diff --git a/index.src.html b/index.src.html index 6fc2562922..e467a1339c 100644 --- a/index.src.html +++ b/index.src.html @@ -88,8 +88,6 @@
- directive-name = "plugin-types" - directive-value = media-type-list - - media-type-list = "" / media-type *( required-ascii-whitespace media-type ) - media-type = type "/" subtype - ; type and subtype are defined in RFC 2045 -- - If a `plugin-types` directive is present, instantiation of an <{embed}> or - <{object}> element will fail if any of the following conditions hold: - - 1. The element does not explicitly declare a valid MIME type via a - <{embed/type}> attribute. - - 2. The declared type does not match one of the items in the directive's - value. - - 3. The fetched resource does not match the declared type. - - Note: The `plugin-types` grammar allows for an empty directive value in which - case all instantions of <{embed}> and <{object}> will fail. - -
- Content-Security-Policy: plugin-types application/pdf -- - Fetches for the following code will all return network errors: - -
- <!-- No 'type' declaration --> - <object data="https://example.com/flash"></object> - - <!-- Non-matching 'type' declaration --> - <object data="https://example.com/flash" type="application/x-shockwave-flash"></object> - - <!-- Non-matching resource --> - <object data="https://example.com/flash" type="application/pdf"></object> -- - If the page allowed Flash content by sending the following header: - -
- Content-Security-Policy: plugin-types application/x-shockwave-flash -- - Then the second item above would load successfully: - -
- <!-- Matching 'type' declaration and resource --> - <object data="https://example.com/flash" type="application/x-shockwave-flash"></object> --