From fbc9ec2b805730724f698d814fe4d5c0d618be55 Mon Sep 17 00:00:00 2001
From: Ian Hickson Table of contents
text/html
text/sandboxed-html
text/html-sandboxed
application/xhtml+xml
text/cache-manifest
text/ping
2.1.1 Resources
type and subtype, with no MIME Type parameters. [HTTP]
The term HTML MIME type is used to refer to the MIME types text/html
and
- text/sandboxed-html
.
text/html-sandboxed
.
iframe
Potentially hostile files can be served from the
same server as the file containing the iframe
element
- by labeling them as text/sandboxed-html
instead of
+ by labeling them as text/html-sandboxed
instead of
text/html
. This ensures that scripts in the files are
unable to attack the site (as if they were actually served from
another server), even if the user is tricked into visiting those
@@ -50691,7 +50691,7 @@
6.4 Origin
Document
was created
If a Document
was generated from a resource
- labeled as text/sandboxed-html
+ labeled as text/html-sandboxed
The origin is a globally unique identifier
assigned when the Document
is created.
@@ -56400,7 +56400,7 @@ 6.11.1 Navigating ac
following list, and process the resource as described there:
- "
text/html
"
- - "
text/sandboxed-html
"
+ - "
text/html-sandboxed
"
- Follow the steps given in the HTML document section, and abort
these steps.
@@ -83704,20 +83704,20 @@ 15.1 text/html
refer to the indicated part of the document.
- 15.2 text/sandboxed-html
+ 15.2 text/html-sandboxed
This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.
- Type name:
- text
- Subtype name:
- - sandboxed-html
+ - html-sandboxed
- Required parameters:
- No required parameters
- Optional parameters:
@@ -83726,17 +83726,17 @@ 15.2 text/sandbox
- Same as for
text/html
- Security considerations:
-
-
The purpose of the text/sandboxed-html
MIME type
+
The purpose of the text/html-sandboxed
MIME type
is to provide a way for content providers to indicate that they
want the file to be interpreted in a manner that does not give the
file's contents access to the rest of the site. This is achieved
by assigning the Document
objects generated from
- resources labeled as text/sandboxed-html
unique
+ resources labeled as text/html-sandboxed
unique
origins.
To avoid having legacy user agents treating resources labeled
- as text/sandboxed-html
as regular
+ as text/html-sandboxed
as regular
text/html
files, authors should avoid using the .html
or .htm
extensions for
- resources labeled as text/sandboxed-html
.
+ resources labeled as text/html-sandboxed
.
Beyond this, the type is identical to text/html
,
and the same considerations apply.
@@ -83745,7 +83745,7 @@ 15.2 text/sandbox
- Published specification:
-
This document is the relevant specification. Labeling a resource
- with the
text/sandboxed-html
type asserts that the
+ with the text/html-sandboxed
type asserts that the
resource is an HTML document
using the HTML syntax.
@@ -83754,7 +83754,7 @@ 15.2 text/sandbox
- Additional information:
-
- Magic number(s):
- - Documents labeled as
text/sandboxed-html
are
+ - Documents labeled as
text/html-sandboxed
are
heuristically indistinguishable from those labeled as
text/html
.
- File extension(s):
@@ -83772,7 +83772,7 @@ 15.2 text/sandbox
- Ian Hickson <ian@hixie.ch>
- Change controller:
- W3C and WHATWG
-
Fragment identifiers used with text/sandboxed-html
+
Fragment identifiers used with text/html-sandboxed
resources refer to the indicated part of the
document.
diff --git a/index b/index
index 7a2bc2045aa..63abc2b9fe0 100644
--- a/index
+++ b/index
@@ -1071,7 +1071,7 @@
13 IANA considerations
- 13.1
text/html
- - 13.2
text/sandboxed-html
+ - 13.2
text/html-sandboxed
- 13.3
application/xhtml+xml
- 13.4
text/cache-manifest
- 13.5
text/ping
@@ -1826,7 +1826,7 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
type and subtype, with no MIME Type parameters. [HTTP]
The term HTML MIME type is used to refer to the MIME types text/html
and
- text/sandboxed-html
.
+ text/html-sandboxed
.
2.1.2 XML
@@ -19745,7 +19745,7 @@ href="?audio">audio</a> test instead.)</p>
Potentially hostile files can be served from the
same server as the file containing the iframe
element
- by labeling them as text/sandboxed-html
instead of
+ by labeling them as text/html-sandboxed
instead of
text/html
. This ensures that scripts in the files are
unable to attack the site (as if they were actually served from
another server), even if the user is tricked into visiting those
@@ -50591,7 +50591,7 @@ interface Window {
Document
was created
- If a
Document
was generated from a resource
- labeled as text/sandboxed-html
+ labeled as text/html-sandboxed
- The origin is a globally unique identifier
assigned when the
Document
is created.
@@ -56314,7 +56314,7 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BU
following list, and process the resource as described there:
- "
text/html
"
- - "
text/sandboxed-html
"
+ - "
text/html-sandboxed
"
- Follow the steps given in the HTML document section, and abort
these steps.
@@ -78054,20 +78054,20 @@ interface HTMLDocument {
refer to the indicated part of the document.
- 13.2 text/sandboxed-html
+ 13.2 text/html-sandboxed
This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.
