このページはEtoJ逐語翻訳フィルタによって翻訳生成されました。

翻訳前ページへ


Content 制限s

Content 制限s

見解/翻訳/版 0.9.2 - 2007-03-20
Previous: 0.5, 0.6

Introduction

Cross-場所/位置 scripting (XSS) attacks would always fail if the browser could know for 絶対の 確かな which scripts were 合法的 and which were malicious. In the absence of affordable and reliable mind-reading 科学(工学)技術, and in consideration of the mental 疲労,(軍の)雑役 this would undoubtedly induce in web page authors, this specification 許すs a 場所/位置 designer to explain his 明言する/公表する of mind to the 使用者 スパイ/執行官 by 明示するing 制限s on the 能力s of his content.

As a real-world example, a webmail system might serve an HTML email and 明示する that the 使用者 スパイ/執行官 should not 遂行する/発効させる any script in the 団体/死体 of that page. This means that, even if the webmail system's content-filtering 過程 failed, the 使用者 of a 適合するing 使用者 スパイ/執行官 would not be at 危険 from malicious content in the attachment.

Goal

This 機械装置 is まず第一に/本来 ーするつもりであるd to 援助(する) in the 予防 or mitigation of cross-場所/位置 scripting (XSS) attacks. 場所/位置s would define and serve Content 制限s for pages which 含む/封じ込めるd untrusted content which they had filtered. If the filtering failed, the Content 制限s may still 妨げる malicious script from 遂行する/発効させるing or doing 損失.

公式文書,認める that this specification is designed to be a backstop to server-味方する content filtering, not a 交替/補充 for it. There is 故意に no defined way for a server to 決定する the 存在 of or level of support for this specification in a given 使用者 スパイ/執行官. It's about 保護するing the 使用者 and covering the designer's ass, not about 許すing him to be lazy.

制限s

This specification is ーするつもりであるd to be content-agnostic, but the 初期の 実施 will 焦点(を合わせる) on HTML and the exact meaning for HTML or XHTML content is 明示するd as a guide. "all" is the default in all 事例/患者s.

script

Value Meaning
all No 制限s.
header Only script defined in the 文書 header is 許すd. For 文書 types which don't have such a header, this is 同等(の) to "all".
HTML: <script> in the <長,率いる> element only. No event handlers in the markup.
外部の Only 外部の script is 許すd.
HTML: <script src="[url]"> only. No inline script, event handlers or javascript: URLs in markup.
非,不,無 No script may 遂行する/発効させる.

多重の values of this 制限 may be 明示するd.

host

The value of this parameter is a string 明示するing a domain or IP 演説(する)/住所 (e.g. "example.com" or "127.0.0.1") and optionally a port number (default is ":80"). All requests 始めるd by the content (either embedded URLs or script) can only be made to the 明示するd IP 演説(する)/住所 or domain and its subdomains, using the 基準 Same Origin 支配するs. This 妨げるs malicious content phoning home (even using e.g. URL parameters on an <img>) or 輸入するing extra unwanted malicious content. 多重の values of host make it possible to 接近 any of the 指名するd domains or their subdomains. For IDN domains, the punycode form is 明示するd.

The 魔法 value "this" means the host from which the page was served, or its subdomains. This makes 器具/実施するing the headers simpler in the 事例/患者 where the 使用者's content is all served from one of a pool of hosts.

This 機械装置 does not 要求する the browser to 許す 接近s which would have been 封鎖するd anyway (e.g. cross-場所/位置 XMLHttpRequest).

script-host

The value of this parameter is a IP/domain/魔法-指名する string, as above. However, 明示するing it means that 外部の scripts are only permitted if served from the IP/domain 明示するd (again, using Same Origin 支配するs). HTML: <script src="[url]"> is 制限するd to given 場所 only.

It is useful to have both this and the "host" 制限 because script 負担s are the only 負担s which are 現在/一般に not 制限するd at all by Same Origin 支配するs. This 許すs that 穴を開ける to be の近くにd on an 選ぶ-in basis. The two 制限s interact such that a script 負担 must be permitted by both to be 許すd.

