[html5] r1499 - /
whatwg at whatwg.org
whatwg at whatwg.org
Mon Apr 28 03:08:58 PDT 2008
Author: ianh
Date: 2008-04-28 03:08:56 -0700 (Mon, 28 Apr 2008)
New Revision: 1499
Modified:
index
source
Log:
[e] (0) Move 'origin' section up one level, so that it can be made independent of scrpts
Modified: index
===================================================================
--- index 2008-04-28 09:45:02 UTC (rev 1498)
+++ index 2008-04-28 10:08:56 UTC (rev 1499)
@@ -1039,351 +1039,352 @@
other browsing contexts</a>
</ul>
- <li><a href="#scripting"><span class=secno>4.3 </span>Scripting</a>
+ <li><a href="#origin"><span class=secno>4.3 </span>Origin</a>
<ul class=toc>
- <li><a href="#running"><span class=secno>4.3.1 </span>Running
+ <li><a href="#unscripted"><span class=secno>4.3.1 </span>Unscripted
+ same-origin checks</a>
+ </ul>
+
+ <li><a href="#scripting"><span class=secno>4.4 </span>Scripting</a>
+ <ul class=toc>
+ <li><a href="#running"><span class=secno>4.4.1 </span>Running
executable code</a>
- <li><a href="#origin"><span class=secno>4.3.2 </span>Origin</a>
-
- <li><a href="#unscripted"><span class=secno>4.3.3 </span>Unscripted
- same-origin checks</a>
-
- <li><a href="#security3"><span class=secno>4.3.4 </span>Security
+ <li><a href="#security3"><span class=secno>4.4.2 </span>Security
exceptions</a>
- <li><a href="#javascript-protocol"><span class=secno>4.3.5 </span>The
+ <li><a href="#javascript-protocol"><span class=secno>4.4.3 </span>The
<code title="">javascript:</code> protocol</a>
- <li><a href="#events"><span class=secno>4.3.6 </span>Events</a>
+ <li><a href="#events"><span class=secno>4.4.4 </span>Events</a>
<ul class=toc>
- <li><a href="#event-handler-attributes"><span class=secno>4.3.6.1.
+ <li><a href="#event-handler-attributes"><span class=secno>4.4.4.1.
</span>Event handler attributes</a>
- <li><a href="#event"><span class=secno>4.3.6.2. </span>Event
+ <li><a href="#event"><span class=secno>4.4.4.2. </span>Event
firing</a>
- <li><a href="#events0"><span class=secno>4.3.6.3. </span>Events and
+ <li><a href="#events0"><span class=secno>4.4.4.3. </span>Events and
the <code>Window</code> object</a>
- <li><a href="#runtime-script-errors"><span class=secno>4.3.6.4.
+ <li><a href="#runtime-script-errors"><span class=secno>4.4.4.4.
</span>Runtime script errors</a>
</ul>
</ul>
- <li><a href="#user-prompts"><span class=secno>4.4 </span>User
+ <li><a href="#user-prompts"><span class=secno>4.5 </span>User
prompts</a>
<ul class=toc>
- <li><a href="#simple0"><span class=secno>4.4.1 </span>Simple
+ <li><a href="#simple0"><span class=secno>4.5.1 </span>Simple
dialogs</a>
- <li><a href="#dialogs"><span class=secno>4.4.2 </span>Dialogs
+ <li><a href="#dialogs"><span class=secno>4.5.2 </span>Dialogs
implemented using separate documents</a>
</ul>
- <li><a href="#browser"><span class=secno>4.5 </span>Browser state</a>
+ <li><a href="#browser"><span class=secno>4.6 </span>Browser state</a>
<ul class=toc>
- <li><a href="#custom-handlers"><span class=secno>4.5.1 </span>Custom
+ <li><a href="#custom-handlers"><span class=secno>4.6.1 </span>Custom
protocol and content handlers</a>
<ul class=toc>
- <li><a href="#security4"><span class=secno>4.5.1.1. </span>Security
+ <li><a href="#security4"><span class=secno>4.6.1.1. </span>Security
and privacy</a>
- <li><a href="#sample-handler-impl"><span class=secno>4.5.1.2.
