[html5] r1022 - /

whatwg at whatwg.org whatwg at whatwg.org
Fri Sep 21 16:29:12 PDT 2007


Author: ianh
Date: 2007-09-21 16:29:12 -0700 (Fri, 21 Sep 2007)
New Revision: 1022

Modified:
   index
   source
Log:
[] (0) Switch to having multiple named and versioned databases per origin. This is a work in progress; more changes (e.g. updating the version) are coming.

Modified: index
===================================================================
--- index	2007-09-20 05:00:22 UTC (rev 1021)
+++ index	2007-09-21 23:29:12 UTC (rev 1022)
@@ -22,7 +22,7 @@
 
    <h1 id=html-5>HTML 5</h1>
 
-   <h2 class="no-num no-toc" id=working>Working Draft — 20 September
+   <h2 class="no-num no-toc" id=working>Working Draft — 21 September
     2007</h2>
 
    <p>You can take part in this work. <a
@@ -1267,21 +1267,24 @@
        <li><a href="#introduction2"><span class=secno>4.12.1.
         </span>Introduction</a>
 
-       <li><a href="#executing"><span class=secno>4.12.2. </span>Executing
+       <li><a href="#databases"><span class=secno>4.12.2.
+        </span>Databases</a>
+
+       <li><a href="#executing"><span class=secno>4.12.3. </span>Executing
         SQL statements</a>
 
-       <li><a href="#database"><span class=secno>4.12.3. </span>Database
+       <li><a href="#database"><span class=secno>4.12.4. </span>Database
         query results</a>
 
-       <li><a href="#privacy"><span class=secno>4.12.4. </span>Privacy</a>
+       <li><a href="#privacy"><span class=secno>4.12.5. </span>Privacy</a>
 
-       <li><a href="#security6"><span class=secno>4.12.5. </span>Security</a>
+       <li><a href="#security6"><span class=secno>4.12.6. </span>Security</a>
         
         <ul class=toc>
-         <li><a href="#user-agents"><span class=secno>4.12.5.1. </span>User
+         <li><a href="#user-agents"><span class=secno>4.12.6.1. </span>User
           agents</a>
 
-         <li><a href="#sql-injection"><span class=secno>4.12.5.2. </span>SQL
+         <li><a href="#sql-injection"><span class=secno>4.12.6.2. </span>SQL
           injection</a>
         </ul>
       </ul>
@@ -24342,7 +24345,7 @@
   readonly attribute <a href="#clientinformation">ClientInformation</a> <a href="#navigator" title=dom-navigator>navigator</a>; <!-- XXX IE6 also has window.clientInformation pointing to this same object -->
   readonly attribute <a href="#storage2">Storage</a> <a href="#sessionstorage" title=dom-sessionStorage>sessionStorage</a>;
   readonly attribute <a href="#storagelist">StorageList</a> <a href="#globalstorage" title=dom-globalStorage>globalStorage</a>;
-  <a href="#resultset">ResultSet</a> <a href="#executesql" title=dom-executeSql>executeSql</a>(in DOMString sqlStatement, <var title="">arguments...</var>);
+  <a href="#database0">Database</a> <a href="#opendatabase" title=dom-opendatabase>openDatabase</a>(in DOMString name, in DOMString version);
 
   // modal user prompts
   void <a href="#alert" title=dom-alert>alert</a>(in DOMString message);
@@ -29838,8 +29841,46 @@
 
   <p class=big-issue>...
 
