118
edits
Security/CSP/Sandbox: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 14: | Line 14: | ||
= Semantics = | = Semantics = | ||
The ''effective directive set'' is the set of directives that satisfy the following requirements: | The ''effective directive set'' is the set of directives that satisfy the following requirements: | ||
*The directive | *The directive MUST appear in every X-Sandbox header field associated with an HTTP response. | ||
*If the HTTP response was generated as a result of loading an HTML frame element that contained a sandbox attribute, then the directive | *If the HTTP response was generated as a result of loading an HTML frame element that contained a sandbox attribute, then the directive MUST appear in the value of the attribute. | ||
The user agent MUST restrict the privileges of the document contained in the HTTP response as described by the [http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-sandbox sandbox attribute] of the frame element, substituting the effective directive set for the value of the sandbox attribute. | The user agent MUST restrict the privileges of the document contained in the HTTP response as described by the [http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-sandbox sandbox attribute] of the frame element, substituting the effective directive set for the value of the sandbox attribute. | ||