+ <li><a href="#sample-handler-impl"><span class=secno>4.6.1.2.
</span>Sample user interface</a>
</ul>
</ul>
- <li><a href="#offline"><span class=secno>4.6 </span>Offline Web
+ <li><a href="#offline"><span class=secno>4.7 </span>Offline Web
applications</a>
<ul class=toc>
- <li><a href="#introduction1"><span class=secno>4.6.1
+ <li><a href="#introduction1"><span class=secno>4.7.1
</span>Introduction</a>
- <li><a href="#appcache"><span class=secno>4.6.2 </span>Application
+ <li><a href="#appcache"><span class=secno>4.7.2 </span>Application
caches</a>
- <li><a href="#manifests"><span class=secno>4.6.3 </span>The cache
+ <li><a href="#manifests"><span class=secno>4.7.3 </span>The cache
manifest syntax</a>
<ul class=toc>
- <li><a href="#writing"><span class=secno>4.6.3.1. </span>Writing
+ <li><a href="#writing"><span class=secno>4.7.3.1. </span>Writing
cache manifests</a>
- <li><a href="#parsing0"><span class=secno>4.6.3.2. </span>Parsing
+ <li><a href="#parsing0"><span class=secno>4.7.3.2. </span>Parsing
cache manifests</a>
</ul>
- <li><a href="#updating1"><span class=secno>4.6.4 </span>Updating an
+ <li><a href="#updating1"><span class=secno>4.7.4 </span>Updating an
application cache</a>
- <li><a href="#processing2"><span class=secno>4.6.5 </span>Processing
+ <li><a href="#processing2"><span class=secno>4.7.5 </span>Processing
model</a>
<ul class=toc>
- <li><a href="#changes"><span class=secno>4.6.5.1. </span>Changes to
+ <li><a href="#changes"><span class=secno>4.7.5.1. </span>Changes to
the networking model</a>
</ul>
- <li><a href="#application"><span class=secno>4.6.6 </span>Application
+ <li><a href="#application"><span class=secno>4.7.6 </span>Application
cache API</a>
- <li><a href="#browser0"><span class=secno>4.6.7 </span>Browser
+ <li><a href="#browser0"><span class=secno>4.7.7 </span>Browser
state</a>
</ul>
- <li><a href="#history"><span class=secno>4.7 </span>Session history and
+ <li><a href="#history"><span class=secno>4.8 </span>Session history and
navigation</a>
<ul class=toc>
- <li><a href="#the-session"><span class=secno>4.7.1 </span>The session
+ <li><a href="#the-session"><span class=secno>4.8.1 </span>The session
history of browsing contexts</a>
- <li><a href="#the-history"><span class=secno>4.7.2 </span>The
+ <li><a href="#the-history"><span class=secno>4.8.2 </span>The
<code>History</code> interface</a>
- <li><a href="#activating"><span class=secno>4.7.3 </span>Activating
+ <li><a href="#activating"><span class=secno>4.8.3 </span>Activating
state object entries</a>
- <li><a href="#the-location"><span class=secno>4.7.4 </span>The
+ <li><a href="#the-location"><span class=secno>4.8.4 </span>The
<code>Location</code> interface</a>
<ul class=toc>
- <li><a href="#security5"><span class=secno>4.7.4.1.
+ <li><a href="#security5"><span class=secno>4.8.4.1.
