[e] (0) Provide a hook for CSP.

Affected topics: HTML git-svn-id: http://svn.whatwg.org/webapps@7862 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Apr 30, 2013 · 3a7fd14 · 3a7fd14
1 parent 7b86d9f
commit 3a7fd14
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 21 deletions.
diff --git a/complete.html b/complete.html
@@ -67523,13 +67523,18 @@ <h4 id=read-plugin><span class=secno>6.6.7 </span><dfn title=navigate-plugin>Pag
 
   <p>When a resource that requires an external resource to be rendered is to be loaded in a
   <a href=#browsing-context>browsing context</a>, the user agent should <a href=#create-a-document-object>create a <code>Document</code>
-  object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a>, set its
-  <a href=#concept-document-content-type title=concept-document-content-type>content type</a> to the sniffed MIME type of the
-  resource (<var title="">type</var> in the <a href=#navigate>navigate</a> algorithm), append an
-  <code><a href=#the-html-element>html</a></code> element to the <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a
-  <code><a href=#the-body-element>body</a></code> element to the <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the
-  <code><a href=#the-body-element>body</a></code> element, and set the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the
-  <code><a href=#the-embed-element>embed</a></code> element to the address of the resource.</p>
+  object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a> and mark it
+  as being a <dfn id=plugin-document>plugin document</dfn>, set its <a href=#concept-document-content-type title=concept-document-content-type>content
+  type</a> to the sniffed MIME type of the resource (<var title="">type</var> in the
+  <a href=#navigate>navigate</a> algorithm), append an <code><a href=#the-html-element>html</a></code> element to the
+  <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a <code><a href=#the-body-element>body</a></code> element to the
+  <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the <code><a href=#the-body-element>body</a></code> element, and set
+  the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the <code><a href=#the-embed-element>embed</a></code> element to the
+  address of the resource.</p>
+
+  <p class=note>The term <a href=#plugin-document>plugin document</a> is used by the Content Security Policy
+  specification as part of the mechanism that ensures <code><a href=#the-iframe-element>iframe</a></code>s can't be used to evade
+  <code title="">plugin-types</code> directives. <a href=#refsCSP>[CSP]</a></p>
 
   <!-- next three paragraphs are similar to the navigate-text section, keep them in sync -->
 

diff --git a/index b/index
@@ -67523,13 +67523,18 @@ State: &lt;OUTPUT NAME=I&gt;1&lt;/OUTPUT&gt; &lt;INPUT VALUE="Increment" TYPE=BU
 
   <p>When a resource that requires an external resource to be rendered is to be loaded in a
   <a href=#browsing-context>browsing context</a>, the user agent should <a href=#create-a-document-object>create a <code>Document</code>
-  object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a>, set its
-  <a href=#concept-document-content-type title=concept-document-content-type>content type</a> to the sniffed MIME type of the
-  resource (<var title="">type</var> in the <a href=#navigate>navigate</a> algorithm), append an
-  <code><a href=#the-html-element>html</a></code> element to the <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a
-  <code><a href=#the-body-element>body</a></code> element to the <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the
-  <code><a href=#the-body-element>body</a></code> element, and set the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the
-  <code><a href=#the-embed-element>embed</a></code> element to the address of the resource.</p>
+  object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a> and mark it
+  as being a <dfn id=plugin-document>plugin document</dfn>, set its <a href=#concept-document-content-type title=concept-document-content-type>content
+  type</a> to the sniffed MIME type of the resource (<var title="">type</var> in the
+  <a href=#navigate>navigate</a> algorithm), append an <code><a href=#the-html-element>html</a></code> element to the
+  <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a <code><a href=#the-body-element>body</a></code> element to the
+  <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the <code><a href=#the-body-element>body</a></code> element, and set
+  the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the <code><a href=#the-embed-element>embed</a></code> element to the
+  address of the resource.</p>
+
+  <p class=note>The term <a href=#plugin-document>plugin document</a> is used by the Content Security Policy
+  specification as part of the mechanism that ensures <code><a href=#the-iframe-element>iframe</a></code>s can't be used to evade
+  <code title="">plugin-types</code> directives. <a href=#refsCSP>[CSP]</a></p>
 
   <!-- next three paragraphs are similar to the navigate-text section, keep them in sync -->
 

diff --git a/source b/source
@@ -75534,13 +75534,18 @@ State: &lt;OUTPUT NAME=I>1&lt;/OUTPUT> &lt;INPUT VALUE="Increment" TYPE=BUTTON O
 
   <p>When a resource that requires an external resource to be rendered is to be loaded in a
   <span>browsing context</span>, the user agent should <span>create a <code>Document</code>
-  object</span>, mark it as being an <span title="HTML documents">HTML document</span>, set its
-  <span title="concept-document-content-type">content type</span> to the sniffed MIME type of the
-  resource (<var title="">type</var> in the <span>navigate</span> algorithm), append an
-  <code>html</code> element to the <code>Document</code>, append a <code>head</code> element and a
-  <code>body</code> element to the <code>html</code> element, append an <code>embed</code> to the
-  <code>body</code> element, and set the <code title="attr-embed-src">src</code> attribute of the
-  <code>embed</code> element to the address of the resource.</p>
+  object</span>, mark it as being an <span title="HTML documents">HTML document</span> and mark it
+  as being a <dfn>plugin document</dfn>, set its <span title="concept-document-content-type">content
+  type</span> to the sniffed MIME type of the resource (<var title="">type</var> in the
+  <span>navigate</span> algorithm), append an <code>html</code> element to the
+  <code>Document</code>, append a <code>head</code> element and a <code>body</code> element to the
+  <code>html</code> element, append an <code>embed</code> to the <code>body</code> element, and set
+  the <code title="attr-embed-src">src</code> attribute of the <code>embed</code> element to the
+  address of the resource.</p>
+
+  <p class="note">The term <span>plugin document</span> is used by the Content Security Policy
+  specification as part of the mechanism that ensures <code>iframe</code>s can't be used to evade
+  <code title="">plugin-types</code> directives. <a href="#refsCSP">[CSP]</a></p>
 
   <!-- next three paragraphs are similar to the navigate-text section, keep them in sync -->