Skip to content
Permalink
Browse files

Restrict valid sandbox values to keywords in HTML

Normatively require that valid directive-values for the `sandbox` directive be
restricted to the allowed values the HTML spec defines for `iframe[sandbox]`.
  • Loading branch information...
sideshowbarker committed Jan 18, 2016
1 parent 7bba10f commit cfd12e8828a431f4741942480bf501042ba7be1a
Showing with 4 additions and 1 deletion.
  1. +4 −1 document/index.src.html
@@ -219,7 +219,10 @@ <h4 id="directive-sandbox">`sandbox`</h4>
user agent will apply to a resource, just as though it had been included in
an <{iframe}> with a <{iframe/sandbox}> property.

The directive's syntax is described by the following ABNF grammar:
The directive's syntax is described by the following ABNF grammar, with
the additional requirement that each token value MUST be one of the
keywords defined by HTML specification as allowed values for the <{iframe}>
<{iframe/sandbox}> attribute [[!HTML]].

<pre dfn-type="grammar" link-type="grammar">
directive-name = "sandbox"

0 comments on commit cfd12e8

Please sign in to comment.
You can’t perform that action at this time.