</span>Security</a>
</ul>
- <li><a href="#history-notes"><span class=secno>4.7.5
+ <li><a href="#history-notes"><span class=secno>4.8.5
</span>Implementation notes for session history</a>
</ul>
- <li><a href="#navigating"><span class=secno>4.8 </span>Navigating across
+ <li><a href="#navigating"><span class=secno>4.9 </span>Navigating across
documents</a>
<ul class=toc>
- <li><a href="#read-html"><span class=secno>4.8.1 </span>Page load
+ <li><a href="#read-html"><span class=secno>4.9.1 </span>Page load
processing model for HTML files</a>
- <li><a href="#read-xml"><span class=secno>4.8.2 </span>Page load
+ <li><a href="#read-xml"><span class=secno>4.9.2 </span>Page load
processing model for XML files</a>
- <li><a href="#read-text"><span class=secno>4.8.3 </span>Page load
+ <li><a href="#read-text"><span class=secno>4.9.3 </span>Page load
processing model for text files</a>
- <li><a href="#read-image"><span class=secno>4.8.4 </span>Page load
+ <li><a href="#read-image"><span class=secno>4.9.4 </span>Page load
processing model for images</a>
- <li><a href="#read-plugin"><span class=secno>4.8.5 </span>Page load
+ <li><a href="#read-plugin"><span class=secno>4.9.5 </span>Page load
processing model for content that uses plugins</a>
- <li><a href="#read-ua-inline"><span class=secno>4.8.6 </span>Page load
+ <li><a href="#read-ua-inline"><span class=secno>4.9.6 </span>Page load
processing model for inline content that doesn't have a DOM</a>
- <li><a href="#scroll-to-fragid"><span class=secno>4.8.7
+ <li><a href="#scroll-to-fragid"><span class=secno>4.9.7
</span>Navigating to a fragment identifier</a>
</ul>
- <li><a href="#content-type-sniffing"><span class=secno>4.9
+ <li><a href="#content-type-sniffing"><span class=secno>4.10
</span>Determining the type of a new resource in a browsing context</a>
<ul class=toc>
- <li><a href="#content-type0"><span class=secno>4.9.1
+ <li><a href="#content-type0"><span class=secno>4.10.1
</span>Content-Type sniffing: text or binary</a>
- <li><a href="#content-type1"><span class=secno>4.9.2
+ <li><a href="#content-type1"><span class=secno>4.10.2
</span>Content-Type sniffing: unknown type</a>
- <li><a href="#content-type2"><span class=secno>4.9.3
+ <li><a href="#content-type2"><span class=secno>4.10.3
</span>Content-Type sniffing: image</a>
- <li><a href="#content-type3"><span class=secno>4.9.4
+ <li><a href="#content-type3"><span class=secno>4.10.4
</span>Content-Type sniffing: feed or HTML</a>
- <li><a href="#content-type"><span class=secno>4.9.5
+ <li><a href="#content-type"><span class=secno>4.10.5
</span>Content-Type metadata</a>
</ul>
- <li><a href="#storage"><span class=secno>4.10 </span>Client-side session
+ <li><a href="#storage"><span class=secno>4.11 </span>Client-side session
and persistent storage of name/value pairs</a>
<ul class=toc>
- <li><a href="#introduction2"><span class=secno>4.10.1
+ <li><a href="#introduction2"><span class=secno>4.11.1
</span>Introduction</a>
- <li><a href="#the-storage"><span class=secno>4.10.2 </span>The
+ <li><a href="#the-storage"><span class=secno>4.11.2 </span>The
<code>Storage</code> interface</a>
- <li><a href="#the-sessionstorage"><span class=secno>4.10.3 </span>The
+ <li><a href="#the-sessionstorage"><span class=secno>4.11.3 </span>The
<code title=dom-sessionStorage>sessionStorage</code> attribute</a>
- <li><a href="#the-localstorage"><span class=secno>4.10.4 </span>The
+ <li><a href="#the-localstorage"><span class=secno>4.11.4 </span>The
<code title=dom-localStorage>localStorage</code> attribute</a>
- <li><a href="#the-storage0"><span class=secno>4.10.5 </span>The <code
+ <li><a href="#the-storage0"><span class=secno>4.11.5 </span>The <code
title=event-storage>storage</code> event</a>
<ul class=toc>
- <li><a href="#event0"><span class=secno>4.10.5.1. </span>Event
+ <li><a href="#event0"><span class=secno>4.11.5.1. </span>Event
definition</a>
</ul>
- <li><a href="#miscellaneous0"><span class=secno>4.10.6
+ <li><a href="#miscellaneous0"><span class=secno>4.11.6
</span>Miscellaneous implementation requirements for storage
areas</a>
<ul class=toc>
- <li><a href="#disk-space"><span class=secno>4.10.6.1. </span>Disk
+ <li><a href="#disk-space"><span class=secno>4.11.6.1. </span>Disk
space</a>
- <li><a href="#threads0"><span class=secno>4.10.6.2.
