A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.

To request an account, ask an autoconfirmed user on IRC (such as one of these permanent autoconfirmed members).

Difference between revisions of "Contexts"

From WHATWG Wiki
Jump to: navigation, search
(How to use a context: Add CSP directives to decision-making process.)
(Context types: Rearrange columns.)
Line 6: Line 6:
 
! Context
 
! Context
 
! Definition
 
! Definition
! Type Hint
 
! Scriptable?
 
 
! Used in HTML?
 
! Used in HTML?
 
! Used in CSS?
 
! Used in CSS?
 +
! Scriptable?
 +
! CSP Directives
 +
! Type Hint
 
! [[MIME Sniffing|Sniffing]] Algorithm
 
! [[MIME Sniffing|Sniffing]] Algorithm
! CSP Directives
 
 
|-
 
|-
 
| browsing
 
| browsing
 
| [http://www.whatwg.org/specs/web-apps/current-work/#browsing-context HTML]
 
| [http://www.whatwg.org/specs/web-apps/current-work/#browsing-context HTML]
| —
 
 
| Yes
 
| Yes
 +
| No?
 
| Yes
 
| Yes
| No?
+
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#connect-src <code>connect-src</code>], [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#frame-src <code>frame-src</code>]
 +
| —
 
| [http://mimesniff.spec.whatwg.org/#mime-type-sniffing-algorithm MIME type sniffing algorithm]
 
| [http://mimesniff.spec.whatwg.org/#mime-type-sniffing-algorithm MIME type sniffing algorithm]
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#connect-src <code>connect-src</code>], [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#frame-src <code>frame-src</code>]
 
 
|-
 
|-
 
| image
 
| image
 
|  
 
|  
|
 
| No
 
 
| Yes
 
| Yes
 
| Yes
 
| Yes
 +
| No
 +
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#img-src <code>img-src</code>]
 +
|
 
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-images-specifically rules for sniffing images specifically]
 
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-images-specifically rules for sniffing images specifically]
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#img-src <code>img-src</code>]
 
 
|-
 
|-
 
| audio/video
 
| audio/video
 
|  
 
|  
|
 
| No
 
 
| Yes
 
| Yes
 
| No?
 
| No?
 +
| No
 +
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#media-src <code>media-src</code>]
 +
|
 
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-audio-and-video-specifically rules for sniffing audio and video specifically]
 
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-audio-and-video-specifically rules for sniffing audio and video specifically]
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#media-src <code>media-src</code>]
 
 
|-
 
|-
 
| plugin
 
| plugin
 
|  
 
|  
|
 
| Yes?
 
 
| Yes
 
| Yes
 
| No?
 
| No?
 +
| Yes?
 +
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#object-src <code>object-src</code>]
 +
|
 
|  
 
|  
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#object-src <code>object-src</code>]
 
 
|-
 
|-
 
| style
 
| style
 
|  
 
|  
| @<code>type</code> or "<code>text/css</code>"
 
| No
 
 
| Yes
 
| Yes
 
| Yes?
 
| Yes?
 +
| No
 +
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#style-src <code>style-src</code>]
 +
| @<code>type</code> or "<code>text/css</code>"
 
|  
 
|  
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#style-src <code>style-src</code>]
 
 
|-
 
|-
 
| script
 
| script
 
|  
 
|  
| @<code>type</code> or "<code>text/javascript</code>"
 
| Yes?
 
 
| Yes
 
| Yes
 
| No?
 
| No?
 +
| Yes?
 +
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-src <code>script-src</code>]
 +
| @<code>type</code> or "<code>text/javascript</code>"
 
|  
 
|  
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-src <code>script-src</code>]
 
 
|-
 
|-
 
| font
 
| font
 
|  
 
|  
| <code>format</code>()
 
 
| No
 
| No
 +
| Yes
 
| No
 
| No
| Yes
+
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#font-src <code>font-src</code>]
 +
| <code>format</code>()
 
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-fonts-specifically rules for sniffing fonts specifically]
 
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-fonts-specifically rules for sniffing fonts specifically]
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#font-src <code>font-src</code>]
 
 
|-
 
|-
 
| text track
 
| text track
 
|  
 
|  
| "<code>text/vtt</code>"
+
| Yes
 
| No
 
| No
| Yes
 
 
| No
 
| No
 
|  
 
|  
 +
| "<code>text/vtt</code>"
 
|  
 
|  
 
|-
 
|-
 
| cache manifest
 
| cache manifest
 
|  
 
|  
| "<code>text/cache-manifest</code>"
+
| Yes
 
| No
 
| No
| Yes
 
 
| No
 
| No
 
|  
 
|  
 +
| "<code>text/cache-manifest</code>"
 
|  
 
|  
 
|}
 
|}

Revision as of 18:28, 5 June 2013


Context types

Context Definition Used in HTML? Used in CSS? Scriptable? CSP Directives Type Hint Sniffing Algorithm
browsing HTML Yes No? Yes connect-src, frame-src MIME type sniffing algorithm
image Yes Yes No img-src rules for sniffing images specifically
audio/video Yes No? No media-src rules for sniffing audio and video specifically
plugin Yes No? Yes? object-src
style Yes Yes? No style-src @type or "text/css"
script Yes No? Yes? script-src @type or "text/javascript"
font No Yes No font-src format() rules for sniffing fonts specifically
text track Yes No No "text/vtt"
cache manifest Yes No No "text/cache-manifest"

How to use a context

  1. Identify context.
  2. Determine whether to fetch resource based on CSP directives and type hint, if any.
  3. Set no-sniff flag on resource, if necessary.
  4. Fetch resource.
  5. Handle resource.
  6. Sniff resource.
  7. Process and display resource or prompt to download resource, as appropriate.