#iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag
@@ -66437,10 +66490,8 @@
<a href=#source-browsing-context>source browsing context</a> is not one of the <a href=#ancestor-browsing-context title="ancestor browsing context">ancestor browsing
contexts</a> of the <a href=#browsing-context>browsing context</a> being
navigated, and the <a href=#browsing-context>browsing context</a> being navigated
- is not both a <a href=#top-level-browsing-context>top-level browsing context</a> and one of
- the <a href=#ancestor-browsing-context title="ancestor browsing context">ancestor browsing
- contexts</a> of the <a href=#source-browsing-context>source browsing context</a>, and
- the <a href=#source-browsing-context>source browsing context</a>'s <a href=#active-document>active
+ is not a <a href=#top-level-browsing-context>top-level browsing context</a>, and the
+ <a href=#source-browsing-context>source browsing context</a>'s <a href=#active-document>active
document</a>'s <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> has its
<a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a> set, then
abort these steps.</p>
@@ -66454,15 +66505,33 @@
top-level navigation browsing context flag</a> set, then abort
these steps.</p>
- <p>In both cases, the user agent may additionally offer to open
- the new resource in a new <a href=#top-level-browsing-context>top-level browsing context</a>
- or in the <a href=#top-level-browsing-context>top-level browsing context</a> of the
- <a href=#source-browsing-context>source browsing context</a>, at the user's option, in
- which case the user agent must <a href=#navigate>navigate</a><!--DONAV
+ <p>Otherwise, if the <a href=#browsing-context>browsing context</a> being navigated
+ is a <a href=#top-level-browsing-context>top-level browsing context</a>, and is not one of
+ the <a href=#ancestor-browsing-context title="ancestor browsing context">ancestor browsing
+ contexts</a> of the <a href=#source-browsing-context>source browsing context</a>, and
+ the <a href=#source-browsing-context>source browsing context</a>'s <code><a href=#document>Document</a></code>'s
+ <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> has its <a href=#sandboxed-navigation-browsing-context-flag>sandboxed
+ navigation browsing context flag</a> set, and the <a href=#source-browsing-context>source
+ browsing context</a> is not the <a href=#one-permitted-sandboxed-navigator>one permitted sandboxed
+ navigator</a> of the <a href=#browsing-context>browsing context</a> being
+ navigated, then abort these steps.</p> <!-- we do not check the
+ /sandboxed auxiliary navigation browsing context flag/ here,
+ that's only for actually opening the new top-level browsing
+ context. -->
+
+ <p>In all of these cases, the user agent may additionally offer to
+ open the new resource in a new <a href=#top-level-browsing-context>top-level browsing
+ context</a> or in the <a href=#top-level-browsing-context>top-level browsing context</a>
+ of the <a href=#source-browsing-context>source browsing context</a>, at the user's option,
+ in which case the user agent must <a href=#navigate>navigate</a><!--DONAV
sandbox manual load--> that designated <a href=#top-level-browsing-context>top-level browsing
context</a> to the new resource as if the user had requested it
independently.</p>
+ <p class=note>Doing so, however, can be dangerous, as it means
+ that the user is overriding the author's explicit request to
+ sandbox the content.</p>
+
</li>
<li id=seamlessLinks><p>If the <a href=#source-browsing-context>source browsing
@@ -66844,6 +66913,11 @@
<code><a href=#document>Document</a></code> object is created:</p>
<ul><li><p>If the <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing
+ context</a> is a <a href=#top-level-browsing-context>top-level browsing context</a>,
+ then: the flags set on the <a href=#browsing-context>browsing context</a>'s
+ <a href=#popup-sandboxing-flag-set>popup sandboxing flag set</a>.</li>
+
+ <li><p>If the <code><a href=#document>Document</a></code>'s <a href=#browsing-context>browsing
context</a> is a <a href=#nested-browsing-context>nested browsing context</a>, then:
the flags set on the <a href=#browsing-context>browsing context</a>'s
<a href=#iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag set</a>.</li>
@@ -72481,10 +72555,13 @@
<li>
- <p>If the current browsing context's <a href=#active-document>active
- document</a>'s <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> has its
- <a href=#sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing context flag</a> set, then
- return the empty string and abort these steps.</p>
+ <p>If the <a href=#active-sandboxing-flag-set>active sandboxing flag set</a>
+ of the <a href=#active-document>active document</a>
+ of the <a href="#script's-browsing-context" title="script's browsing context">browsing context</a>
+ of the <a href=#concept-script title=concept-script>script</a> that invoked the method
+ has its
+ <a href=#sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing context flag</a>
+ set, then return the empty string and abort these steps.</p>
</li>
@@ -72538,6 +72615,22 @@
<li>
+ <p>Set all the flags
+ in the new browsing context's <a href=#popup-sandboxing-flag-set>popup sandboxing flag set</a>
+ that are set in the
+ <a href=#active-sandboxing-flag-set>active sandboxing flag set</a>
+ of the <a href=#active-document>active document</a>
+ of the <a href="#script's-browsing-context" title="script's browsing context">browsing context</a>
+ of the <a href=#concept-script title=concept-script>script</a> that invoked the method.