-  <h4 id=executing><span class=secno>4.12.2. </span>Executing SQL statements</h4>
+  <h4 id=databases><span class=secno>4.12.2. </span>Databases</h4>
 
+  <p>Each <i><a href="#origin0">origin</a></i> has an associated set of
+   databases. Each database has a name and a current version. There is no way
+   to enumerate the databases available for a domain.
+
+  <p>The <dfn id=opendatabase
+   title=dom-opendatabase><code>openDatabase()</code></dfn> method returns a
+   <code><a href="#database0">Database</a></code> object. The method takes
+   two arguments, a database name and a database version.
+
+  <p>If the database version provided is not the empty string, and the
+   database already exists but has a different version, then the method must
+   raise an <code>INVALID_STATE_ERR</code> exception.
+
+  <p>Otherwise, if the database version is the empty string, or if the
+   database doesn't yet exist, or if the database exists and the version
+   provided to the <code title=dom-opendatabase><a
+   href="#opendatabase">openDatabase()</a></code> method is the same as the
+   current version associated with the database, then the method must return
+   a <code><a href="#database0">Database</a></code> object representing the
+   database associated with the <a href="#origin0">origin</a> of the <a
+   href="#active">active document</a> of the <a href="#browsing0">browsing
+   context</a> of the <code><a href="#window">Window</a></code> object on
+   which the method was called that has the name that was given. If no such
+   database exists, it must be created first.
+
+  <p>All strings including the empty string are valid database names.
+   Database names are case-sensitive.
+
+  <p class=note>Implementations can support this even in environments that
+   only support a subset of all strings as database names by mapping database
+   names (e.g. using a hashing algorithm) to the supported set of names.
+
+  <pre class=idl>interface <dfn id=database0>Database</dfn> {
+  <a href="#resultset">ResultSet</a> <a href="#executesql" title=dom-executeSql>executeSql</a>(in DOMString sqlStatement, <var title="">arguments...</var>);
+};</pre>
+
+  <h4 id=executing><span class=secno>4.12.3. </span>Executing SQL statements</h4>
+
   <p class=big-issue>There are two major missing features here: One: a way to
    be secure against DNS spoofing (a database created over an SSL connection
    covered by one cert should not be made accessible to content connecting
@@ -29864,10 +29905,8 @@
    title="">?</code> placeholders in the statement with the values given in
    the subsequent arguments (<var title="">arguments...</var>), and must then
    evaluate the statement as an SQL statement in the context of the database
-   associated with the <a href="#origin0">origin</a> of the <a
-   href="#active">active document</a> of the <a href="#browsing0">browsing
-   context</a> of the <code><a href="#window">Window</a></code> object on
-   which the method was called. <a href="#refsSQL">[SQL]</a>
+   of the <code><a href="#database0">Database</a></code> object on which the
+   method was called. <a href="#refsSQL">[SQL]</a>
 
   <p>If the <code title=dom-executeSql><a
    href="#executesql">executeSql()</a></code> method is called with a
@@ -29901,7 +29940,7 @@
   <p class=note>A future version of this specification may define the exact
    SQL subset required in more detail.
 
-  <h4 id=database><span class=secno>4.12.3. </span>Database query results</h4>
+  <h4 id=database><span class=secno>4.12.4. </span>Database query results</h4>
 
   <p>Calls to the <code title=dom-executeSql><a
    href="#executesql">executeSql()</a></code> method return <code><a
@@ -29989,7 +30028,7 @@
    If the statement did not insert a row, then the attribute must instead
    raise an <code>INVALID_ACCESS_ERR</code> exception.
 
-  <h4 id=privacy><span class=secno>4.12.4. </span>Privacy</h4>
+  <h4 id=privacy><span class=secno>4.12.5. </span>Privacy</h4>
 
   <p>In contrast with the <code title=dom-globalStorage><a
    href="#globalstorage">globalStorage</a></code> feature, which
@@ -30004,9 +30043,9 @@
    way as cookies for the purposes of user interfaces, to reduce the risk of
    using this feature for cookie resurrection.
 
-  <h4 id=security6><span class=secno>4.12.5. </span>Security</h4>
+  <h4 id=security6><span class=secno>4.12.6. </span>Security</h4>
 
-  <h5 id=user-agents><span class=secno>4.12.5.1. </span>User agents</h5>
+  <h5 id=user-agents><span class=secno>4.12.6.1. </span>User agents</h5>
 
   <p>User agent implementors are strongly encouraged to audit all their
    supported SQL statements for security implications. For example, <code
@@ -30019,7 +30058,7 @@
    disk representation of the data, as all data in ECMAScript is implicitly
    UTF-16.
 
