Skip to content
Permalink
Browse files

[acgiow] (0) Provide a safe way to host hostile content for use with …

…an <iframe sandbox> on the same site.

git-svn-id: http://svn.whatwg.org/webapps@4581 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Jan 12, 2010
1 parent 6c7d27d commit 8e41cb4e528fa0f4f4c01e78ee1e06c3ebecf390
Showing with 385 additions and 92 deletions.
  1. +129 −35 complete.html
  2. +129 −35 index
  3. +127 −22 source
@@ -1193,12 +1193,13 @@ <h2 class="no-num no-toc" id=contents>Table of contents</h2>
<li><a href=#iana><span class=secno>15 </span>IANA considerations</a>
<ol>
<li><a href=#text/html><span class=secno>15.1 </span><code>text/html</code></a></li>
<li><a href=#application/xhtml+xml><span class=secno>15.2 </span><code>application/xhtml+xml</code></a></li>
<li><a href=#text/cache-manifest><span class=secno>15.3 </span><code>text/cache-manifest</code></a></li>
<li><a href=#text/ping><span class=secno>15.4 </span><code>text/ping</code></a></li>
<li><a href=#application/microdata+json><span class=secno>15.5 </span><code>application/microdata+json</code></a></li>
<li><a href=#ping-from><span class=secno>15.6 </span><code>Ping-From</code></a></li>
<li><a href=#ping-to><span class=secno>15.7 </span><code>Ping-To</code></a></ol></li>
<li><a href=#text/sandboxed-html><span class=secno>15.2 </span><code>text/sandboxed-html</code></a></li>
<li><a href=#application/xhtml+xml><span class=secno>15.3 </span><code>application/xhtml+xml</code></a></li>
<li><a href=#text/cache-manifest><span class=secno>15.4 </span><code>text/cache-manifest</code></a></li>
<li><a href=#text/ping><span class=secno>15.5 </span><code>text/ping</code></a></li>
<li><a href=#application/microdata+json><span class=secno>15.6 </span><code>application/microdata+json</code></a></li>
<li><a href=#ping-from><span class=secno>15.7 </span><code>Ping-From</code></a></li>
<li><a href=#ping-to><span class=secno>15.8 </span><code>Ping-To</code></a></ol></li>
<li><a class=no-num href=#index>Index</a>
<ol>
<li><a class=no-num href=#elements-1>Elements</a></li>
@@ -1465,10 +1466,10 @@ <h3 id=html-vs-xhtml><span class=secno>1.7 </span>HTML vs XHTML</h3>

<p>The first such concrete syntax is the HTML syntax. This is the
format suggested for most authors. It is compatible with most legacy
Web browsers. If a document is transmitted with the <a href=#mime-type>MIME
type</a> <code><a href=#text/html>text/html</a></code>, then it will be processed as an
HTML document by Web browsers. This specification defines version 5
of the HTML syntax, known as "HTML5".</p>
Web browsers. If a document is transmitted with an <a href=#html-mime-type>HTML MIME
type</a>, such as <code><a href=#text/html>text/html</a></code>, then it will be
processed as an HTML document by Web browsers. This specification
defines version 5 of the HTML syntax, known as "HTML5".</p>

<p>The second concrete syntax is the XHTML syntax, which is an
application of XML. When a document is transmitted with an <a href=#xml-mime-type>XML
@@ -1924,6 +1925,9 @@ <h4 id=resources><span class=secno>2.1.1 </span>Resources</h4>
SEMICOLON characters (;). In other words, if it consists only of a
type and subtype, with no MIME Type parameters. <a href=#refsHTTP>[HTTP]</a></p>

<p>The term <dfn id=html-mime-type>HTML MIME type</dfn> is used to refer to the <a href=#mime-type title="MIME type">MIME types</a> <code><a href=#text/html>text/html</a></code> and
<code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>.</p>


<h4 id=xml><span class=secno>2.1.2 </span>XML</h4>

@@ -2151,8 +2155,9 @@ <h3 id=conformance-requirements><span class=secno>2.2 </span>Conformance require
element that forms part of the transform.</p>

<p>Web browsers that support <a href=#syntax>the HTML syntax</a> must
process documents labeled as <code><a href=#text/html>text/html</a></code> as described
in this specification, so that users can interact with them.</p>
process documents labeled with an <a href=#html-mime-type>HTML MIME type</a> as
described in this specification, so that users can interact with
them.</p>

<p>User agents that support scripting must also be conforming
implementations of the IDL fragments in this specification, as
@@ -6625,11 +6630,11 @@ <h3 id=namespaces><span class=secno>2.8 </span>Namespaces</h3>
<p>The <dfn id=xmlns-namespace>XMLNS namespace</dfn> is: <code>http://www.w3.org/2000/xmlns/</code></p>

