[giow] (2) Sandboxing: prevent pages from closing their top-level bro…

…wsing context (unless they can navigate it, in which case, whatever) Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=22319 Affected topics: DOM APIs, HTML git-svn-id: http://svn.whatwg.org/webapps@7984 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Jun 18, 2013 · 6d607da · 6d607da
1 parent d1cb8a7
commit 6d607da
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 23 deletions.
diff --git a/complete.html b/complete.html
@@ -256,7 +256,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 17 June 2013</h2>
+    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 18 June 2013</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -53860,7 +53860,7 @@ <h5 id=autofilling-form-controls:-the-autocomplete-attribute><span class=secno>4
      <td><a href=#valid-e-mail-address>Valid e-mail address</a>
      <td>timbl@w3.org
     <tr><td colspan=4>"<dfn id=attr-fe-autocomplete-impp title=attr-fe-autocomplete-impp><code>impp</code></dfn>"
-     <td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or <code title="">xmpp:fred@example.net</code>")
+     <td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or "<code title="">xmpp:fred@example.net</code>")
      <td><a href=#valid-url>Valid URL</a>
      <td>irc://example.org/timbl,isuser
   </table><p>If the <code title=attr-fe-autocomplete><a href=#attr-fe-autocomplete>autocomplete</a></code>
@@ -65380,12 +65380,19 @@ <h4 id=apis-for-creating-and-navigating-browsing-contexts-by-name><span class=se
   navigated to another domain.</p>
 
   <hr><!--CLEANUP--><p>The <dfn id=dom-window-close title=dom-window-close><code>close()</code></dfn> method on <code><a href=#window>Window</a></code>
-  objects should, if the corresponding <a href=#browsing-context>browsing context</a> <var title="">A</var> is
-  <a href=#script-closable>script-closable</a> and the <a href="#script's-browsing-context" title="script's browsing context">browsing
-  context</a> of the <a href=#incumbent-script>incumbent script</a> is
-  <a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>, <a href=#close-a-browsing-context title="close a browsing context">close</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>.</p>
+  objects should, if all the following conditions are met, <a href=#close-a-browsing-context title="close a browsing context">close</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>:
 
-  <p>A <a href=#browsing-context>browsing context</a> is <dfn id=script-closable>script-closable</dfn> if it is an <a href=#auxiliary-browsing-context>auxiliary
+  <ul class=brief><li>The corresponding <a href=#browsing-context>browsing context</a> <var title="">A</var> is
+   <a href=#script-closable>script-closable</a>.</li>
+
+   <li>The <a href="#script's-browsing-context" title="script's browsing context">browsing context</a> of the <a href=#incumbent-script>incumbent
+   script</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>.</li>
+
+   <li id=sandboxClose>The <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> of the <a href="#script's-document" title="script's
+   document">document</a> of the <a href=#incumbent-script>incumbent script</a> does not have its <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed
+   top-level navigation browsing context flag</a> set.</li>
+
+  </ul><p>A <a href=#browsing-context>browsing context</a> is <dfn id=script-closable>script-closable</dfn> if it is an <a href=#auxiliary-browsing-context>auxiliary
   browsing context</a> that was created by a script (as opposed to by an action of the user), or
   if it is a <a href=#browsing-context>browsing context</a> whose <a href=#session-history>session history</a> contains only one
   <code><a href=#document>Document</a></code>.</p>
@@ -66333,7 +66340,8 @@ <h3 id=sandboxing><span class=secno>6.4 </span>Sandboxing</h3>
    <dd>
 
     <p>This flag <a href=#sandboxLinks>prevents content from navigating their <span>top-level
-    browsing context</span></a>.</p>
+    browsing context</span></a> and <a href=#sandboxClose>prevents content from closing their
+    <span>top-level browsing context</span></a>.</p>
 
     <p>When the <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context flag</a> is <em>not</em>
     set, content can navigate its <a href=#top-level-browsing-context>top-level browsing context</a>, but other <a href=#browsing-context title="browsing context">browsing contexts</a> are still protected by the <a href=#sandboxed-navigation-browsing-context-flag>sandboxed

diff --git a/index b/index
@@ -256,7 +256,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 17 June 2013</h2>
+    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 18 June 2013</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -53860,7 +53860,7 @@ MIT Room 32-G524
      <td><a href=#valid-e-mail-address>Valid e-mail address</a>
      <td>timbl@w3.org
     <tr><td colspan=4>"<dfn id=attr-fe-autocomplete-impp title=attr-fe-autocomplete-impp><code>impp</code></dfn>"
-     <td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or <code title="">xmpp:fred@example.net</code>")
+     <td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or "<code title="">xmpp:fred@example.net</code>")
      <td><a href=#valid-url>Valid URL</a>
      <td>irc://example.org/timbl,isuser
   </table><p>If the <code title=attr-fe-autocomplete><a href=#attr-fe-autocomplete>autocomplete</a></code>
@@ -65380,12 +65380,19 @@ END:VCARD</pre>
   navigated to another domain.</p>
 
