Add sandbox back to CSP 1.0
authorAdam Barth <w3c@adambarth.com>
Mon, 28 May 2012 12:29:46 -0700
changeset 119691e8a8c804c
parent 118 7e066a2ccb94
child 120 6e60ee08c97a
Add sandbox back to CSP 1.0

This patch reverts dd1f7a1cd84f, which was made based on a mistaken
understanding of the discussion at the most recent face-to-face meeting.
csp-1.0-specification.html
     1.1 --- a/csp-1.0-specification.html	Fri May 18 13:07:39 2012 -0700
     1.2 +++ b/csp-1.0-specification.html	Mon May 28 12:29:46 2012 -0700
     1.3 @@ -978,6 +978,28 @@
     1.4        </section>
     1.5  
     1.6        <section>
     1.7 +        <h4><code>sandbox</code></h4>
     1.8 +
     1.9 +        <p>The <code>sandbox</code> directive specifies an HTML sandbox policy
    1.10 +        that the user agent applies to the protected resource. The syntax for
    1.11 +        the name and value of the directive are described by the following
    1.12 +        ABNF grammar:</p>
    1.13 +
    1.14 +<pre>
    1.15 +directive-name    = "sandbox"
    1.16 +directive-value   = token *( 1*WSP token )
    1.17 +token             = &lt;token from RFC 2616&gt;
    1.18 +</pre>
    1.19 +
    1.20 +        <p>When enforcing the <code>sandbox</code> directive, the user agent
    1.21 +        MUST <a href="http://www.whatwg.org/specs/web-apps/current-work/#parse-a-sandboxing-directive">parse
    1.22 +        the sandboxing directive</a> using the <code>directive-value</code>
    1.23 +        as the <em>input</em> and protected resource's
    1.24 +        <a href="http://www.whatwg.org/specs/web-apps/current-work/#forced-sandboxing-flag-set">forced sandboxing flag set</a>
    1.25 +        as the output.</p>
    1.26 +      </section>
    1.27 +
    1.28 +      <section>
    1.29          <h4><code>report-uri</code></h4>
    1.30  
    1.31          <p>The <code>report-uri</code> directive specifies a URI to which the