Skip to content
Permalink
Browse files

[giow] (2) Sandboxing: prevent pages from closing their top-level bro…

…wsing context (unless they can navigate it, in which case, whatever)

Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=22319
Affected topics: DOM APIs, HTML

git-svn-id: http://svn.whatwg.org/webapps@7984 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
Hixie committed Jun 18, 2013
1 parent d1cb8a7 commit 6d607da71fa00dcc02163383c95c92c490d9cb40
Showing with 52 additions and 23 deletions.
  1. +16 −8 complete.html
  2. +16 −8 index
  3. +20 −7 source

<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 17 June 2013</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 18 June 2013</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
<td><a href=#valid-e-mail-address>Valid e-mail address</a>
<td>timbl@w3.org
<tr><td colspan=4>"<dfn id=attr-fe-autocomplete-impp title=attr-fe-autocomplete-impp><code>impp</code></dfn>"
<td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or <code title="">xmpp:fred@example.net</code>")
<td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or "<code title="">xmpp:fred@example.net</code>")
<td><a href=#valid-url>Valid URL</a>
<td>irc://example.org/timbl,isuser
</table><p>If the <code title=attr-fe-autocomplete><a href=#attr-fe-autocomplete>autocomplete</a></code>
navigated to another domain.</p>

<hr><!--CLEANUP--><p>The <dfn id=dom-window-close title=dom-window-close><code>close()</code></dfn> method on <code><a href=#window>Window</a></code>
objects should, if the corresponding <a href=#browsing-context>browsing context</a> <var title="">A</var> is
<a href=#script-closable>script-closable</a> and the <a href="#script's-browsing-context" title="script's browsing context">browsing
context</a> of the <a href=#incumbent-script>incumbent script</a> is
<a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>, <a href=#close-a-browsing-context title="close a browsing context">close</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>.</p>
objects should, if all the following conditions are met, <a href=#close-a-browsing-context title="close a browsing context">close</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>:

<p>A <a href=#browsing-context>browsing context</a> is <dfn id=script-closable>script-closable</dfn> if it is an <a href=#auxiliary-browsing-context>auxiliary
<ul class=brief><li>The corresponding <a href=#browsing-context>browsing context</a> <var title="">A</var> is
<a href=#script-closable>script-closable</a>.</li>

<li>The <a href="#script's-browsing-context" title="script's browsing context">browsing context</a> of the <a href=#incumbent-script>incumbent
script</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>.</li>

<li id=sandboxClose>The <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> of the <a href="#script's-document" title="script's
document">document</a> of the <a href=#incumbent-script>incumbent script</a> does not have its <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed
top-level navigation browsing context flag</a> set.</li>

</ul><p>A <a href=#browsing-context>browsing context</a> is <dfn id=script-closable>script-closable</dfn> if it is an <a href=#auxiliary-browsing-context>auxiliary
browsing context</a> that was created by a script (as opposed to by an action of the user), or
if it is a <a href=#browsing-context>browsing context</a> whose <a href=#session-history>session history</a> contains only one
<code><a href=#document>Document</a></code>.</p>
<dd>

<p>This flag <a href=#sandboxLinks>prevents content from navigating their <span>top-level
browsing context</span></a>.</p>
browsing context</span></a> and <a href=#sandboxClose>prevents content from closing their
<span>top-level browsing context</span></a>.</p>

<p>When the <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context flag</a> is <em>not</em>
set, content can navigate its <a href=#top-level-browsing-context>top-level browsing context</a>, but other <a href=#browsing-context title="browsing context">browsing contexts</a> are still protected by the <a href=#sandboxed-navigation-browsing-context-flag>sandboxed
24 index

<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 17 June 2013</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 18 June 2013</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
<td><a href=#valid-e-mail-address>Valid e-mail address</a>
<td>timbl@w3.org
<tr><td colspan=4>"<dfn id=attr-fe-autocomplete-impp title=attr-fe-autocomplete-impp><code>impp</code></dfn>"
<td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or <code title="">xmpp:fred@example.net</code>")
<td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or "<code title="">xmpp:fred@example.net</code>")
<td><a href=#valid-url>Valid URL</a>
<td>irc://example.org/timbl,isuser
</table><p>If the <code title=attr-fe-autocomplete><a href=#attr-fe-autocomplete>autocomplete</a></code>
navigated to another domain.</p>