   <hr><!--CLEANUP--><p>The <dfn id=dom-window-close title=dom-window-close><code>close()</code></dfn> method on <code><a href=#window>Window</a></code>
-  objects should, if the corresponding <a href=#browsing-context>browsing context</a> <var title="">A</var> is
-  <a href=#script-closable>script-closable</a> and the <a href="#script's-browsing-context" title="script's browsing context">browsing
-  context</a> of the <a href=#incumbent-script>incumbent script</a> is
-  <a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>, <a href=#close-a-browsing-context title="close a browsing context">close</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>.</p>
+  objects should, if all the following conditions are met, <a href=#close-a-browsing-context title="close a browsing context">close</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>:
 
-  <p>A <a href=#browsing-context>browsing context</a> is <dfn id=script-closable>script-closable</dfn> if it is an <a href=#auxiliary-browsing-context>auxiliary
+  <ul class=brief><li>The corresponding <a href=#browsing-context>browsing context</a> <var title="">A</var> is
+   <a href=#script-closable>script-closable</a>.</li>
+
+   <li>The <a href="#script's-browsing-context" title="script's browsing context">browsing context</a> of the <a href=#incumbent-script>incumbent
+   script</a> is <a href=#allowed-to-navigate>allowed to navigate</a> the <a href=#browsing-context>browsing context</a> <var title="">A</var>.</li>
+
+   <li id=sandboxClose>The <a href=#active-sandboxing-flag-set>active sandboxing flag set</a> of the <a href="#script's-document" title="script's
+   document">document</a> of the <a href=#incumbent-script>incumbent script</a> does not have its <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed
+   top-level navigation browsing context flag</a> set.</li>
+
+  </ul><p>A <a href=#browsing-context>browsing context</a> is <dfn id=script-closable>script-closable</dfn> if it is an <a href=#auxiliary-browsing-context>auxiliary
   browsing context</a> that was created by a script (as opposed to by an action of the user), or
   if it is a <a href=#browsing-context>browsing context</a> whose <a href=#session-history>session history</a> contains only one
   <code><a href=#document>Document</a></code>.</p>
@@ -66333,7 +66340,8 @@ x === this; // true</pre>
    <dd>
 
     <p>This flag <a href=#sandboxLinks>prevents content from navigating their <span>top-level
-    browsing context</span></a>.</p>
+    browsing context</span></a> and <a href=#sandboxClose>prevents content from closing their
+    <span>top-level browsing context</span></a>.</p>
 
     <p>When the <a href=#sandboxed-top-level-navigation-browsing-context-flag>sandboxed top-level navigation browsing context flag</a> is <em>not</em>
     set, content can navigate its <a href=#top-level-browsing-context>top-level browsing context</a>, but other <a href=#browsing-context title="browsing context">browsing contexts</a> are still protected by the <a href=#sandboxed-navigation-browsing-context-flag>sandboxed

diff --git a/source b/source
@@ -59340,7 +59340,7 @@ MIT Room 32-G524
      <td>timbl@w3.org
     <tr>
      <td colspan=4>"<dfn title="attr-fe-autocomplete-impp"><code>impp</code></dfn>"
-     <td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or <code title="">xmpp:fred@example.net</code>")
+     <td>URL representing an instant messaging protocol endpoint (for example, "<code title="">aim:goim?screenname=example</code>" or "<code title="">xmpp:fred@example.net</code>")
      <td><span>Valid URL</span>
      <td>irc://example.org/timbl,isuser
   </table>
@@ -72901,12 +72901,24 @@ END:VCARD</pre>
 <!--CLEANUP-->
 
   <p>The <dfn title="dom-window-close"><code>close()</code></dfn> method on <code>Window</code>
-  objects should, if the corresponding <span>browsing context</span> <var title="">A</var> is
-  <span>script-closable</span> and the <span title="script's browsing context">browsing
-  context</span> of the <span>incumbent script</span> is
-  <span>allowed to navigate</span> the <span>browsing context</span> <var title="">A</var>, <span
+  objects should, if all the following conditions are met, <span
   title="close a browsing context">close</span> the <span>browsing context</span> <var
-  title="">A</var>.</p>
+  title="">A</var>:
+
+  <ul class="brief">
+
+   <li>The corresponding <span>browsing context</span> <var title="">A</var> is
+   <span>script-closable</span>.</li>
+
+   <li>The <span title="script's browsing context">browsing context</span> of the <span>incumbent
+   script</span> is <span>allowed to navigate</span> the <span>browsing context</span> <var
+   title="">A</var>.</li>
+
+   <li id="sandboxClose">The <span>active sandboxing flag set</span> of the <span title="script's
+   document">document</span> of the <span>incumbent script</span> does not have its <span>sandboxed
+   top-level navigation browsing context flag</span> set.</li>
+
+  </ul>
 
   <p>A <span>browsing context</span> is <dfn>script-closable</dfn> if it is an <span>auxiliary
   browsing context</span> that was created by a script (as opposed to by an action of the user), or
@@ -74011,7 +74023,8 @@ x === this; // true</pre>
    <dd>
 
     <p>This flag <a href="#sandboxLinks">prevents content from navigating their <span>top-level
-    browsing context</span></a>.</p>
+    browsing context</span></a> and <a href="#sandboxClose">prevents content from closing their
+    <span>top-level browsing context</span></a>.</p>
 
     <p>When the <span>sandboxed top-level navigation browsing context flag</span> is <em>not</em>
     set, content can navigate its <span>top-level browsing context</span>, but other <span