Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove <object typemustmatch> #4590

Merged
merged 2 commits into from
May 3, 2019
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 17 additions & 51 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -30512,6 +30512,12 @@ interface <dfn>HTMLEmbedElement</dfn> : <span>HTMLElement</span> {
the resource being embedded. The attribute, if present, must contain a <span>valid non-empty URL
potentially surrounded by spaces</span>.</p>

<p class="warning">Authors should avoid referencing untrusted resources, as such a resource can be
used to instantiate plugins or run scripts, even if the author has used features such as the Flash
"allowScriptAccess" parameter.</p> <!-- for example, if the user doesn't have flash installed but
does have java installed, and the remote site unexpectedly returns java instead of flash, then
java will run, and it will ignore the allowScriptAccess thing -->

<p>If the <code data-x="attr-itemprop">itemprop</code> attribute is specified on an
<code>embed</code> element, then the <code data-x="attr-embed-src">src</code> attribute must also
be specified.</p>
Expand Down Expand Up @@ -30882,7 +30888,6 @@ interface <dfn>HTMLEmbedElement</dfn> : <span>HTMLElement</span> {
<dd><span>Global attributes</span></dd>
<dd><code data-x="attr-object-data">data</code></dd>
<dd><code data-x="attr-object-type">type</code></dd>
<dd><code data-x="attr-object-typemustmatch">typemustmatch</code></dd>
<dd><code data-x="attr-object-name">name</code></dd>
<dd><code data-x="attr-hyperlink-usemap">usemap</code></dd>
<dd><code data-x="attr-fae-form">form</code></dd>
Expand All @@ -30895,7 +30900,6 @@ interface <dfn>HTMLEmbedElement</dfn> : <span>HTMLElement</span> {
interface <dfn>HTMLObjectElement</dfn> : <span>HTMLElement</span> {
[<span>CEReactions</span>] attribute USVString <span data-x="dom-object-data">data</span>;
[<span>CEReactions</span>] attribute DOMString <span data-x="dom-object-type">type</span>;
[<span>CEReactions</span>] attribute boolean <span data-x="dom-object-typeMustMatch">typeMustMatch</span>;
[<span>CEReactions</span>] attribute DOMString <span data-x="dom-object-name">name</span>;
[<span>CEReactions</span>] attribute DOMString <span data-x="dom-object-useMap">useMap</span>;
readonly attribute <span>HTMLFormElement</span>? <span data-x="dom-fae-form">form</span>;
Expand Down Expand Up @@ -30929,11 +30933,8 @@ interface <dfn>HTMLObjectElement</dfn> : <span>HTMLElement</span> {
<span>URL</span> of the resource. If present, the attribute must be a <span>valid non-empty URL
potentially surrounded by spaces</span>.</p>

<p class="warning">Authors who reference resources from other <span data-x="origin">origins</span>
that they do not trust are urged to use the <code
data-x="attr-object-typemustmatch">typemustmatch</code> attribute defined below. Without that
attribute, it is possible in certain cases for an attacker on the remote host to use the plugin
mechanism to run arbitrary scripts, even if the author has used features such as the Flash
<p class="warning">Authors should avoid referencing untrusted resources, as such a resource can be
used to instantiate plugins or run scripts, even if the author has used features such as the Flash
"allowScriptAccess" parameter.</p> <!-- for example, if the user doesn't have flash installed but
does have java installed, and the remote site unexpectedly returns java instead of flash, then
java will run, and it will ignore the allowScriptAccess thing -->
Expand All @@ -30947,16 +30948,6 @@ interface <dfn>HTMLObjectElement</dfn> : <span>HTMLElement</span> {
<p>If the <code data-x="attr-itemprop">itemprop</code> attribute is specified on an <code>object</code>
element, then the <code data-x="attr-object-data">data</code> attribute must also be specified.</p>

<p>The <dfn><code data-x="attr-object-typemustmatch">typemustmatch</code></dfn> attribute is a
<span>boolean attribute</span> whose presence indicates that the resource specified by the <code
data-x="attr-object-data">data</code> attribute is only to be used if the value of the <code
data-x="attr-object-type">type</code> attribute and the <span>Content-Type</span> of the
aforementioned resource match.</p>

<p>The <code data-x="attr-object-typemustmatch">typemustmatch</code> attribute must not be
specified unless both the <code data-x="attr-object-data">data</code> attribute and the <code
data-x="attr-object-type">type</code> attribute are present.</p>

<p>The <dfn><code data-x="attr-object-name">name</code></dfn> attribute, if present, must be a
<span>valid browsing context name</span>. The given value is used to name the <span>nested
browsing context</span>, if applicable, and if present when the <span>nested browsing
Expand Down Expand Up @@ -31195,29 +31186,6 @@ interface <dfn>HTMLObjectElement</dfn> : <span>HTMLElement</span> {