+ The <a href="#script's-browsing-context" title="script's browsing context">browsing context</a>
+ of the <a href=#concept-script title=concept-script>script</a> that invoked the method
+ must be set as the new browsing context's
+ <a href=#one-permitted-sandboxed-navigator>one permitted sandboxed navigator</a>.</p>
+
+ </li>
+
+ <li>
+
<p>Let the <a href=#dialog-arguments>dialog arguments</a> of the new browsing
context be set to the value of <var title="">argument</var>, or
the 'undefined' value if the argument was omitted.</p>
@@ -99696,6 +99789,7 @@
<td> Security rules for nested content
<td> <a href=#unordered-set-of-unique-space-separated-tokens>Unordered set of unique space-separated tokens</a>, <a href=#ascii-case-insensitive>ASCII case-insensitive</a>, consisting of
"<code title=attr-iframe-sandbox-allow-forms><a href=#attr-iframe-sandbox-allow-forms>allow-forms</a></code>",
+ "<code title=attr-iframe-sandbox-allow-popups><a href=#attr-iframe-sandbox-allow-popups>allow-popups</a></code>",
"<code title=attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code>",
"<code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code> and
"<code title=attr-iframe-sandbox-allow-top-navigation><a href=#attr-iframe-sandbox-allow-top-navigation>allow-top-navigation</a></code>"
Modified: source
===================================================================
--- source 2012-04-13 23:10:03 UTC (rev 7053)
+++ source 2012-04-17 05:02:26 UTC (rev 7054)
@@ -27200,6 +27200,7 @@
<span>unordered set of unique space-separated tokens</span> that are
<span>ASCII case-insensitive</span>. The allowed values are
<code title="attr-iframe-sandbox-allow-forms">allow-forms</code>,
+ <code title="attr-iframe-sandbox-allow-popups">allow-popups</code>,
<code title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code>,
<code title="attr-iframe-sandbox-allow-scripts">allow-scripts</code>, and
<code title="attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</code>.