<hr><!--CLEANUP--><p>The <dfn id=dom-window-close title=dom-window-close><code>close()</code></dfn> method on <code><a href=#window>Window</a></code>
objects should, if the corresponding <a href=#browsing-context>browsing context</a> <var title="">A</var> is
<a href=#script-closable>script-closable</a> and the <a href="#script's-browsing-context" title="script's browsing context">browsing
context</a> of the <a href=#incumbent-script>incumbent script</a> is
<a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>, <a href=#close-a-browsing-context title="close a browsing context">close</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>.</p>
objects should, if all the following conditions are met, <a href=#close-a-browsing-context title="close a browsing context">close</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>:

<p>A <a href=#browsing-context>browsing context</a> is <dfn id=script-closable>script-closable</dfn> if it is an <a href=#auxiliary-browsing-context>auxiliary
<ul class=brief><li>The corresponding <a href=#browsing-context>browsing context</a> <var title="">A</var> is
<a href=#script-closable>script-closable</a>.</li>

<li>The <a href="#script's-browsing-context" title="script's browsing context">browsing context</a> of the <a href=#incumbent-script>incumbent
script</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>.</li>

<li id=sandboxClose>The <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> of the <a href="#script's-document" title="script's
document">document</a> of the <a href=#incumbent-script>incumbent script</a> does not have its <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed
top-level navigation browsing context flag</a> set.</li>

</ul><p>A <a href=#browsing-context>browsing context</a> is <dfn id=script-closable>script-closable</dfn> if it is an <a href=#auxiliary-browsing-context>auxiliary
browsing context</a> that was created by a script (as opposed to by an action of the user), or
if it is a <a href=#browsing-context>browsing context</a> whose <a href=#session-history>session history</a> contains only one
<code><a href=#document>Document</a></code>.</p>
<dd>

<p>This flag <a href=#sandboxLinks>prevents content from navigating their <span>top-level
browsing context</span></a>.</p>
browsing context</span></a> and <a href=#sandboxClose>prevents content from closing their
<span>top-level browsing context</span></a>.</p>

<p>When the <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context flag</a> is <em>not</em>
set, content can navigate its <a href=#top-level-browsing-context>top-level browsing context</a>, but other <a href=#browsing-context title="browsing context">browsing contexts</a> are still protected by the <a href=#sandboxed-navigation-browsing-context-flag>sandboxed
27 source
<td>timbl@w3.org
<tr>
<td colspan=4>"<dfn title="attr-fe-autocomplete-impp"><code>impp</code></dfn>"
<td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or <code title="">xmpp:fred@example.net</code>")
<td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or "<code title="">xmpp:fred@example.net</code>")
<td><span>Valid URL</span>
<td>irc://example.org/timbl,isuser
</table>
<!--CLEANUP-->

<p>The <dfn title="dom-window-close"><code>close()</code></dfn> method on <code>Window</code>
objects should, if the corresponding <span>browsing context</span> <var title="">A</var> is
<span>script-closable</span> and the <span title="script's browsing context">browsing
context</span> of the <span>incumbent script</span> is
<span>allowed to navigate</span> the <span>browsing context</span> <var title="">A</var>, <span
objects should, if all the following conditions are met, <span
title="close a browsing context">close</span> the <span>browsing context</span> <var
title="">A</var>.</p>
title="">A</var>:

<ul class="brief">

<li>The corresponding <span>browsing context</span> <var title="">A</var> is
<span>script-closable</span>.</li>

<li>The <span title="script's browsing context">browsing context</span> of the <span>incumbent
script</span> is <span>allowed to navigate</span> the <span>browsing context</span> <var
title="">A</var>.</li>

<li id="sandboxClose">The <span>active sandboxing flag set</span> of the <span title="script's
document">document</span> of the <span>incumbent script</span> does not have its <span>sandboxed
top-level navigation browsing context flag</span> set.</li>

</ul>

<p>A <span>browsing context</span> is <dfn>script-closable</dfn> if it is an <span>auxiliary
browsing context</span> that was created by a script (as opposed to by an action of the user), or
<dd>

<p>This flag <a href="#sandboxLinks">prevents content from navigating their <span>top-level
browsing context</span></a>.</p>
browsing context</span></a> and <a href="#sandboxClose">prevents content from closing their
<span>top-level browsing context</span></a>.</p>

<p>When the <span>sandboxed top-level navigation browsing context flag</span> is <em>not</em>
set, content can navigate its <span>top-level browsing context</span>, but other <span

0 comments on commit 6d607da

Please sign in to comment.
You can’t perform that action at this time.