srcdocnamesandboxseamlessallowfullscreenwidthheightHere a blog uses the srcdoc attribute in conjunction
- with the sandbox and seamless attributes described below to provide users of user
- agents that support this feature with an extra layer of protection from script injection in the
- blog post comments:
sandbox attribute described below to provide
+ users of user agents that support this feature with an extra layer of protection from script
+ injection in the blog post comments:
<article> <h1>I got my own magazine!</h1> @@ -26477,15 +26474,15 @@ href="?audio">audio</a> test instead.)</p></footer> <article> <footer> Thirteen minutes ago, <a href="/users/ch">ch</a> wrote: </footer> - <iframe seamless sandbox srcdoc="<p>did you get a cover picture yet?"></iframe> + <iframe sandbox srcdoc="<p>did you get a cover picture yet?"></iframe> </article> <article> <footer> Nine minutes ago, <a href="/users/cap">cap</a> wrote: </footer> - <iframe seamless sandbox srcdoc="<p>Yeah, you can see it <a href="/gallery?mode=cover&amp;page=1">in my gallery</a>."></iframe> + <iframe sandbox srcdoc="<p>Yeah, you can see it <a href="/gallery?mode=cover&amp;page=1">in my gallery</a>."></iframe> </article> <article> <footer> Five minutes ago, <a href="/users/ch">ch</a> wrote: </footer> - <iframe seamless sandbox srcdoc="<p>hey that's earl's table. + <iframe sandbox srcdoc="<p>hey that's earl's table. <p>you should get earl&amp;me on the next cover."></iframe> </article> @@ -26641,11 +26638,6 @@ href="?audio">audio</a> test instead.)</p> -
Any navigation required of the user agent in the process
- the iframe attributes algorithm must be completed as an explicit
- self-navigation override and with the iframe element's node document's
- browsing context as the source browsing context.
Furthermore, if the active document of the element's child browsing context before such a navigation was not completely loaded at the time of the new navigation, then the audio</a> test instead.)</p>
The seamless attribute is a boolean
- attribute. When specified, it indicates that the iframe element's
- browsing context is to be rendered in a manner that makes it appear to be part of the
- containing document (seamlessly included in the parent document).
An HTML inclusion is effected using this attribute as in the following example.
- In this case, the inclusion is of a site-wide navigation bar. Any links in the
- iframe will, in new user agents, be automatically opened in the
- iframe's parent browsing context; for legacy user agents, the site could also
- include a base element with a target
- attribute with the value _parent. Similarly, in new user agents the styles
- of the parent page will be automatically applied to the contents of the frame, but to support
- legacy user agents authors might wish to include the styles explicitly.
<!DOCTYPE HTML> -<title>Mirror Mirror — MovieInfo™</title> -<header> - <hgroup> - <h1>Mirror Mirror</h1> - <h2>Part of the MovieInfo™ Database</h2> - </hgroup> - <nav> - <iframe seamless src="nav.inc"></iframe> - </nav> -</header> -...- -
An iframe element is said to be in seamless mode when all of the
- following conditions are met:
seamless attribute is set on the
- iframe element, and
-
- iframe element's owner Document's active sandboxing flag
- set does not have the sandboxed seamless iframes flag set, and
-
- iframe element's node document, or
-
- iframe element's node document, or
-
- iframe srcdoc document.
-
- When an iframe element is in seamless mode, the following
- requirements apply:
The user agent must set the seamless browsing context flag to true for that
- browsing context. This will cause links to open in the
- parent browsing context unless an explicit self-navigation override is used
- (target="_self").
Media queries in the context of the iframe's browsing context
- (e.g. on media attributes of style elements in
- Documents in that iframe) must be evaluated with respect to the nearest
- ancestor browsing context that is not itself being nested through an iframe that is in seamless
- mode.
In a CSS-supporting user agent: the user agent must add all the style sheets that apply to
- the iframe element to the cascade of the active document of the
- iframe element's nested browsing context, at the appropriate cascade
- levels, before any style sheets specified by the document itself.
In a CSS-supporting user agent: the user agent must, for the purpose of CSS property
- inheritance only, treat the root element of the active document of the
- iframe element's nested browsing context as being a child of the
- iframe element. (Thus inherited properties on the root element of the document in
- the iframe will inherit the computed values of those properties on the
- iframe element instead of taking their initial values.)
In visual media, in a CSS-supporting user agent: the user agent should set the
- intrinsic width of the iframe to the width that the element would have
- if it was a non-replaced block-level element with 'width: auto', unless that width would be zero
- (e.g. if the element is floating or absolutely positioned), in which case the user agent should
- set the intrinsic width of the iframe to the shrink-to-fit width of
- the root element (if any) of the content rendered in the iframe.
In visual media, in a CSS-supporting user agent: the user agent should set the
- intrinsic height of the iframe to the shortest height that would make
- the content rendered in the iframe at its current width (as given in the previous
- bullet point) have no scrollable overflow at its bottom edge. Scrollable overflow is any overflow that
- would increase the range to which a scrollbar or other scrolling mechanism can scroll.
In visual media, in a CSS-supporting user agent: the user agent must force the height of the
- initial containing block of the active document of the nested browsing
- context of the iframe to zero.