+ <li><a href="#threads0"><span class=secno>4.11.6.2.
</span>Threads</a>
</ul>
- <li><a href="#security6"><span class=secno>4.10.7 </span>Security and
+ <li><a href="#security6"><span class=secno>4.11.7 </span>Security and
privacy</a>
<ul class=toc>
- <li><a href="#user-tracking"><span class=secno>4.10.7.1. </span>User
+ <li><a href="#user-tracking"><span class=secno>4.11.7.1. </span>User
tracking</a>
- <li><a href="#cookie"><span class=secno>4.10.7.2. </span>Cookie
+ <li><a href="#cookie"><span class=secno>4.11.7.2. </span>Cookie
resurrection</a>
- <li><a href="#dns-spoofing"><span class=secno>4.10.7.3. </span>DNS
+ <li><a href="#dns-spoofing"><span class=secno>4.11.7.3. </span>DNS
spoofing attacks</a>
- <li><a href="#cross-directory"><span class=secno>4.10.7.4.
+ <li><a href="#cross-directory"><span class=secno>4.11.7.4.
</span>Cross-directory attacks</a>
- <li><a href="#implementation"><span class=secno>4.10.7.5.
+ <li><a href="#implementation"><span class=secno>4.11.7.5.
</span>Implementation risks</a>
</ul>
</ul>
- <li><a href="#sql"><span class=secno>4.11 </span>Client-side database
+ <li><a href="#sql"><span class=secno>4.12 </span>Client-side database
storage</a>
<ul class=toc>
- <li><a href="#introduction3"><span class=secno>4.11.1
+ <li><a href="#introduction3"><span class=secno>4.12.1
</span>Introduction</a>
- <li><a href="#databases"><span class=secno>4.11.2 </span>Databases</a>
+ <li><a href="#databases"><span class=secno>4.12.2 </span>Databases</a>
- <li><a href="#executing"><span class=secno>4.11.3 </span>Executing SQL
+ <li><a href="#executing"><span class=secno>4.12.3 </span>Executing SQL
statements</a>
- <li><a href="#database"><span class=secno>4.11.4 </span>Database query
+ <li><a href="#database"><span class=secno>4.12.4 </span>Database query
results</a>
- <li><a href="#errors"><span class=secno>4.11.5 </span>Errors</a>
+ <li><a href="#errors"><span class=secno>4.12.5 </span>Errors</a>
- <li><a href="#processing3"><span class=secno>4.11.6 </span>Processing
+ <li><a href="#processing3"><span class=secno>4.12.6 </span>Processing
model</a>
- <li><a href="#privacy"><span class=secno>4.11.7 </span>Privacy</a>
+ <li><a href="#privacy"><span class=secno>4.12.7 </span>Privacy</a>
- <li><a href="#security7"><span class=secno>4.11.8 </span>Security</a>
+ <li><a href="#security7"><span class=secno>4.12.8 </span>Security</a>
<ul class=toc>
- <li><a href="#user-agents"><span class=secno>4.11.8.1. </span>User
+ <li><a href="#user-agents"><span class=secno>4.12.8.1. </span>User
agents</a>
- <li><a href="#sql-injection"><span class=secno>4.11.8.2. </span>SQL
+ <li><a href="#sql-injection"><span class=secno>4.12.8.2. </span>SQL
injection</a>
</ul>
</ul>
- <li><a href="#links"><span class=secno>4.12 </span>Links</a>
+ <li><a href="#links"><span class=secno>4.13 </span>Links</a>
<ul class=toc>
- <li><a href="#hyperlink"><span class=secno>4.12.1 </span>Hyperlink
+ <li><a href="#hyperlink"><span class=secno>4.13.1 </span>Hyperlink
elements</a>
- <li><a href="#following"><span class=secno>4.12.2 </span>Following
+ <li><a href="#following"><span class=secno>4.13.2 </span>Following
hyperlinks</a>
<ul class=toc>
- <li><a href="#hyperlink0"><span class=secno>4.12.2.1.
