A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.
To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).
Contexts: Difference between revisions
Jump to navigation
Jump to search
(→How to use a context: Add CSP directives to decision-making process.) |
(→Context types: Rearrange columns.) |
||
| Line 6: | Line 6: | ||
! Context | ! Context | ||
! Definition | ! Definition | ||
! Used in HTML? | ! Used in HTML? | ||
! Used in CSS? | ! Used in CSS? | ||
! Scriptable? | |||
! CSP Directives | |||
! Type Hint | |||
! [[MIME Sniffing|Sniffing]] Algorithm | ! [[MIME Sniffing|Sniffing]] Algorithm | ||
|- | |- | ||
| browsing | | browsing | ||
| [http://www.whatwg.org/specs/web-apps/current-work/#browsing-context HTML] | | [http://www.whatwg.org/specs/web-apps/current-work/#browsing-context HTML] | ||
| Yes | | Yes | ||
| No? | |||
| Yes | | Yes | ||
| | | [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#connect-src <code>connect-src</code>], [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#frame-src <code>frame-src</code>] | ||
| — | |||
| [http://mimesniff.spec.whatwg.org/#mime-type-sniffing-algorithm MIME type sniffing algorithm] | | [http://mimesniff.spec.whatwg.org/#mime-type-sniffing-algorithm MIME type sniffing algorithm] | ||
|- | |- | ||
| image | | image | ||
| | | | ||
| Yes | | Yes | ||
| Yes | | Yes | ||
| No | |||
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#img-src <code>img-src</code>] | |||
| | |||
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-images-specifically rules for sniffing images specifically] | | [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-images-specifically rules for sniffing images specifically] | ||
|- | |- | ||
| audio/video | | audio/video | ||
| | | | ||
| Yes | | Yes | ||
| No? | | No? | ||
| No | |||
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#media-src <code>media-src</code>] | |||
| | |||
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-audio-and-video-specifically rules for sniffing audio and video specifically] | | [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-audio-and-video-specifically rules for sniffing audio and video specifically] | ||
|- | |- | ||
| plugin | | plugin | ||
| | | | ||
| Yes | | Yes | ||
| No? | | No? | ||
| Yes? | |||
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#object-src <code>object-src</code>] | |||
| | |||
| | | | ||
|- | |- | ||
| style | | style | ||
| | | | ||
| Yes | | Yes | ||
| Yes? | | Yes? | ||
| No | |||
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#style-src <code>style-src</code>] | |||
| @<code>type</code> or "<code>text/css</code>" | |||
| | | | ||
|- | |- | ||
| script | | script | ||
| | | | ||
| Yes | | Yes | ||
| No? | | No? | ||
| Yes? | |||
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-src <code>script-src</code>] | |||
| @<code>type</code> or "<code>text/javascript</code>" | |||
| | | | ||
|- | |- | ||
| font | | font | ||
| | | | ||
| No | | No | ||
| Yes | |||
| No | | No | ||
| | | [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#font-src <code>font-src</code>] | ||
| <code>format</code>() | |||
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-fonts-specifically rules for sniffing fonts specifically] | | [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-fonts-specifically rules for sniffing fonts specifically] | ||
|- | |- | ||
| text track | | text track | ||
| | | | ||
| | | Yes | ||
| No | | No | ||
| No | | No | ||
| | | | ||
| "<code>text/vtt</code>" | |||
| | | | ||
|- | |- | ||
| cache manifest | | cache manifest | ||
| | | | ||
| | | Yes | ||
| No | | No | ||
| No | | No | ||
| | | | ||
| "<code>text/cache-manifest</code>" | |||
| | | | ||
|} | |} | ||
Revision as of 18:28, 5 June 2013
Context types
| Context | Definition | Used in HTML? | Used in CSS? | Scriptable? | CSP Directives | Type Hint | Sniffing Algorithm |
|---|---|---|---|---|---|---|---|
| browsing | HTML | Yes | No? | Yes | connect-src, frame-src
|
— | MIME type sniffing algorithm |
| image | Yes | Yes | No | img-src
|
rules for sniffing images specifically | ||
| audio/video | Yes | No? | No | media-src
|
rules for sniffing audio and video specifically | ||
| plugin | Yes | No? | Yes? | object-src
|
|||
| style | Yes | Yes? | No | style-src
|
@type or "text/css"
|
||
| script | Yes | No? | Yes? | script-src
|
@type or "text/javascript"
|
||
| font | No | Yes | No | font-src
|
format()
|
rules for sniffing fonts specifically | |
| text track | Yes | No | No | "text/vtt"
|
|||
| cache manifest | Yes | No | No | "text/cache-manifest"
|
How to use a context
- Identify context.
- Determine whether to fetch resource based on CSP directives and type hint, if any.
- Set no-sniff flag on resource, if necessary.
- Fetch resource.
- Handle resource.
- Sniff resource.
- Process and display resource or prompt to download resource, as appropriate.