<hr><p>Data mining tools and other user agents that perform operations
on <code><a href=#text/html>text/html</a></code> content without running scripts,
evaluating CSS or XPath expressions, or otherwise exposing the
resulting DOM to arbitrary content, may "support namespaces" by just
asserting that their DOM node analogues are in certain namespaces,
without actually exposing the above strings.</p>
on content without running scripts, evaluating CSS or XPath
expressions, or otherwise exposing the resulting DOM to arbitrary
content, may "support namespaces" by just asserting that their DOM
node analogues are in certain namespaces, without actually exposing
the above strings.</p>


<h2 id=dom><span class=secno>3 </span>Semantics, structure, and APIs of HTML documents</h2>
<p>This flag <a href=#sandboxScriptBlocked>blocks script
execution</a>.</p>

<p class=warning>This flag only takes effect when the
<a href=#nested-browsing-context>nested browsing context</a> of the <code><a href=#the-iframe-element>iframe</a></code> is
<a href=#navigate title=navigate>navigated</a>. Removing it has no effect
on an already-loaded page.</p>

</dd>

</dl><p>These flags must not be set unless the conditions listed above

</div>

<p class=note>Potentially hostile files can be served from the
same server as the file containing the <code><a href=#the-iframe-element>iframe</a></code> element
by labeling them as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> instead of
<code><a href=#text/html>text/html</a></code>. This ensures that scripts in the files are
unable to attack the site (as if they were actually served from
another server), even if the user is tricked into visiting those
pages directly, without the protection of the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute.</p>

<p class=warning>If the <code title=attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code>
keyword is set along with <code title=attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code>
keyword, and the file is from the <a href=#same-origin>same origin</a> as the
<code><a href=#the-iframe-element>iframe</a></code>'s <code>Document</code>, then a script in the
"sandboxed" iframe could just reach out, remove the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute, and then
reload itself, effectively breaking out of the sandbox
altogether.</p>


<hr><!-- v2: Might be interesting to have a value on seamless that
allowed event propagation of some sort, maybe based on the WICD
browsing context flag</a> was set when the
<code>Document</code> was created</dt>

<dt>If a <code>Document</code> was generated from a resource
labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code></dt>

<dd>The <a href=#origin>origin</a> is a globally unique identifier
assigned when the <code>Document</code> is created.</dd>

of the following types, jump to the appropriate entry in the
following list, and process the resource as described there:</p>

<dl class=switch><dt>"<code><a href=#text/html>text/html</a></code>"</dt>
<dl class=switch><!-- an <span>HTML MIME type</span> --><dt>"<code><a href=#text/html>text/html</a></code>"</dt>
<dt>"<code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>"</dt>
<dd>Follow the steps given in the <a href=#read-html title=navigate-html>HTML document</a> section, and abort
these steps.</dd>

fragment identifiers for <a href=#xml-mime-type title="XML MIME type">XML MIME
types</a> is the responsibility of RFC3023).</p>

<p>For HTML documents (and the <code><a href=#text/html>text/html</a></code> <a href=#mime-type>MIME type</a>),
the following processing model must be followed to determine what
<a href=#the-indicated-part-of-the-document>the indicated part of the document</a> is.</p>
<p>For HTML documents (and <a href=#html-mime-type title="HTML MIME type">HTML MIME
types</a>), the following processing model must be followed to
determine what <a href=#the-indicated-part-of-the-document>the indicated part of the document</a>
is.</p>

<ol><li><p><a href=#parse-a-url title="parse a url">Parse</a> the <a href=#url>URL</a>,
and let <var title="">fragid</var> be the <a href=#url-fragment title=url-fragment>&lt;fragment&gt;</a> component of the

<h2 id=syntax><span class=secno>11 </span><dfn>The HTML syntax</dfn></h2>

<p class=note>This section only describes the rules for
<code><a href=#text/html>text/html</a></code> resources. Rules for XML resources are
discussed in the section below entitled "<a href=#the-xhtml-syntax>The XHTML
<p class=note>This section only describes the rules for resources
labeled with an <a href=#html-mime-type>HTML MIME type</a>. Rules for XML resources
are discussed in the section below entitled "<a href=#the-xhtml-syntax>The XHTML
syntax</a>".</p>


refer to <a href=#the-indicated-part-of-the-document>the indicated part of the document</a>.</p>


<h3 id=application/xhtml+xml><span class=secno>15.2 </span><dfn><code>application/xhtml+xml</code></dfn></h3>
<h3 id=text/sandboxed-html><span class=secno>15.2 </span><dfn><code>text/sandboxed-html</code></dfn></h3>

<p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p>

<!--
To: ietf-types@iana.org
Subject: Registration of media type text/sandboxed-html
-->