+ <li><a href="#hyperlink0"><span class=secno>4.13.2.1.
</span>Hyperlink auditing</a>
</ul>
- <li><a href="#linkTypes"><span class=secno>4.12.3 </span>Link
+ <li><a href="#linkTypes"><span class=secno>4.13.3 </span>Link
types</a>
<ul class=toc>
- <li><a href="#link-type"><span class=secno>4.12.3.1. </span>Link
+ <li><a href="#link-type"><span class=secno>4.13.3.1. </span>Link
type "<code>alternate</code>"</a>
- <li><a href="#link-type0"><span class=secno>4.12.3.2. </span>Link
+ <li><a href="#link-type0"><span class=secno>4.13.3.2. </span>Link
type "<code>archives</code>"</a>
- <li><a href="#link-type1"><span class=secno>4.12.3.3. </span>Link
+ <li><a href="#link-type1"><span class=secno>4.13.3.3. </span>Link
type "<code>author</code>"</a>
- <li><a href="#link-type2"><span class=secno>4.12.3.4. </span>Link
+ <li><a href="#link-type2"><span class=secno>4.13.3.4. </span>Link
type "<code>bookmark</code>"</a>
- <li><a href="#link-type3"><span class=secno>4.12.3.5. </span>Link
+ <li><a href="#link-type3"><span class=secno>4.13.3.5. </span>Link
type "<code>contact</code>"</a>
- <li><a href="#link-type4"><span class=secno>4.12.3.6. </span>Link
+ <li><a href="#link-type4"><span class=secno>4.13.3.6. </span>Link
type "<code>external</code>"</a>
- <li><a href="#link-type5"><span class=secno>4.12.3.7. </span>Link
+ <li><a href="#link-type5"><span class=secno>4.13.3.7. </span>Link
type "<code>feed</code>"</a>
- <li><a href="#link-type6"><span class=secno>4.12.3.8. </span>Link
+ <li><a href="#link-type6"><span class=secno>4.13.3.8. </span>Link
type "<code>help</code>"</a>
- <li><a href="#link-type7"><span class=secno>4.12.3.9. </span>Link
+ <li><a href="#link-type7"><span class=secno>4.13.3.9. </span>Link
type "<code>icon</code>"</a>
- <li><a href="#link-type8"><span class=secno>4.12.3.10. </span>Link
+ <li><a href="#link-type8"><span class=secno>4.13.3.10. </span>Link
type "<code>license</code>"</a>
- <li><a href="#link-type9"><span class=secno>4.12.3.11. </span>Link
+ <li><a href="#link-type9"><span class=secno>4.13.3.11. </span>Link
type "<code>nofollow</code>"</a>
- <li><a href="#link-type10"><span class=secno>4.12.3.12. </span>Link
+ <li><a href="#link-type10"><span class=secno>4.13.3.12. </span>Link
type "<code>noreferrer</code>"</a>
- <li><a href="#link-type11"><span class=secno>4.12.3.13. </span>Link
+ <li><a href="#link-type11"><span class=secno>4.13.3.13. </span>Link
type "<code>pingback</code>"</a>
- <li><a href="#link-type12"><span class=secno>4.12.3.14. </span>Link
+ <li><a href="#link-type12"><span class=secno>4.13.3.14. </span>Link
type "<code>prefetch</code>"</a>
- <li><a href="#link-type13"><span class=secno>4.12.3.15. </span>Link
+ <li><a href="#link-type13"><span class=secno>4.13.3.15. </span>Link
type "<code>search</code>"</a>
- <li><a href="#link-type14"><span class=secno>4.12.3.16. </span>Link
+ <li><a href="#link-type14"><span class=secno>4.13.3.16. </span>Link
type "<code>stylesheet</code>"</a>
- <li><a href="#link-type15"><span class=secno>4.12.3.17. </span>Link
+ <li><a href="#link-type15"><span class=secno>4.13.3.17. </span>Link
type "<code>sidebar</code>"</a>
- <li><a href="#link-type16"><span class=secno>4.12.3.18. </span>Link
+ <li><a href="#link-type16"><span class=secno>4.13.3.18. </span>Link
type "<code>tag</code>"</a>
- <li><a href="#hierarchical"><span class=secno>4.12.3.19.
