From bd49a8ac66cad015cb83fd00bdf0c6c2aba0f5c6 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Fri, 3 May 2019 10:40:25 +0200 Subject: [PATCH 1/2] Remove It did not get wide enough adoption and causes a minor cross-origin leak. See https://lists.w3.org/Archives/Public/public-whatwg-archive/2011Jun/0144.html for its introduction and https://github.com/xsleaks/xsleaks/wiki/Browser-Side-Channels#object-typemustmatch for the leak. --- source | 64 +++++++++------------------------------------------------- 1 file changed, 9 insertions(+), 55 deletions(-) diff --git a/source b/source index 9cf4924bd24..af0a84c4f6b 100644 --- a/source +++ b/source @@ -30882,7 +30882,6 @@ interface HTMLEmbedElement : HTMLElement {
Global attributes
data
type
-
typemustmatch
name
usemap
form
@@ -30895,7 +30894,6 @@ interface HTMLEmbedElement : HTMLElement { interface HTMLObjectElement : HTMLElement { [CEReactions] attribute USVString data; [CEReactions] attribute DOMString type; - [CEReactions] attribute boolean typeMustMatch; [CEReactions] attribute DOMString name; [CEReactions] attribute DOMString useMap; readonly attribute HTMLFormElement? form; @@ -30929,15 +30927,6 @@ interface HTMLObjectElement : HTMLElement { URL of the resource. If present, the attribute must be a valid non-empty URL potentially surrounded by spaces.

-

Authors who reference resources from other origins - that they do not trust are urged to use the typemustmatch attribute defined below. Without that - attribute, it is possible in certain cases for an attacker on the remote host to use the plugin - mechanism to run arbitrary scripts, even if the author has used features such as the Flash - "allowScriptAccess" parameter.

-

The type attribute, if present, specifies the type of the resource. If present, the attribute must be a valid MIME type string.

@@ -30947,16 +30936,6 @@ interface HTMLObjectElement : HTMLElement {

If the itemprop attribute is specified on an object element, then the data attribute must also be specified.

-

The typemustmatch attribute is a - boolean attribute whose presence indicates that the resource specified by the data attribute is only to be used if the value of the type attribute and the Content-Type of the - aforementioned resource match.

- -

The typemustmatch attribute must not be - specified unless both the data attribute and the type attribute are present.

-

The name attribute, if present, must be a valid browsing context name. The given value is used to name the nested browsing context, if applicable, and if present when the nested browsing @@ -31195,29 +31174,6 @@ interface HTMLObjectElement : HTMLElement { -

  • - -

    If the object element has a type - attribute and a typemustmatch attribute, and - the resource has associated Content-Type metadata, and the - type specified in the resource's Content-Type metadata is - an ASCII case-insensitive match for the value of the element's type attribute, then let resource type - be that type and jump to the step below labeled handler.

    - - - -
    • - -
  • - -

    If the object element has a typemustmatch attribute, jump to the step below - labeled handler.

    - -
    • -
  • @@ -31574,11 +31530,12 @@ interface HTMLObjectElement : HTMLElement {
    -

    The IDL attributes data, type and name each must reflect the respective - content attributes of the same name. The typeMustMatch IDL attribute must - reflect the typemustmatch content - attribute. The useMap IDL attribute must - reflect the usemap content attribute.

    +

    The IDL attributes data, type and name each must reflect the respective + content attributes of the same name. The useMap + IDL attribute must reflect the usemap + content attribute.

    The contentDocument IDL attribute, on getting, must return the object element's standby on object elements

    Optimize the linked resource so that it loads quickly or, at least, incrementally.

    +
    typemustmatch on object elements
    +

    Avoid using object elements with untrusted resources.

    +
    type on param elements
    valuetype on param elements

    Use the name and External { globals; data; type; - typemustmatch; name; usemap; form; @@ -120218,11 +120177,6 @@ interface External { script Type of script "module"; a valid MIME type string that is not a JavaScript MIME type essence match - - typemustmatch - object - Whether the type attribute and the Content-Type value need to match for the resource to be used - Boolean attribute usemap img; From 0cc2fc48a4224956228e4b0cd8eb4c4dd42c0ed1 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Fri, 3 May 2019 12:05:34 +0200 Subject: [PATCH 2/2] add warnings back --- source | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/source b/source index af0a84c4f6b..96694532a17 100644 --- a/source +++ b/source @@ -30512,6 +30512,12 @@ interface HTMLEmbedElement : HTMLElement { the resource being embedded. The attribute, if present, must contain a valid non-empty URL potentially surrounded by spaces.

    +

    Authors should avoid referencing untrusted resources, as such a resource can be + used to instantiate plugins or run scripts, even if the author has used features such as the Flash + "allowScriptAccess" parameter.

    +

    If the itemprop attribute is specified on an embed element, then the src attribute must also be specified.

    @@ -30927,6 +30933,12 @@ interface HTMLObjectElement : HTMLElement { URL of the resource. If present, the attribute must be a valid non-empty URL potentially surrounded by spaces.

    +

    Authors should avoid referencing untrusted resources, as such a resource can be + used to instantiate plugins or run scripts, even if the author has used features such as the Flash + "allowScriptAccess" parameter.

    +

    The type attribute, if present, specifies the type of the resource. If present, the attribute must be a valid MIME type string.