diff --git a/index.html b/index.html index 12fcd72f72..1abf453612 100644 --- a/index.html +++ b/index.html @@ -1133,7 +1133,11 @@
base-uri
+ base-uri
+
form-action
frame-ancestors
plugin-types
@@ -1700,6 +1704,11 @@ A Document
's embedding document is the Document
through which the Document
's browsing context is nested.
§6.2.1.1 Is base allowed for document? is called during base
's set the frozen
+ base URL algorithm to ensure that the href
attribute’s value
+ is valid.
policy list
Given a global object (global), and a response (response), the user agent performs the following steps in order @@ -2309,6 +2318,27 @@
Given a URL
(base), and a Document
(document), this algorithm
+ returns "Allowed
" if base may be used as the value of a base
element’s href
attribute, and "Blocked
" otherwise:
For each policy in document's global object’s policy list:
+Let source list be null
.
If a directive whose name is
+ "base-uri
" is present in policy's directive
+ set, set source list to that directive’s value.
If source list is null
, skip to the next policy.
If the result of executing §6.1.10.2 Does url match source list? on base and source list is "Does Not Match
", return "Blocked
".
Return "Allowed
".
form-action
frame-ancestors
The frame-ancestors directive restricts the URL
s which can
@@ -2622,6 +2652,7 @@
Document
's global object’s policy list
, abort these steps." ↵
frame-ancestors
directive...". Will need to be
called from Fetch, probably right after parsing the policy. ↵