A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.
To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).
Contexts: Difference between revisions
Jump to navigation
Jump to search
m (-s) |
(→Context types: Add sniffing rules for plugin, style, and script contexts.) |
||
| Line 55: | Line 55: | ||
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#object-src <code>object-src</code>] | | [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#object-src <code>object-src</code>] | ||
| | | | ||
| | | [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-in-a-plugin-context rules for sniffing in a plugin context] | ||
|- | |- | ||
| style | | style | ||
| Line 64: | Line 64: | ||
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#style-src <code>style-src</code>] | | [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#style-src <code>style-src</code>] | ||
| @<code>type</code> or "<code>text/css</code>" | | @<code>type</code> or "<code>text/css</code>" | ||
| | | [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-in-a-style-context rules for sniffing in a style context] | ||
|- | |- | ||
| script | | script | ||
| Line 73: | Line 73: | ||
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-src <code>script-src</code>] | | [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-src <code>script-src</code>] | ||
| @<code>type</code> or "<code>text/javascript</code>" | | @<code>type</code> or "<code>text/javascript</code>" | ||
| | | [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-in-a-script-context rules for sniffing in a script context] | ||
|- | |- | ||
| font | | font | ||
Revision as of 18:59, 7 June 2013
Context types
| Context | Definition | Used in HTML? | Used in CSS? | Scriptable? | CSP Directive | Type Hint | Sniffing Algorithm |
|---|---|---|---|---|---|---|---|
| browsing | HTML | Yes | No? | Yes | connect-src
|
— | MIME type sniffing algorithm |
| nested browsing | HTML | Yes | No? | Yes | frame-src
|
||
| image | Yes | Yes | No | img-src
|
rules for sniffing images specifically | ||
| audio/video | Yes | No? | No | media-src
|
rules for sniffing audio and video specifically | ||
| plugin | Yes | No? | Yes? | object-src
|
rules for sniffing in a plugin context | ||
| style | Yes | Yes? | No | style-src
|
@type or "text/css"
|
rules for sniffing in a style context | |
| script | Yes | No? | Yes? | script-src
|
@type or "text/javascript"
|
rules for sniffing in a script context | |
| font | No | Yes | No | font-src
|
format()
|
rules for sniffing fonts specifically | |
| text track | Yes | No | No | "text/vtt"
|
|||
| cache manifest | Yes | No | No | "text/cache-manifest"
|
How to use a context
- Identify context.
- Determine whether to fetch resource based on CSP directives and type hint, if any.
- Set no-sniff flag on resource, if necessary.
- Fetch resource.
- Handle resource.
- Sniff resource.
- Process and display resource or prompt to download resource, as appropriate.