+ <li><a href="#hierarchical"><span class=secno>4.13.3.19.
</span>Hierarchical link types</a>
<ul class=toc>
- <li><a href="#link-type17"><span class=secno>4.12.3.19.1.
+ <li><a href="#link-type17"><span class=secno>4.13.3.19.1.
</span>Link type "<code>index</code>"</a>
- <li><a href="#link-type18"><span class=secno>4.12.3.19.2.
+ <li><a href="#link-type18"><span class=secno>4.13.3.19.2.
</span>Link type "<code>up</code>"</a>
</ul>
- <li><a href="#sequential0"><span class=secno>4.12.3.20.
+ <li><a href="#sequential0"><span class=secno>4.13.3.20.
</span>Sequential link types</a>
<ul class=toc>
- <li><a href="#link-type19"><span class=secno>4.12.3.20.1.
+ <li><a href="#link-type19"><span class=secno>4.13.3.20.1.
</span>Link type "<code>first</code>"</a>
- <li><a href="#link-type20"><span class=secno>4.12.3.20.2.
+ <li><a href="#link-type20"><span class=secno>4.13.3.20.2.
</span>Link type "<code>last</code>"</a>
- <li><a href="#link-type21"><span class=secno>4.12.3.20.3.
+ <li><a href="#link-type21"><span class=secno>4.13.3.20.3.
</span>Link type "<code>next</code>"</a>
- <li><a href="#link-type22"><span class=secno>4.12.3.20.4.
+ <li><a href="#link-type22"><span class=secno>4.13.3.20.4.
</span>Link type "<code>prev</code>"</a>
</ul>
- <li><a href="#other0"><span class=secno>4.12.3.21. </span>Other link
+ <li><a href="#other0"><span class=secno>4.13.3.21. </span>Other link
types</a>
</ul>
</ul>
- <li><a href="#interfaces"><span class=secno>4.13 </span>Interfaces for
+ <li><a href="#interfaces"><span class=secno>4.14 </span>Interfaces for
URI manipulation</a>
</ul>
@@ -27063,43 +27064,7 @@
those browsing contexts.</p>
<!-- XXX DOMB -->
- <h3 id=scripting><span class=secno>4.3 </span>Scripting</h3>
-
- <h4 id=running><span class=secno>4.3.1 </span>Running executable code</h4>
-
- <p>Various mechanisms can cause author-provided executable code to run in
- the context of a document. These mechanisms include, but are probably not
- limited to:
-
- <ul>
- <li>Processing of <code><a href="#script0">script</a></code> elements.
-
- <li>Processing of inline <code title="javascript protocol"><a
- href="#the-javascript">javascript:</a></code> URIs (e.g. the <code
- title=attr-img-src><a href="#src">src</a></code> attribute of <code><a
- href="#img">img</a></code> elements, or an <code title="">@import</code>
- rule in a CSS <code><a href="#style">style</a></code> element block).
-
- <li>Event handlers, whether registered through the DOM using <code
- title="">addEventListener()</code>, by explicit <a href="#event3">event
- handler content attributes</a>, by <a href="#event4">event handler DOM
- attributes</a>, or otherwise.
-
- <li>Processing of technologies like XBL or SVG that have their own
- scripting features.