This is intended to get around the otherwise circular dependency of percentage - dimensions that depend on the height of the containing block, thus affecting the height of the - document's bounding box, thus affecting the height of the viewport, thus affecting the size of - the initial containing block.
- -In speech media, the user agent should render the nested browsing context - without announcing that it is a separate document.
User agents should, in general, act as if the active document of the
- iframe's nested browsing context was part of the document that the
- iframe is in, if any.
For example if the user agent supports listing all the links in a document, - links in "seamlessly" nested documents would be included in that list without being - significantly distinguished from links in the document itself.
- -The nested browsing context's Window object's
- cross-boundary event parent is the browsing context container.
If the attribute is not specified, or if the origin conditions listed above are - not met, then the user agent should render the nested browsing context in a manner - that is clearly distinguishable as a separate browsing context, and the - seamless browsing context flag must be set to false for that browsing - context.
- -It is important that user agents recheck the above conditions whenever the
- active document of the nested browsing context of the
- iframe changes, such that the seamless browsing context flag gets unset
- if the nested browsing context is navigated to another
- origin.
The attribute can be set or removed dynamically, with the rendering updating in - tandem.
- -The contenteditable attribute does not
- propagate into seamless iframes.
The allowfullscreen attribute is a
@@ -27112,8 +26940,11 @@ href="?audio">audio</a> test instead.)</p>
The IDL attributes src, srcdoc, name, sandbox, and seamless must reflect the respective
- content attributes of the same name.
The IDL attributes src, srcdoc, name,and sandbox must reflect the respective content
+ attributes of the same name.
The supported tokens for sandbox are the allowed values defined for the DragEventInit : MouseEventInit {
context">child browsing contexts of elements that are in Documents that are
not themselves fully active.
A nested browsing context can have a seamless browsing context flag
- set, if it is embedded through an iframe element with a seamless attribute.
A nested browsing context can be put into a delaying These values have different meanings based on whether the page is sandboxed or not, as
summarised in the following (non-normative) table. In this table, "current" means the
browsing context that the link or script is in, "parent" means the parent
- browsing context of the one the link or script is in, "master" means the nearest
- ancestor browsing context of the one the link or script is in that is not itself in a
- seamless iframe, "top" means the top-level
+ browsing context of the one the link or script is in, "top" means the top-level
browsing context of the one the link or script is in, "new" means a new top-level
browsing context or auxiliary browsing context is to be created, subject to
various user preferences and user agent policies, "none" means that nothing will happen, and
@@ -78002,37 +77827,25 @@ dictionary DragEventInit : MouseEventInit {
load events mode. This is used when it is navigated, to delay the load event of the browsing
@@ -77984,9 +77811,7 @@ dictionary DragEventInit : MouseEventInit {
iframe with...
seamless=""
sandbox=""
- sandbox="" seamless=""
sandbox="allow-top-navigation"
- sandbox="allow-top-navigation" seamless=""
_blank
_parent if there isn't a parent
_parent if parent is also top
_parent if there is one and it's not top
_top if top is not current
If the given browsing context name is the empty string or _self, then
the chosen browsing context must be the current one.
If the given browsing context name is _self, then this is an
- explicit self-navigation override, which overrides the behaviour of the
- seamless browsing context flag set by the seamless attribute on iframe elements.
If the given browsing context name is _parent, then the chosen
@@ -78261,9 +78024,6 @@ dictionary DragEventInit : MouseEventInit {
arbitrary consistent manner, such as the most recently opened, most recently focused, or more
closely related.
If the browsing context is chosen by this step to be the current browsing context, then this - is also an explicit self-navigation override.
-This flag prevents content from using the seamless
- attribute on descendant iframe elements.
This prevents a page inserted using the allow-same-origin keyword from using a
- CSS-selector-based method of probing the DOM of other pages on the same site (in particular,
- pages that contain user-sensitive information).
The sandboxed plugins browsing context flag.
The sandboxed seamless iframes flag.
The sandboxed origin browsing context flag, unless the tokens contains the allow-same-origin
@@ -81621,14 +81362,6 @@ State: <OUTPUT NAME=I>1</OUTPUT> <INPUT VALUE="Increment" TYPE=BUTTON O
If the source browsing context is the same as the - browsing context being navigated, and this browsing context has its seamless - browsing context flag set, and the browsing context being navigated was not - chosen using an explicit self-navigation override, then find the nearest - ancestor browsing context that does not have its seamless browsing context - flag set, and continue these steps as if that browsing context was - the one that was going to be navigated instead.
If there is a preexisting attempt to navigate the browsing context, and the source browsing context is the same as the browsing context being navigated, and that attempt is currently running the unload a document algorithm, @@ -108162,10 +107895,8 @@ html, body { display: block; }
For each property in the table below, given a body element, the first attribute
that exists maps to the pixel length property on the body element. If
none of the attributes for a property are found, or if the value of the attribute that was found
- cannot be parsed successfully, then, if the body element's node document's
- browsing context does not have its seamless browsing context flag set, a
- default value of 8px is expected to be used for that property instead.
style
| Whether the styles apply to the entire document or just the parent subtree | Boolean attribute - | |
seamless
- | iframe
- | Whether to apply the document's styles to the nested content - | Boolean attribute |
|---|---|---|---|
selected
| option
|