A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.

To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).

Contexts: Difference between revisions

From WHATWG Wiki
Jump to navigation Jump to search
(→‎Context types: Add CSP directives and 'plugin' context.)
Line 10: Line 10:
! Used in HTML?
! Used in HTML?
! Used in CSS?
! Used in CSS?
! Sniffing Algorithm
! [[MIME Sniffing|Sniffing]] Algorithm
! CSP Directives
|-
|-
| browsing
| browsing
Line 19: Line 20:
| No?
| No?
| [http://mimesniff.spec.whatwg.org/#mime-type-sniffing-algorithm MIME type sniffing algorithm]
| [http://mimesniff.spec.whatwg.org/#mime-type-sniffing-algorithm MIME type sniffing algorithm]
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#connect-src <code>connect-src</code>], [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#frame-src <code>frame-src</code>]
|-
|-
| image
| image
Line 27: Line 29:
| Yes
| Yes
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-images-specifically rules for sniffing images specifically]
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-images-specifically rules for sniffing images specifically]
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#img-src <code>img-src</code>]
|-
|-
| audio/video
| audio/video
Line 35: Line 38:
| No?
| No?
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-audio-and-video-specifically rules for sniffing audio and video specifically]
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-audio-and-video-specifically rules for sniffing audio and video specifically]
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#media-src <code>media-src</code>]
|-
| plugin
|
|
| Yes?
| Yes
| No?
|
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#object-src <code>object-src</code>]
|-
|-
| style
| style
Line 43: Line 56:
| Yes?
| Yes?
|  
|  
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#style-src <code>style-src</code>]
|-
|-
| script
| script
Line 51: Line 65:
| No?
| No?
|  
|  
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-src <code>script-src</code>]
|-
|-
| font
| font
Line 59: Line 74:
| Yes
| Yes
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-fonts-specifically rules for sniffing fonts specifically]
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-fonts-specifically rules for sniffing fonts specifically]
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#font-src <code>font-src</code>]
|-
|-
| text track
| text track
Line 66: Line 82:
| Yes
| Yes
| No
| No
|
|  
|  
|-
|-
Line 74: Line 91:
| Yes
| Yes
| No
| No
|
|  
|  
|}
|}

Revision as of 18:20, 5 June 2013


Context types

Context Definition Type Hint Scriptable? Used in HTML? Used in CSS? Sniffing Algorithm CSP Directives
browsing HTML Yes Yes No? MIME type sniffing algorithm connect-src, frame-src
image No Yes Yes rules for sniffing images specifically img-src
audio/video No Yes No? rules for sniffing audio and video specifically media-src
plugin Yes? Yes No? object-src
style @type or "text/css" No Yes Yes? style-src
script @type or "text/javascript" Yes? Yes No? script-src
font format() No No Yes rules for sniffing fonts specifically font-src
text track "text/vtt" No Yes No
cache manifest "text/cache-manifest" No Yes No

How to use a context

  1. Identify context.
  2. Determine whether to fetch resource based on type hint, if any.
  3. Set no-sniff flag on resource, if necessary.
  4. Fetch resource.
  5. Handle resource.
  6. Sniff resource.
  7. Process and display resource or prompt to download resource, as appropriate.