@@ -27215,10 +27216,10 @@
title="attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</code>
keyword allows the content to <span>navigate</span> its
<span>top-level browsing context</span>, and the <code
- title="attr-iframe-sandbox-allow-forms">allow-forms</code> and <code
+ title="attr-iframe-sandbox-allow-forms">allow-forms</code>, <code
+ title="attr-iframe-sandbox-allow-popups">allow-popups</code> and <code
title="attr-iframe-sandbox-allow-scripts">allow-scripts</code>
- keywords re-enable forms and scripts respectively (though scripts
- are still prevented from creating popups).</p>
+ keywords re-enable forms, popups, and scripts respectively.</p>
<p class="warning">Setting both the
<code title="attr-iframe-sandbox-allow-scripts">allow-scripts</code> and
@@ -74720,10 +74721,12 @@
context</span> of the one the link or script is in, "new" means a
new <span>top-level browsing context</span> or <span>auxiliary
browsing context</span> is to be created, subject to various user
- preferences and user agent policies, "maybe new" means the same as
- "new" but the requirements for those cases encourage user agents to
- treat it more like "none", and "none" means that by default nothing
- will happen.</p>
+ preferences and user agent policies, "none" means that nothing will
+ happen, and "maybe new" means the same as "new" if the "<code
+ title="attr-iframe-sandbox-allow-popups">allow-popups</code>"
+ keyword is also specified on the <code
+ title="attr-iframe-sandbox">sandbox</code> attribute (or if the user
+ overrode the sandboxing), and the same as "none" otherwise.</p>
<table>
<thead>
@@ -74965,20 +74968,30 @@
<dt id="sandboxWindowOpen">If the current browsing context's
<span>active document</span>'s <span>active sandboxing flag
- set</span> has the <span>sandboxed navigation browsing context
- flag</span> set.</dt>
+ set</span> has the <span>sandboxed auxiliary navigation browsing
+ context flag</span> set.</dt>
- <dd><p>The user agent may offer to create a new <span>top-level
- browsing context</span> or reuse an existing <span>top-level
- browsing context</span>. If the user picks one of those options,
- then the designated browsing context must be the chosen one (the
- browsing context's name isn't set to the given browsing context
- name). The default behaviour (if the user agent doesn't offer the
- option to the user, or if the user declines to allow a browsing
- context to be used) there must not be a chosen browsing
- context.</p></dd>
+ <dd>
+ <p>Typically, there is no chosen browsing context.</p>
+ <p>The user agent may offer to create a new <span>top-level
+ browsing context</span> or reuse an existing <span>top-level
+ browsing context</span>. If the user picks one of those options,
+ then the designated browsing context must be the chosen one (the
+ browsing context's name isn't set to the given browsing context
+ name). The default behaviour (if the user agent doesn't offer
+ the option to the user, or if the user declines to allow a
+ browsing context to be used) must be that there must not be a
+ chosen browsing context.</p>
+
+ <p class="warning">If this case occurs, it means that an author
+ has explicitly sandboxed the document that is trying to open a
+ link.</p>
+
+ </dd>
+
+
<dt id="noopener">If the user agent has been configured such that
in this instance it will create a new browsing context, and the
browsing context is being requested as part of <span
@@ -75034,6 +75047,18 @@
users to configure the user agent to always reuse the current
browsing context.</p>
+ <p>If the current browsing context's <span>active
+ document</span>'s <span>active sandboxing flag set</span> has the
+ <span>sandboxed navigation browsing context flag</span> set and
+ chosen browsing context picked above, if any, is a new browsing
+ context (whether top-level or auxiliary), then all the flags that
+ are set in the current browsing context's <span>active
+ document</span>'s <span>active sandboxing flag set</span> when the
+ new browsing context is created must be set in the new browsing
+ context's <span>popup sandboxing flag set</span>, and the current
+ browsing context must be set as the new browsing context's
+ <span>one permitted sandboxed navigator</span>.</p>
+
</li>
</ol>
@@ -76524,21 +76549,42 @@
<p>This flag <a href="#sandboxLinks">prevents content from
navigating browsing contexts other than the sandboxed browsing
context itself</a> (or browsing contexts further nested inside
- it), and the <span>top-level browsing context</span> (which is
+ it), <span title="auxiliary browsing context">auxiliary browsing
+ contexts</span> (which are protected by the <span>sandboxed
+ auxiliary navigation browsing context flag</span> defined next),
+ and the <span>top-level browsing context</span> (which is
protected by the <span>sandboxed top-level navigation browsing
- context flag</span> defined next).</p>
+ context flag</span> defined below).</p>
- <p>This flag also <a href="#sandboxWindowOpen">prevents content
- from creating new auxiliary browsing contexts</a>, e.g. using the
- <code title="attr-hyperlink-target">target</code> attribute, the
- <code title="dom-open">window.open()</code> method, or the <code
+ <p>If the <span>sandboxed auxiliary navigation browsing context
+ flag</span> is not set, then in certain cases the restrictions
+ nonetheless allow popups (new <span title="top-level browsing
+ context">top-level browsing contexts</span>) to be opened. These
+ <span title="browsing context">browsing contexts</span> always
+ have <dfn>one permitted sandboxed navigator</dfn>, set when the
+ browsing context is created, which allows the <span>browsing
+ context</span> that created them to actually navigate them.
