diff --git a/complete.html b/complete.html index 11636f218ac..5568da01f0c 100644 --- a/complete.html +++ b/complete.html @@ -110,7 +110,7 @@

Web Applications 1.0

-

Draft Standard — 4 December 2009

+

Draft Standard — 6 December 2009

You can take part in this work. Join the working group's discussion list.

Web designers! We have a FAQ, a forum, and a help mailing list for you!

@@ -20404,6 +20404,23 @@

4.8.3 The iframe +
The sandboxed seamless iframes flag
+ +
+ +

This flag prevents content from using the seamless attribute on + descendant iframe elements.

+ +

This prevents a page inserted using the allow-same-origin + keyword from using a CSS-selector-based method of probing the DOM + of other pages on the same site (in particular, pages that contain + user-sensitive information).

+ + + +
+ +
The sandboxed origin browsing context flag, unless the sandbox attribute's value, when split on @@ -20526,13 +20543,16 @@

4.8.3 The iframe is to be rendered in a manner that makes it appear to be part of the containing document (seamlessly included in the parent document). Specifically, when the - attribute is set on an element and while the browsing - context's active document has the same - origin as the iframe element's document, or the - browsing context's active document's - address has the - same origin as the iframe element's - document, the following requirements apply:

+ attribute is set on an iframe element whose owner + Document's browsing context does not have + the sandboxed seamless iframes flag set and while + either the browsing context's active + document has the same origin as the + iframe element's document, or the browsing + context's active document's address has the same + origin as the iframe element's document, the + following requirements apply:

@@ -86512,6 +86532,7 @@

Reflecting IDL attributes

Drew Wilson, Edmund Lai, Eduard Pascual, + Eduardo Vela, Edward O'Connor, Edward Welbourne, Edward Z. Yang, diff --git a/index b/index index 6eabae1b7ca..1e4bd9039ed 100644 --- a/index +++ b/index @@ -20242,6 +20242,23 @@ href="?audio">audio</a> test instead.)</p> +
The sandboxed seamless iframes flag
+ +
+ +

This flag prevents content from using the seamless attribute on + descendant iframe elements.

+ +

This prevents a page inserted using the allow-same-origin + keyword from using a CSS-selector-based method of probing the DOM + of other pages on the same site (in particular, pages that contain + user-sensitive information).

+ + + +
+ +
The sandboxed origin browsing context flag, unless the sandbox attribute's value, when split on @@ -20364,13 +20381,16 @@ href="?audio">audio</a> test instead.)</p> context is to be rendered in a manner that makes it appear to be part of the containing document (seamlessly included in the parent document). Specifically, when the - attribute is set on an element and while the browsing - context's active document has the same - origin as the iframe element's document, or the - browsing context's active document's - address has the - same origin as the iframe element's - document, the following requirements apply:

+ attribute is set on an iframe element whose owner + Document's browsing context does not have + the sandboxed seamless iframes flag set and while + either the browsing context's active + document has the same origin as the + iframe element's document, or the browsing + context's active document's address has the same + origin as the iframe element's document, the + following requirements apply:

@@ -78294,6 +78314,7 @@ interface HTMLDocument { Drew Wilson, Edmund Lai, Eduard Pascual, + Eduardo Vela, Edward O'Connor, Edward Welbourne, Edward Z. Yang, diff --git a/source b/source index 0d666b08355..fb09d22f835 100644 --- a/source +++ b/source @@ -21688,6 +21688,25 @@ href="?audio">audio</a> test instead.)</p> +
The sandboxed seamless iframes flag
+ +
+ +

This flag prevents content from using the seamless attribute on + descendant iframe elements.

+ +

This prevents a page inserted using the allow-same-origin + keyword from using a CSS-selector-based method of probing the DOM + of other pages on the same site (in particular, pages that contain + user-sensitive information).

+ + + +
+ +
The sandboxed origin browsing context flag, unless the sandbox attribute's value, when split on @@ -21826,13 +21845,16 @@ href="?audio">audio</a> test instead.)</p> context is to be rendered in a manner that makes it appear to be part of the containing document (seamlessly included in the parent document). Specifically, when the - attribute is set on an element and while the browsing - context's active document has the same - origin as the iframe element's document, or the - browsing context's active document's - address has the - same origin as the iframe element's - document, the following requirements apply:

+ attribute is set on an iframe element whose owner + Document's browsing context does not have + the sandboxed seamless iframes flag set and while + either the browsing context's active + document has the same origin as the + iframe element's document, or the browsing + context's active document's address has the same + origin as the iframe element's document, the + following requirements apply:

@@ -96776,6 +96798,7 @@ interface HTMLDocument { Drew Wilson, Edmund Lai, Eduard Pascual, + Eduardo Vela, Edward O'Connor, Edward Welbourne, Edward Z. Yang,