- </ul>
-
- <p>User agents may provide a mechanism to enable or disable the execution
- of author-provided code. When the user agent is configured such that
- author-provided code does not execute, or if the user agent is implemented
- so as to never execute author-provided code, it is said that <dfn
- id=scripting1>scripting is disabled</dfn>. When author-provided code
- <em>does</em> execute, <dfn id=scripting2>scripting is enabled</dfn>. A
- user agent with scripting disabled is a <a href="#non-scripted"
- title="User agents with no scripting support">user agent with no scripting
- support</a> for the purposes of conformance.
-
- <h4 id=origin><span class=secno>4.3.2 </span>Origin</h4>
+ <h3 id=origin><span class=secno>4.3 </span>Origin</h3>
<!-- Hallowed are the Ori -->
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=346659
@@ -27203,7 +27168,7 @@
kill multi-homed systems like GMail. Should we do something like have a
DNS record say whether or not to include the IP in the origin for a host?
- <h4 id=unscripted><span class=secno>4.3.3 </span>Unscripted same-origin
+ <h4 id=unscripted><span class=secno>4.3.1 </span>Unscripted same-origin
checks</h4>
<p>When two URIs are to be compared to determine if they have the <dfn
@@ -27285,11 +27250,47 @@
<p>Otherwise, the two URIs do have the same scheme/host/port.
</ol>
- <h4 id=security3><span class=secno>4.3.4 </span>Security exceptions</h4>
+ <h3 id=scripting><span class=secno>4.4 </span>Scripting</h3>
+ <h4 id=running><span class=secno>4.4.1 </span>Running executable code</h4>
+
+ <p>Various mechanisms can cause author-provided executable code to run in
+ the context of a document. These mechanisms include, but are probably not
+ limited to:
+
+ <ul>
+ <li>Processing of <code><a href="#script0">script</a></code> elements.
+
+ <li>Processing of inline <code title="javascript protocol"><a
+ href="#the-javascript">javascript:</a></code> URIs (e.g. the <code
+ title=attr-img-src><a href="#src">src</a></code> attribute of <code><a
+ href="#img">img</a></code> elements, or an <code title="">@import</code>
+ rule in a CSS <code><a href="#style">style</a></code> element block).
+
+ <li>Event handlers, whether registered through the DOM using <code
+ title="">addEventListener()</code>, by explicit <a href="#event3">event
+ handler content attributes</a>, by <a href="#event4">event handler DOM
+ attributes</a>, or otherwise.
+
+ <li>Processing of technologies like XBL or SVG that have their own
+ scripting features.
+ </ul>
+
+ <p>User agents may provide a mechanism to enable or disable the execution
+ of author-provided code. When the user agent is configured such that
+ author-provided code does not execute, or if the user agent is implemented
+ so as to never execute author-provided code, it is said that <dfn
+ id=scripting1>scripting is disabled</dfn>. When author-provided code
+ <em>does</em> execute, <dfn id=scripting2>scripting is enabled</dfn>. A
+ user agent with scripting disabled is a <a href="#non-scripted"
+ title="User agents with no scripting support">user agent with no scripting
+ support</a> for the purposes of conformance.
+
+ <h4 id=security3><span class=secno>4.4.2 </span>Security exceptions</h4>
+
<p class=big-issue>Define <dfn id=security9>security exception</dfn>.
- <h4 id=javascript-protocol><span class=secno>4.3.5 </span><dfn
+ <h4 id=javascript-protocol><span class=secno>4.4.3 </span><dfn
id=the-javascript title="javascript protocol">The <code
title="">javascript:</code> protocol</dfn></h4>
@@ -27364,7 +27365,7 @@
context</a>.</p>
</div>
- <h4 id=events><span class=secno>4.3.6 </span>Events</h4>
+ <h4 id=events><span class=secno>4.4.4 </span>Events</h4>
<p class=big-issue>We need to define how to handle events that are to be
fired on a Document that is no longer the active document of its browsing
@@ -27375,7 +27376,7 @@
element section, which says scripts don't run when the document isn't
active.