+ (Otherwise, the <span>sandboxed navigation browsing context
+ flag</span> would prevent them from being navigated even if they
+ were opened.)</p>
+
+ </dd>
+
+
+ <dt>The <dfn>sandboxed auxiliary navigation browsing context flag</dfn></dt>
+
+ <dd>
+
+ <p>This flag <a href="#sandboxWindowOpen">prevents content from
+ creating new auxiliary browsing contexts</a>, e.g. using the <code
+ title="attr-hyperlink-target">target</code> attribute, the <code
+ title="dom-open">window.open()</code> method, or the <code
title="dom-showModalDialog">showModalDialog()</code> method.</p>
</dd>
- <dt>The <dfn>sandboxed top-level navigation browsing context
- flag</dfn></dt>
+ <dt>The <dfn>sandboxed top-level navigation browsing context flag</dfn></dt>
<dd>
@@ -76550,7 +76596,9 @@
is set, content can navigate its <span>top-level browsing
context</span>, but other <span title="browsing context">browsing
contexts</span> are still protected by the <span>sandboxed
- navigation browsing context flag</span> defined above.</p>
+ navigation browsing context flag</span> and possibly the
+ <span>sandboxed auxiliary navigation browsing context
+ flag</span>.</p>
</dd>
@@ -76668,6 +76716,11 @@
<li><p>The <span>sandboxed navigation browsing context flag</span></p></li>
+ <li><p>The <span>sandboxed auxiliary navigation browsing context
+ flag</span>, unless <var title="">tokens</var> contains the <dfn
+ title="attr-iframe-sandbox-allow-popups"><code>allow-popups</code></dfn>
+ keyword</p></li>
+
<li><p>The <span>sandboxed top-level navigation browsing context
flag</span>, unless <var title="">tokens</var> contains the <dfn
title="attr-iframe-sandbox-allow-top-navigation"><code>allow-top-navigation</code></dfn>
@@ -76738,6 +76791,12 @@
<hr>
+ <p>Every <span>top-level browsing context</span> has a <dfn>popup
+ sandboxing flag set</dfn>. When a <span>browsing context</span> is
+ created, its <span>popup sandboxing flag set</span> must be empty.
+ It is populated by <span>the rules for choosing a browsing context
+ given a browsing context name</span>.</p>
+
<p>Every <span>nested browsing context</span> has an
<dfn><code>iframe</code> sandboxing flag set</dfn>, which is a
<span>sandboxing flag set</span>. Which flags in a <span>nested
@@ -77741,10 +77800,8 @@
title="ancestor browsing context">ancestor browsing
contexts</span> of the <span>browsing context</span> being
navigated, and the <span>browsing context</span> being navigated
- is not both a <span>top-level browsing context</span> and one of
- the <span title="ancestor browsing context">ancestor browsing
- contexts</span> of the <span>source browsing context</span>, and
- the <span>source browsing context</span>'s <span>active
+ is not a <span>top-level browsing context</span>, and the
+ <span>source browsing context</span>'s <span>active
document</span>'s <span>active sandboxing flag set</span> has its
<span>sandboxed navigation browsing context flag</span> set, then
abort these steps.</p>
@@ -77754,19 +77811,37 @@
<span title="ancestor browsing context">ancestor browsing
contexts</span> of the <span>source browsing context</span>, and
the <span>source browsing context</span>'s <code>Document</code>'s
- <Span>active sandboxing flag set</span> has its <span>sandboxed
+ <span>active sandboxing flag set</span> has its <span>sandboxed
top-level navigation browsing context flag</span> set, then abort
these steps.</p>
- <p>In both cases, the user agent may additionally offer to open
- the new resource in a new <span>top-level browsing context</span>
- or in the <span>top-level browsing context</span> of the
- <span>source browsing context</span>, at the user's option, in
- which case the user agent must <span>navigate</span><!--DONAV
+ <p>Otherwise, if the <span>browsing context</span> being navigated
+ is a <span>top-level browsing context</span>, and is not one of
+ the <span title="ancestor browsing context">ancestor browsing
