Make the sandbox directive optional, as discussed on the mailing list.
authorAdam Barth <w3c@adambarth.com>
Tue, 05 Jun 2012 15:24:03 -0700
changeset 1206e60ee08c97a
parent 119 691e8a8c804c
child 121 905d7896be17
Make the sandbox directive optional, as discussed on the mailing list.
csp-1.0-specification.html
     1.1 --- a/csp-1.0-specification.html	Mon May 28 12:29:46 2012 -0700
     1.2 +++ b/csp-1.0-specification.html	Tue Jun 05 15:24:03 2012 -0700
     1.3 @@ -978,7 +978,7 @@
     1.4        </section>
     1.5  
     1.6        <section>
     1.7 -        <h4><code>sandbox</code></h4>
     1.8 +        <h4><code>sandbox</code> (Optional)</h4>
     1.9  
    1.10          <p>The <code>sandbox</code> directive specifies an HTML sandbox policy
    1.11          that the user agent applies to the protected resource. The syntax for
    1.12 @@ -991,7 +991,12 @@
    1.13  token             = &lt;token from RFC 2616&gt;
    1.14  </pre>
    1.15  
    1.16 -        <p>When enforcing the <code>sandbox</code> directive, the user agent
    1.17 +        <p>The <code>sandbox</code> directive is optional. If the user agent does not support the
    1.18 +        <code>sandbox</code> attribute, the user agent MUST ignore every <code>sandbox</code>
    1.19 +        directive.</p>
    1.20 +
    1.21 +        <p>When enforcing the <code>sandbox</code> directive, a user agent that supports the
    1.22 +        <code>sandbox</code> directive
    1.23          MUST <a href="http://www.whatwg.org/specs/web-apps/current-work/#parse-a-sandboxing-directive">parse
    1.24          the sandboxing directive</a> using the <code>directive-value</code>
    1.25          as the <em>input</em> and protected resource's