-  <h5 id=sql-injection><span class=secno>4.12.5.2. </span>SQL injection</h5>
+  <h5 id=sql-injection><span class=secno>4.12.6.2. </span>SQL injection</h5>
 
   <p>Authors are strongly recommended to make use of the <code
    title="">?</code> placeholder feature of the <code title=dom-executeSql><a

Modified: source
===================================================================
--- source	2007-09-20 05:00:22 UTC (rev 1021)
+++ source	2007-09-21 23:29:12 UTC (rev 1022)
@@ -21961,7 +21961,7 @@
   readonly attribute <span>ClientInformation</span> <span title="dom-navigator">navigator</span>; <!-- XXX IE6 also has window.clientInformation pointing to this same object -->
   readonly attribute <span>Storage</span> <span title="dom-sessionStorage">sessionStorage</span>;
   readonly attribute <span>StorageList</span> <span title="dom-globalStorage">globalStorage</span>;
-  <span>ResultSet</span> <span title="dom-executeSql">executeSql</span>(in DOMString sqlStatement, <var title="">arguments...</var>);
+  <span>Database</span> <span title="dom-opendatabase">openDatabase</span>(in DOMString name, in DOMString version);
 
   // modal user prompts
   void <span title="dom-alert">alert</span>(in DOMString message);
@@ -27294,6 +27294,46 @@
 
   <p class="big-issue">...</p>
 
+  <h4>Databases</h4>
+
+  <p>Each <i>origin</i> has an associated set of databases. Each
+  database has a name and a current version. There is no way to
+  enumerate the databases available for a domain.</p>
+
+  <p>The <dfn
+  title="dom-opendatabase"><code>openDatabase()</code></dfn> method
+  returns a <code>Database</code> object. The method takes two
+  arguments, a database name and a database version.</p>
+
+  <p>If the database version provided is not the empty string, and the
+  database already exists but has a different version, then the method
+  must raise an <code>INVALID_STATE_ERR</code> exception.</p>
+
+  <p>Otherwise, if the database version is the empty string, or if the
+  database doesn't yet exist, or if the database exists and the
+  version provided to the <code
+  title="dom-opendatabase">openDatabase()</code> method is the same as
+  the current version associated with the database, then the method
+  must return a <code>Database</code> object representing the database
+  associated with the <span>origin</span> of the <span>active
+  document</span> of the <span>browsing context</span> of the
+  <code>Window</code> object on which the method was called that has
+  the name that was given. If no such database exists, it must be
+  created first.</p>
+
+  <p>All strings including the empty string are valid database
+  names. Database names are case-sensitive.</p>
+
+  <p class="note">Implementations can support this even in
+  environments that only support a subset of all strings as database
+  names by mapping database names (e.g. using a hashing algorithm) to
+  the supported set of names.</p>
+
+  <pre class="idl">interface <dfn>Database</dfn> {
+  <span>ResultSet</span> <span title="dom-executeSql">executeSql</span>(in DOMString sqlStatement, <var title="">arguments...</var>);
+};</pre>
+
+
   <h4>Executing SQL statements</h4>
 
   <p class="big-issue">There are two major missing features here: One:
@@ -27320,10 +27360,9 @@
   any <code title="">?</code> placeholders in the statement with the
   values given in the subsequent arguments (<var
   title="">arguments...</var>), and must then evaluate the statement
-  as an SQL statement in the context of the database associated with
-  the <span>origin</span> of the <span>active document</span> of the
-  <span>browsing context</span> of the <code>Window</code> object on
-  which the method was called. <a href="#refsSQL">[SQL]</a></p>
+  as an SQL statement in the context of the database of the
+  <code>Database</code> object on which the method was called. <a
+  href="#refsSQL">[SQL]</a></p>
 
   <p>If the <code title="dom-executeSql">executeSql()</code> method is
   called with a different number of arguments after the statement than




More information about the Commit-Watchers mailing list