<dl><dt>Type name:</dt>
<dd>text</dd>
<dt>Subtype name:</dt>
<dd>sandboxed-html</dd>
<dt>Required parameters:</dt>
<dd>No required parameters</dd>
<dt>Optional parameters:</dt>
<dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
<dt>Encoding considerations:</dt>
<dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
<dt>Security considerations:</dt>
<dd>
<p>The purpose of the <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> MIME type
is to provide a way for content providers to indicate that they
want the file to be interpreted in a manner that does not give the
file's contents access to the rest of the site. This is achieved
by assigning the <code>Document</code> objects generated from
resources labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> unique
origins.</p>
<p>To avoid having legacy user agents treating resources labeled
as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> as regular
<code><a href=#text/html>text/html</a></code> files, authors should avoid using the <code title="">.html</code> or <code title="">.htm</code> extensions for
resources labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>.</p>
<p>Beyond this, the type is identical to <code><a href=#text/html>text/html</a></code>,
and the same considerations apply.</p>
</dd>
<dt>Interoperability considerations:</dt>
<dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
<dt>Published specification:</dt>
<dd>
This document is the relevant specification. Labeling a resource
with the <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> type asserts that the
resource is an <a href=#html-documents title="HTML documents">HTML document</a>
using <a href=#syntax>the HTML syntax</a>.
</dd>
<dt>Applications that use this media type:</dt>
<dd>Same as for <code><a href=#text/html>text/html</a></code></dd>
<dt>Additional information:</dt>
<dd>
<dl><dt>Magic number(s):</dt>
<dd>Documents labeled as <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code> are
heuristically indistinguishable from those labeled as
<code><a href=#text/html>text/html</a></code>.</dd>
<dt>File extension(s):</dt>
<dd>"<code title="">sandboxed</code>"</dd>
<dt>Macintosh file type code(s):</dt>
<dd><code title="">TEXT</code></dd>
</dl></dd>
<dt>Person &amp; email address to contact for further information:</dt>
<dd>Ian Hickson &lt;ian@hixie.ch&gt;</dd>
<dt>Intended usage:</dt>
<dd>Common</dd>
<dt>Restrictions on usage:</dt>
<dd>No restrictions apply.</dd>
<dt>Author:</dt>
<dd>Ian Hickson &lt;ian@hixie.ch&gt;</dd>
<dt>Change controller:</dt>
<dd>W3C and WHATWG</dd>
</dl><p>Fragment identifiers used with <code><a href=#text/sandboxed-html>text/sandboxed-html</a></code>
resources refer to <a href=#the-indicated-part-of-the-document>the indicated part of the
document</a>.</p>


<h3 id=application/xhtml+xml><span class=secno>15.3 </span><dfn><code>application/xhtml+xml</code></dfn></h3>

<p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p>
type</a>. <a href=#refsRFC3023>[RFC3023]</a></p>


<h3 id=text/cache-manifest><span class=secno>15.3 </span><dfn><code>text/cache-manifest</code></dfn></h3>
<h3 id=text/cache-manifest><span class=secno>15.4 </span><dfn><code>text/cache-manifest</code></dfn></h3>

<p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p>
<code><a href=#text/cache-manifest>text/cache-manifest</a></code> resources.</p>


<h3 id=text/ping><span class=secno>15.4 </span><dfn><code>text/ping</code></dfn></h3>
<h3 id=text/ping><span class=secno>15.5 </span><dfn><code>text/ping</code></dfn></h3>

<p>This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.</p>



<h3 id=application/microdata+json><span class=secno>15.5 </span><dfn><code>application/microdata+json</code></dfn></h3>
<h3 id=application/microdata+json><span class=secno>15.6 </span><dfn><code>application/microdata+json</code></dfn></h3>


<p>This registration is for community review and will be submitted



<h3 id=ping-from><span class=secno>15.6 </span><dfn title=http-ping-from><code>Ping-From</code></dfn></h3>
<h3 id=ping-from><span class=secno>15.7 </span><dfn title=http-ping-from><code>Ping-From</code></dfn></h3>

<p>This section describes a header field for registration in the
Permanent Message Header Field Registry. <a href=#refsRFC3864>[RFC3864]</a></p>
</dd>
<dt>Related information</dt>
<dd>None.</dd>
</dl><h3 id=ping-to><span class=secno>15.7 </span><dfn title=http-ping-to><code>Ping-To</code></dfn></h3>
</dl><h3 id=ping-to><span class=secno>15.8 </span><dfn title=http-ping-to><code>Ping-To</code></dfn></h3>

<p>This section describes a header field for registration in the
Permanent Message Header Field Registry. <a href=#refsRFC3864>[RFC3864]</a></p>

0 comments on commit 8e41cb4

Please sign in to comment.
You can’t perform that action at this time.