内容限制(Content Restrictions )

原文地址： http://www.gerv.net/security/content-restrictions/

Introduction

Cross-site scripting (XSS) attacks would always fail if the browser could know for absolute certain which scripts were legitimate and which were malicious. In the absence of affordable and reliable mind-reading technology, and in consideration of the mental fatigue this would undoubtedly induce in web page authors, this specification allows a site designer to explain his state of mind to the user agent by specifying restrictions on the capabilities of his content.

As a real-world example, a webmail system might serve an HTML email and specify that the user agent should not execute any script in the body of that page. This means that, even if the webmail system's content-filtering process failed, the user of a conforming user agent would not be at risk from malicious content in the attachment.

Goal

This mechanism is primarily intended to aid in the prevention or mitigation of cross-site scripting (XSS) attacks. Sites would define and serve Content Restrictions for pages which contained untrusted content which they had filtered. If the filtering failed, the Content Restrictions may still prevent malicious script from executing or doing damage.

Note that this specification is designed to be a backstop to server-side content filtering, not a replacement for it. There is intentionally no defined way for a server to determine the existence of or level of support for this specification in a given user agent. It's about protecting the user and covering the designer's ass, not about allowing him to be lazy.
Restrictions

This specification is intended to be content-agnostic, but the initial implementation will focus on HTML and the exact meaning for HTML or XHTML content is specified as a guide. "all" is the default in all cases.