</li>

<li>

<p>If the <code>object</code> element has a <code data-x="attr-object-type">type</code>
attribute and a <code data-x="attr-object-typemustmatch">typemustmatch</code> attribute, and
the resource has <span data-x="Content-Type">associated Content-Type metadata</span>, and the
type specified in <span data-x="Content-Type">the resource's Content-Type metadata</span> is
an <span>ASCII case-insensitive</span> match for the value of the element's <code
data-x="attr-object-type">type</code> attribute, then let <var>resource type</var>
be that type and jump to the step below labeled <i>handler</i>.</p>

<!-- do we need to <span>strip leading and trailing ASCII whitespace</span> from anything
here? collapse sequences of spaces? drop parameters? -->

</li>

<li>

<p>If the <code>object</code> element has a <code
data-x="attr-object-typemustmatch">typemustmatch</code> attribute, jump to the step below
labeled <i>handler</i>.</p>

</li>

<li>

<!-- by request: https://www.w3.org/Bugs/Public/show_bug.cgi?id=8479 -->
Expand Down Expand Up @@ -31574,11 +31542,12 @@ interface <dfn>HTMLObjectElement</dfn> : <span>HTMLElement</span> {

<div w-nodev>

<p>The IDL attributes <dfn><code data-x="dom-object-data">data</code></dfn>, <dfn><code data-x="dom-object-type">type</code></dfn> and <dfn><code data-x="dom-object-name">name</code></dfn> each must <span>reflect</span> the respective
content attributes of the same name. The <dfn><code data-x="dom-object-typeMustMatch">typeMustMatch</code></dfn> IDL attribute must
<span>reflect</span> the <code data-x="attr-object-typemustmatch">typemustmatch</code> content
attribute. The <dfn><code data-x="dom-object-useMap">useMap</code></dfn> IDL attribute must
<span>reflect</span> the <code data-x="attr-hyperlink-usemap">usemap</code> content attribute.</p>
<p>The IDL attributes <dfn><code data-x="dom-object-data">data</code></dfn>, <dfn><code
data-x="dom-object-type">type</code></dfn> and <dfn><code
data-x="dom-object-name">name</code></dfn> each must <span>reflect</span> the respective
content attributes of the same name. The <dfn><code data-x="dom-object-useMap">useMap</code></dfn>
IDL attribute must <span>reflect</span> the <code data-x="attr-hyperlink-usemap">usemap</code>
content attribute.</p>

<p>The <dfn><code data-x="dom-object-contentDocument">contentDocument</code></dfn> IDL attribute,
on getting, must return the <code>object</code> element's <span
Expand Down Expand Up @@ -115235,6 +115204,9 @@ if (s = prompt('What is your name?')) {
<dt><dfn><code data-x="attr-object-standby">standby</code></dfn> on <code>object</code> elements</dt>
<dd><p>Optimize the linked resource so that it loads quickly or, at least, incrementally.</p></dd>

<dt><dfn><code data-x="attr-object-typemustmatch">typemustmatch</code></dfn> on <code>object</code> elements</dt>
<dd><p>Avoid using <code>object</code> elements with untrusted resources.</p></dd>

<dt><dfn><code data-x="attr-param-type">type</code></dfn> on <code>param</code> elements</dt>
<dt><dfn><code data-x="attr-param-valuetype">valuetype</code></dfn> on <code>param</code> elements</dt>
<dd><p>Use the <code data-x="attr-param-name">name</code> and <code
Expand Down Expand Up @@ -118208,7 +118180,6 @@ interface <dfn>External</dfn> {
<td><span data-x="global attributes">globals</span>;
<code data-x="attr-object-data">data</code>;
<code data-x="attr-object-type">type</code>;
<code data-x="attr-object-typemustmatch">typemustmatch</code>;
<code data-x="attr-object-name">name</code>;
<code data-x="attr-hyperlink-usemap">usemap</code>;
<code data-x="attr-fae-form">form</code>;
Expand Down Expand Up @@ -120218,11 +120189,6 @@ interface <dfn>External</dfn> {
<td> <code data-x="attr-script-type">script</code>
<td> Type of script
<td> "<code data-x="">module</code>"; a <span>valid MIME type string</span> that is not a <span>JavaScript MIME type essence match</span>
<tr>
<th> <code data-x="">typemustmatch</code>
<td> <code data-x="attr-object-typemustmatch">object</code>
<td> Whether the <code data-x="attr-object-type">type</code> attribute and the <span>Content-Type</span> value need to match for the resource to be used
<td> <span>Boolean attribute</span>
<tr>
<th> <code data-x="">usemap</code>
<td> <code data-x="attr-hyperlink-usemap">img</code>;
Expand Down