The "script" and "script-host" 制限s are 器具/実施するd at parse time, so that permitted script can dynamically 追加する event handlers to content where script was forbidden, and they will still work.

cookies

Value Meaning
all No 制限s (both 令状 and read 許すd).
令状令状 接近 only.
read Read 接近 only.
非,不,無 No 接近 to cookies.

HTML: 支配(する)/統制するs script 接近 to 文書.cookie. Many 場所/位置s do all their cookie stuff server-味方する, so have no need for (弁護士の)依頼人-味方する 接近 to cookies. The value "非,不,無" has 概略で the same 影響 as the "httpOnly" cookie header 拡張, although this is more 罰金-穀物d because you can 許す 接近 to particular cookies on some pages and not on others.

階層制度

Value Meaning
all No 制限s (both child and parent 接近 許すd).
childrenThe children of the page are accessible, but not the parent.
HTML: the でっちあげる,人を罪に陥れるs array is accessible, but not parent or 最高の,を越す. This 許すs 場所/位置s to sandbox same-domain content inside an <iframe>.
parent the parent is accessible, but not the children.
HTML: the opposite of the above.
非,不,無 No 階層制度 traversal 許すd.

The same-origin 政策 still 適用するs.

適用するing to Content

The 制限s are 適用するd to content served over the web by serving it with an HTTP header, as follows, or in an XHTML or HTML page using <meta http-equiv="Content-制限s" content="...">

The syntax is of the に引き続いて form:

PolicyHeader  = "Content-制限s: " 支配するs ;
支配するs         = [ 見解/翻訳/版 "," ] 支配する { "," 支配する } ;
支配する          = HostRule | CookieRule | HierarchyRule | ScriptRule ;
HostKey       = "domain" | "script-domain" ;
HostRule      = HostKey "=" Host ;
                (* Host is a domain (punycode in the IDN 事例/患者)
                   or an IP 演説(する)/住所, 加える optional port number, or the 魔法 value
                   'this' *)
AllNoneValues = ( "all" | "非,不,無" ) ;
CookieRule    = "cookies="   ( AllNoneValues | "令状" | "read" ) ;
HierarchyRule = "階層制度=" ( AllNoneValues | "parent" | "children" ) ; 
ScriptRule    = "script="    ( AllNoneValues | "header" | "外部の" ) ; 
見解/翻訳/版       = "見解/翻訳/版="   VersionNumber ;
                (* VersionNumber regexp: /^[1-9]\d*$/ *)

Example: Content-制限s: script=header,cookies=非,不,無,でっちあげる,人を罪に陥れるs=非,不,無

New 見解/翻訳/版s of this 政策 鮮明度/定義 may be given a distinguishing 見解/翻訳/版 number; this is 見解/翻訳/版 1. 両立できる sub-見解/翻訳/版ing is 扱うd by the fact that if either the 指名する or value is unrecognised, the 支配する is ignored. If the 見解/翻訳/版 number is 行方不明の, 1 is assumed.

There may be 多重の headers or meta tags. The 実施 should 連合させる the 制限s of all the 政策 strings which have the highest 見解/翻訳/版 number which is 現在の and which it understands. The meta tag 見解/翻訳/版 is not 保証(人)d to have an 影響 on script which comes before it in the 文書. Scripts 負担d by a 文書 use the 政策 of the parent 文書.

If a chosen string has a parsing error, the 残りの人,物 of the string is ignored.

Open 問題/発行する: what happens if, say, a page is served with one Content-制限s header and it 含むs a JS とじ込み/提出する with another one? Do you 連合させる the two and take the toughest 制限 using the 階層制度? Does that 適用する to all the script or just that in the 含むd とじ込み/提出する?

Open 問題/発行する: do we have a JS interface so pages can (悪事,秘密などを)発見する which 制限s are supported?

Q & A

Why 令状 the spec ーに関して/ーの点でs of "制限s" rather than "能力s"?
Backwards-compatibility. 現在の 使用者 スパイ/執行官s are fully 有能な. Any 制限s we can place on content to かもしれない mitigate XSS is therefore a 特別手当. Also, if it were ーに関して/ーの点でs of 能力s, you might 要求する UI if the 能力s the page 手配中の,お尋ね者 衝突d with the 願望(する)s of the 使用者. This is a UI-解放する/自由な specification, which is a feature.

初めの URL: http://www.gerv.逮捕する/安全/content-制限s/