- Type name:
- text
- Subtype name:
- - sandboxed-html
+ - html-sandboxed
- Required parameters:
- No required parameters
- Optional parameters:
@@ -78076,17 +78076,17 @@ interface HTMLDocument {
- Same as for
text/html
- Security considerations:
-
-
The purpose of the text/sandboxed-html
MIME type
+
The purpose of the text/html-sandboxed
MIME type
is to provide a way for content providers to indicate that they
want the file to be interpreted in a manner that does not give the
file's contents access to the rest of the site. This is achieved
by assigning the Document
objects generated from
- resources labeled as text/sandboxed-html
unique
+ resources labeled as text/html-sandboxed
unique
origins.
To avoid having legacy user agents treating resources labeled
- as text/sandboxed-html
as regular
+ as text/html-sandboxed
as regular
text/html
files, authors should avoid using the .html
or .htm
extensions for
- resources labeled as text/sandboxed-html
.
+ resources labeled as text/html-sandboxed
.
Beyond this, the type is identical to text/html
,
and the same considerations apply.
@@ -78095,7 +78095,7 @@ interface HTMLDocument {
- Published specification:
-
This document is the relevant specification. Labeling a resource
- with the
text/sandboxed-html
type asserts that the
+ with the text/html-sandboxed
type asserts that the
resource is an HTML document
using the HTML syntax.
@@ -78104,7 +78104,7 @@ interface HTMLDocument {
- Additional information:
-
- Magic number(s):
- - Documents labeled as
text/sandboxed-html
are
+ - Documents labeled as
text/html-sandboxed
are
heuristically indistinguishable from those labeled as
text/html
.
- File extension(s):
@@ -78122,7 +78122,7 @@ interface HTMLDocument {
- Ian Hickson <ian@hixie.ch>
- Change controller:
- W3C and WHATWG
-
Fragment identifiers used with text/sandboxed-html
+
Fragment identifiers used with text/html-sandboxed
resources refer to the indicated part of the
document.
diff --git a/source b/source
index dea6ea50915..a34d93406e0 100644
--- a/source
+++ b/source
@@ -829,7 +829,7 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
The term HTML MIME type is used to refer to the MIME types text/html
and
- text/sandboxed-html
.
+ text/html-sandboxed
.
XML
@@ -21123,7 +21123,7 @@ href="?audio">audio</a> test instead.)</p>
Potentially hostile files can be served from the
same server as the file containing the iframe
element
- by labeling them as text/sandboxed-html
instead of
+ by labeling them as text/html-sandboxed
instead of
text/html
. This ensures that scripts in the files are
unable to attack the site (as if they were actually served from
another server), even if the user is tricked into visiting those
@@ -57100,7 +57100,7 @@ interface Window {
Document
was created
- If a
Document
was generated from a resource
- labeled as text/sandboxed-html
+ labeled as text/html-sandboxed
- The origin is a globally unique identifier
assigned when the
Document
is created.
@@ -63760,7 +63760,7 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O
- "
text/html
"
- - "
text/sandboxed-html
"
+ - "
text/html-sandboxed
"
- Follow the steps given in the HTML document section, and abort
these steps.
@@ -93195,21 +93195,21 @@ interface HTMLDocument {
refer to the indicated part of the document.
- text/sandboxed-html
+ text/html-sandboxed
This registration is for community review and will be submitted
to the IESG for review, approval, and registration with IANA.
- Type name:
- text
- Subtype name:
- - sandboxed-html
+ - html-sandboxed
- Required parameters:
- No required parameters
- Optional parameters:
@@ -93218,18 +93218,18 @@ interface HTMLDocument {
- Same as for
text/html
- Security considerations:
-
-
The purpose of the text/sandboxed-html
MIME type
+
The purpose of the text/html-sandboxed
MIME type
is to provide a way for content providers to indicate that they
want the file to be interpreted in a manner that does not give the
file's contents access to the rest of the site. This is achieved
by assigning the Document
objects generated from
- resources labeled as text/sandboxed-html
unique
+ resources labeled as text/html-sandboxed
unique
origins.
To avoid having legacy user agents treating resources labeled
- as text/sandboxed-html
as regular
+ as text/html-sandboxed
as regular
text/html
files, authors should avoid using the .html
or .htm
extensions for
- resources labeled as text/sandboxed-html
.
+ resources labeled as text/html-sandboxed
.
Beyond this, the type is identical to text/html
,
and the same considerations apply.
@@ -93238,7 +93238,7 @@ interface HTMLDocument {
- Published specification:
-
This document is the relevant specification. Labeling a resource
- with the
text/sandboxed-html
type asserts that the
+ with the text/html-sandboxed
type asserts that the
resource is an HTML document
using the HTML syntax.
@@ -93248,7 +93248,7 @@ interface HTMLDocument {
-
- Magic number(s):
- - Documents labeled as
text/sandboxed-html
are
+ - Documents labeled as
text/html-sandboxed
are
heuristically indistinguishable from those labeled as
text/html
.
- File extension(s):
@@ -93269,7 +93269,7 @@ interface HTMLDocument {
- W3C and WHATWG
- Fragment identifiers used with text/sandboxed-html
+
Fragment identifiers used with text/html-sandboxed
resources refer to the indicated part of the
document.