A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.

To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).

Contexts: Difference between revisions

From WHATWG Wiki
Jump to navigation Jump to search
No edit summary
(Add some triggers for various context types.)
Line 6: Line 6:
* What about CSS masks?
* What about CSS masks?
* What about CSS shapes?
* What about CSS shapes?
We should list the features in the table too -- as exhaustive as possible -- so we don't miss anything.


== Context types ==
== Context types ==
Line 38: Line 36:
|  
|  
|-
|-
| connection (EventSource, WebSocket, XMLHttpRequest)
| connection
|  
|  
| Yes
| Yes
Line 98: Line 96:
| No
| No
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#font-src <code>font-src</code>]
| [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#font-src <code>font-src</code>]
| <code>format</code>()
| <code>format()</code>
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-fonts-specifically rules for sniffing fonts specifically]
| [http://mimesniff.spec.whatwg.org/#rules-for-sniffing-fonts-specifically rules for sniffing fonts specifically]
|-
|-
Line 129: Line 127:
# Sniff resource.
# Sniff resource.
# Process and display resource or prompt to download resource, as appropriate.
# Process and display resource or prompt to download resource, as appropriate.
== Context triggers ==
{| class="wikitable" |
! Context
! HTML Triggers
! CSS Triggers
! Other
|-
! browsing
|
|
|
|-
! nested browsing
| <code>&lt;iframe></code>, <code>&lt;object></code> (sometimes)
|
|
|-
! connection
|
|
| EventSource, WebSocket, XMLHttpRequest
|-
! image
| <code>&lt;img></code>, <code>&lt;link rel=icon></code>, <code>&lt;input type=image></code>, <code>&lt;object></code> (sometimes)
| <code>background-image</code>
|
|-
! audio/video
| <code>&lt;audio></code>, <code>&lt;video></code>
|
|
|-
! plugin
| <code>&lt;embed></code>, <code>&lt;object></code> (sometimes)
|
|
|-
! style
| <code>&lt;link rel=stylesheet></code>
| <code>@import</code>?
|
|-
! script
| <code>&lt;script src></code>
|
|
|-
! font
| —
| <code>@font-face</code>
|
|-
! text track
| <code>&lt;track></code>
|
|
|-
! cache manifest
| <code>&lt;html manifest></code>
|
|
|}


[[Category:Spec coordination]]
[[Category:Spec coordination]]

Revision as of 18:16, 23 June 2013

Issues

  • What about SVG?
  • What about XSLT?
  • document.load()? (Seems similar enough to connect-src.)
  • What about CSS masks?
  • What about CSS shapes?

Context types

Context Definition Used in HTML? Used in CSS? Scriptable? CSP Directive Type Hint Sniffing Algorithm
browsing (navigate) HTML Yes No? Yes MIME type sniffing algorithm
nested browsing (navigate) HTML Yes No? Yes frame-src
connection Yes No? Yes? connect-src
image Yes Yes No img-src rules for sniffing images specifically
audio/video Yes No? No media-src rules for sniffing audio and video specifically
plugin Yes No? Yes? object-src rules for sniffing in a plugin context
style Yes Yes? No style-src @type or "text/css" rules for sniffing in a style context
script Yes No? Yes? script-src @type or "text/javascript" rules for sniffing in a script context
font No Yes No font-src format() rules for sniffing fonts specifically
text track Yes No No "text/vtt"
cache manifest Yes No No "text/cache-manifest"

How to use a context

  1. Identify context.
  2. Determine whether to fetch resource based on CSP directives and type hint, if any.
  3. Set no-sniff flag on resource, if necessary.
  4. Fetch resource.
  5. Handle resource.
  6. Sniff resource.
  7. Process and display resource or prompt to download resource, as appropriate.

Context triggers

Context HTML Triggers CSS Triggers Other
browsing
nested browsing <iframe>, <object> (sometimes)
connection EventSource, WebSocket, XMLHttpRequest
image <img>, <link rel=icon>, <input type=image>, <object> (sometimes) background-image
audio/video <audio>, <video>
plugin <embed>, <object> (sometimes)
style <link rel=stylesheet> @import?
script <script src>
font @font-face
text track <track>
cache manifest <html manifest>