[html5] r8706 - [e] (0) Add a sandboxing flag for use by fetch Fixing https://www.w3.org/Bugs/Pu [...]
whatwg at whatwg.org
whatwg at whatwg.org
Mon Aug 4 16:38:40 PDT 2014
Author: ianh
Date: 2014-08-04 16:38:36 -0700 (Mon, 04 Aug 2014)
New Revision: 8706
Modified:
complete.html
index
source
Log:
[e] (0) Add a sandboxing flag for use by fetch
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=25734
Affected topics: HTML
Modified: complete.html
===================================================================
--- complete.html 2014-08-04 22:56:43 UTC (rev 8705)
+++ complete.html 2014-08-04 23:38:36 UTC (rev 8706)
@@ -10970,6 +10970,7 @@
</div>
+
<h4 id=the-header-element>4.3.8 The <dfn><code>header</code></dfn> element</h4>
<dl class=element><dt><a href=#concept-element-categories id=the-header-element:concept-element-categories>Categories</a>:<dd><a href=#flow-content-2 id=the-header-element:flow-content-2>Flow content</a>.<dd><a href=#palpable-content-2 id=the-header-element:palpable-content-2>Palpable content</a>.<dt><a href=#concept-element-contexts id=the-header-element:concept-element-contexts>Contexts in which this element can be used</a>:<dd>Where <a href=#flow-content-2 id=the-header-element:flow-content-2-2>flow content</a> is expected.<dt><a href=#concept-element-content-model id=the-header-element:concept-element-content-model>Content model</a>:<dd><a href=#flow-content-2 id=the-header-element:flow-content-2-3>Flow content</a>, but with no <code id=the-header-element:the-header-element><a href=#the-header-element>header</a></code>, <code id=the-header-element:the-footer-element><a href=#the-footer-element>footer</a></code>, or <code id=the-header-element:the-main-element><a href=#
the-main-element>main</a></code> element descendants.<dt><a href=#concept-element-tag-omission id=the-header-element:concept-element-tag-omission>Tag omission in text/html</a>:<dd>Neither tag is omissible.<dt><a href=#concept-element-attributes id=the-header-element:concept-element-attributes>Content attributes</a>:<dd><a href=#global-attributes id=the-header-element:global-attributes>Global attributes</a><dt><a href=#concept-element-dom id=the-header-element:concept-element-dom>DOM interface</a>:<dd>Uses <code id=the-header-element:htmlelement><a href=#htmlelement>HTMLElement</a></code>.</dl>
@@ -57765,6 +57766,11 @@
<p>This flag blocks features that trigger automatically, such as <a href=#attr-media-autoplay id=sandboxing:attr-media-autoplay>automatically playing a video</a> or <a href=#attr-fe-autofocus id=sandboxing:attr-fe-autofocus>automatically focusing a form control</a>.</p>
+ <dt>The <dfn id=sandboxed-storage-area-urls-flag>sandboxed storage area URLs flag</dfn><dd>
+
+ <p>This flag prevents URL schemes that use storage areas from being able to access the origin's
+ data.</p>
+
<dt>The <dfn id=sandboxed-fullscreen-browsing-context-flag>sandboxed fullscreen browsing context flag</dfn><dd>
<p>This flag prevents content from using the <code id=sandboxing:dom-element-requestfullscreen><a href=#dom-element-requestfullscreen>requestFullscreen()</a></code> method.</p>
@@ -57814,7 +57820,7 @@
authors to use script to do them when sandboxed rather than allowing them to use the
declarative features.</p>
- <li><p>The <a href=#sandboxed-fullscreen-browsing-context-flag id=sandboxing:sandboxed-fullscreen-browsing-context-flag>sandboxed fullscreen browsing context flag</a>, unless the <var>allow fullscreen flag</var> was passed to the <a href=#parse-a-sandboxing-directive id=sandboxing:parse-a-sandboxing-directive>parse a sandboxing
+ <li><p>The <a href=#sandboxed-storage-area-urls-flag id=sandboxing:sandboxed-storage-area-urls-flag>sandboxed storage area URLs flag</a>.<li><p>The <a href=#sandboxed-fullscreen-browsing-context-flag id=sandboxing:sandboxed-fullscreen-browsing-context-flag>sandboxed fullscreen browsing context flag</a>, unless the <var>allow fullscreen flag</var> was passed to the <a href=#parse-a-sandboxing-directive id=sandboxing:parse-a-sandboxing-directive>parse a sandboxing
directive</a> flag.<li><p>The <a href=#sandboxed-document.domain-browsing-context-flag id=sandboxing:sandboxed-document.domain-browsing-context-flag>sandboxed <code>document.domain</code> browsing
context flag</a>.</ul>
Modified: index
===================================================================
--- index 2014-08-04 22:56:43 UTC (rev 8705)
+++ index 2014-08-04 23:38:36 UTC (rev 8706)
@@ -10970,6 +10970,7 @@
</div>
+