+ contexts</span> of the <span>source browsing context</span>, and
+ the <span>source browsing context</span>'s <code>Document</code>'s
+ <span>active sandboxing flag set</span> has its <span>sandboxed
+ navigation browsing context flag</span> set, and the <span>source
+ browsing context</span> is not the <span>one permitted sandboxed
+ navigator</span> of the <span>browsing context</span> being
+ navigated, then abort these steps.</p> <!-- we do not check the
+ /sandboxed auxiliary navigation browsing context flag/ here,
+ that's only for actually opening the new top-level browsing
+ context. -->
+
+ <p>In all of these cases, the user agent may additionally offer to
+ open the new resource in a new <span>top-level browsing
+ context</span> or in the <span>top-level browsing context</span>
+ of the <span>source browsing context</span>, at the user's option,
+ in which case the user agent must <span>navigate</span><!--DONAV
sandbox manual load--> that designated <span>top-level browsing
context</span> to the new resource as if the user had requested it
independently.</p>
+ <p class="note">Doing so, however, can be dangerous, as it means
+ that the user is overriding the author's explicit request to
+ sandbox the content.</p>
+
</li>
<li id="seamlessLinks"><p>If the <span>source browsing
@@ -78188,6 +78263,11 @@
<ul>
<li><p>If the <code>Document</code>'s <span>browsing
+ context</span> is a <span>top-level browsing context</span>,
+ then: the flags set on the <span>browsing context</span>'s
+ <span>popup sandboxing flag set</span>.</p></li>
+
+ <li><p>If the <code>Document</code>'s <span>browsing
context</span> is a <span>nested browsing context</span>, then:
the flags set on the <span>browsing context</span>'s
<span><code>iframe</code> sandboxing flag set</span>.</p></li>
@@ -84787,10 +84867,13 @@
<li>
- <p>If the current browsing context's <span>active
- document</span>'s <span>active sandboxing flag set</span> has its
- <span>sandboxed navigation browsing context flag</span> set, then
- return the empty string and abort these steps.</p>
+ <p>If the <span>active sandboxing flag set</span>
+ of the <span>active document</span>
+ of the <span title="script's browsing context">browsing context</span>
+ of the <span title="concept-script">script</span> that invoked the method
+ has its
+ <span>sandboxed auxiliary navigation browsing context flag</span>
+ set, then return the empty string and abort these steps.</p>
</li>
@@ -84852,6 +84935,22 @@
<li>
+ <p>Set all the flags
+ in the new browsing context's <span>popup sandboxing flag set</span>
+ that are set in the
+ <span>active sandboxing flag set</span>
+ of the <span>active document</span>
+ of the <span title="script's browsing context">browsing context</span>
+ of the <span title="concept-script">script</span> that invoked the method.
+ The <span title="script's browsing context">browsing context</span>
+ of the <span title="concept-script">script</span> that invoked the method
+ must be set as the new browsing context's
+ <span>one permitted sandboxed navigator</span>.</p>
+
+ </li>
+
+ <li>
+
<p>Let the <span>dialog arguments</span> of the new browsing
context be set to the value of <var title="">argument</var>, or
the 'undefined' value if the argument was omitted.</p>
@@ -116532,6 +116631,7 @@
<td> Security rules for nested content
<td> <span>Unordered set of unique space-separated tokens</span>, <span>ASCII case-insensitive</span>, consisting of
"<code title="attr-iframe-sandbox-allow-forms">allow-forms</code>",
+ "<code title="attr-iframe-sandbox-allow-popups">allow-popups</code>",
"<code title="attr-iframe-sandbox-allow-same-origin">allow-same-origin</code>",
"<code title="attr-iframe-sandbox-allow-scripts">allow-scripts</code> and
"<code title="attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</code>"
More information about the Commit-Watchers
mailing list