<h4 id=the-header-element>4.3.8 The <dfn><code>header</code></dfn> element</h4>
<dl class=element><dt><a href=#concept-element-categories id=the-header-element:concept-element-categories>Categories</a>:<dd><a href=#flow-content-2 id=the-header-element:flow-content-2>Flow content</a>.<dd><a href=#palpable-content-2 id=the-header-element:palpable-content-2>Palpable content</a>.<dt><a href=#concept-element-contexts id=the-header-element:concept-element-contexts>Contexts in which this element can be used</a>:<dd>Where <a href=#flow-content-2 id=the-header-element:flow-content-2-2>flow content</a> is expected.<dt><a href=#concept-element-content-model id=the-header-element:concept-element-content-model>Content model</a>:<dd><a href=#flow-content-2 id=the-header-element:flow-content-2-3>Flow content</a>, but with no <code id=the-header-element:the-header-element><a href=#the-header-element>header</a></code>, <code id=the-header-element:the-footer-element><a href=#the-footer-element>footer</a></code>, or <code id=the-header-element:the-main-element><a href=#
the-main-element>main</a></code> element descendants.<dt><a href=#concept-element-tag-omission id=the-header-element:concept-element-tag-omission>Tag omission in text/html</a>:<dd>Neither tag is omissible.<dt><a href=#concept-element-attributes id=the-header-element:concept-element-attributes>Content attributes</a>:<dd><a href=#global-attributes id=the-header-element:global-attributes>Global attributes</a><dt><a href=#concept-element-dom id=the-header-element:concept-element-dom>DOM interface</a>:<dd>Uses <code id=the-header-element:htmlelement><a href=#htmlelement>HTMLElement</a></code>.</dl>
@@ -57765,6 +57766,11 @@
<p>This flag blocks features that trigger automatically, such as <a href=#attr-media-autoplay id=sandboxing:attr-media-autoplay>automatically playing a video</a> or <a href=#attr-fe-autofocus id=sandboxing:attr-fe-autofocus>automatically focusing a form control</a>.</p>
+ <dt>The <dfn id=sandboxed-storage-area-urls-flag>sandboxed storage area URLs flag</dfn><dd>
+
+ <p>This flag prevents URL schemes that use storage areas from being able to access the origin's
+ data.</p>
+
<dt>The <dfn id=sandboxed-fullscreen-browsing-context-flag>sandboxed fullscreen browsing context flag</dfn><dd>
<p>This flag prevents content from using the <code id=sandboxing:dom-element-requestfullscreen><a href=#dom-element-requestfullscreen>requestFullscreen()</a></code> method.</p>
@@ -57814,7 +57820,7 @@
authors to use script to do them when sandboxed rather than allowing them to use the
declarative features.</p>
- <li><p>The <a href=#sandboxed-fullscreen-browsing-context-flag id=sandboxing:sandboxed-fullscreen-browsing-context-flag>sandboxed fullscreen browsing context flag</a>, unless the <var>allow fullscreen flag</var> was passed to the <a href=#parse-a-sandboxing-directive id=sandboxing:parse-a-sandboxing-directive>parse a sandboxing
+ <li><p>The <a href=#sandboxed-storage-area-urls-flag id=sandboxing:sandboxed-storage-area-urls-flag>sandboxed storage area URLs flag</a>.<li><p>The <a href=#sandboxed-fullscreen-browsing-context-flag id=sandboxing:sandboxed-fullscreen-browsing-context-flag>sandboxed fullscreen browsing context flag</a>, unless the <var>allow fullscreen flag</var> was passed to the <a href=#parse-a-sandboxing-directive id=sandboxing:parse-a-sandboxing-directive>parse a sandboxing
directive</a> flag.<li><p>The <a href=#sandboxed-document.domain-browsing-context-flag id=sandboxing:sandboxed-document.domain-browsing-context-flag>sandboxed <code>document.domain</code> browsing
context flag</a>.</ul>
Modified: source
===================================================================
--- source 2014-08-04 22:56:43 UTC (rev 8705)
+++ source 2014-08-04 23:38:36 UTC (rev 8706)
@@ -15818,6 +15818,7 @@
</div>
+
<h4>The <dfn><code>header</code></dfn> element</h4>
<dl class="element">
@@ -78207,6 +78208,16 @@
</dd>
+ <dt>The <dfn>sandboxed storage area URLs flag</dfn></dt>
+
+ <dd>
+
+ <p>This flag prevents URL schemes that use storage areas from being able to access the origin's
+ data.</p>
+
+ </dd>
+
+
<dt>The <dfn>sandboxed fullscreen browsing context flag</dfn></dt>
<dd>
@@ -78297,6 +78308,8 @@
</li>
+ <li><p>The <span>sandboxed storage area URLs flag</span>.</p></li>
+
<li><p>The <span>sandboxed fullscreen browsing context flag</span>, unless the <var>allow fullscreen flag</var> was passed to the <span>parse a sandboxing
directive</span> flag.</p></li>
More information about the Commit-Watchers
mailing list