- <h5 id=event-handler-attributes><span class=secno>4.3.6.1. </span>Event
+ <h5 id=event-handler-attributes><span class=secno>4.4.4.1. </span>Event
handler attributes</h5>
<p><a href="#html-elements">HTML elements</a> can have <dfn id=event2>event
@@ -27773,7 +27774,7 @@
otherwise. (The <code title=dom-event-listener>listener</code> argument is
emphatically <em>not</em> the event handler attribute itself.)
- <h5 id=event><span class=secno>4.3.6.2. </span>Event firing</h5>
+ <h5 id=event><span class=secno>4.4.4.2. </span>Event firing</h5>
<p class=big-issue>maybe this should be moved higher up (terminology?
conformance? DOM?) Also, the whole terminology thing should be changed so
@@ -27863,7 +27864,7 @@
actions are defined in terms of <em>any</em> event of the right type on
that element, not those that are dispatched in expected ways.
- <h5 id=events0><span class=secno>4.3.6.3. </span>Events and the <code><a
+ <h5 id=events0><span class=secno>4.4.4.3. </span>Events and the <code><a
href="#window">Window</a></code> object</h5>
<p>When an event is dispatched at a DOM node in a <code>Document</code> in
@@ -27882,7 +27883,7 @@
bubbling has been prevented.
</ol>
- <h5 id=runtime-script-errors><span class=secno>4.3.6.4. </span>Runtime
+ <h5 id=runtime-script-errors><span class=secno>4.4.4.4. </span>Runtime
script errors</h5>
<p><em>This section only applies to user agents that support scripting in
@@ -27930,9 +27931,9 @@
<p>The initial value of <code title=handler-onerror><a
href="#onerror">onerror</a></code> must be <code>undefined</code>.
- <h3 id=user-prompts><span class=secno>4.4 </span>User prompts</h3>
+ <h3 id=user-prompts><span class=secno>4.5 </span>User prompts</h3>
- <h4 id=simple0><span class=secno>4.4.1 </span>Simple dialogs</h4>
+ <h4 id=simple0><span class=secno>4.5.1 </span>Simple dialogs</h4>
<p>The <dfn id=alert title=dom-alert><code>alert(<var
title="">message</var>)</code></dfn> method, when invoked, must show the
@@ -27969,7 +27970,7 @@
<em>always</em> offering the user with the opportunity to convert the
document to whatever media the user might want.)
- <h4 id=dialogs><span class=secno>4.4.2 </span>Dialogs implemented using
+ <h4 id=dialogs><span class=secno>4.5.2 </span>Dialogs implemented using
separate documents</h4>
<p>The <dfn id=showmodaldialog
@@ -28101,7 +28102,7 @@
of its browsing context, and on setting, must set the <a
href="#return">return value</a> to the given new value.
- <h3 id=browser><span class=secno>4.5 </span>Browser state</h3>
+ <h3 id=browser><span class=secno>4.6 </span>Browser state</h3>
<p>The <dfn id=navigator title=dom-navigator><code>navigator</code></dfn>
attribute of the <code><a href="#window">Window</a></code> interface must
@@ -28119,7 +28120,7 @@
<!-- XXX there are other attributes! -->};</pre>
<!-- also, see window.external.AddSearchProvider() and similar DOM APIs from IE -->
- <h4 id=custom-handlers><span class=secno>4.5.1 </span>Custom protocol and
+ <h4 id=custom-handlers><span class=secno>4.6.1 </span>Custom protocol and
content handlers</h4>
<p>The <dfn id=registerprotocolhandler
@@ -28262,7 +28263,7 @@
non-idempotent transaction), as the remote site would not be able to fetch
the same data.
- <h5 id=security4><span class=secno>4.5.1.1. </span>Security and privacy</h5>
+ <h5 id=security4><span class=secno>4.6.1.1. </span>Security and privacy</h5>
<p>These mechanisms can introduce a number of concerns, in particular
privacy concerns.
@@ -28340,7 +28341,7 @@
trust the third-party handler, a decision many users are unable to make or
even understand).
- <h5 id=sample-handler-impl><span class=secno>4.5.1.2. </span>Sample user
+ <h5 id=sample-handler-impl><span class=secno>4.6.1.2. </span>Sample user
interface</h5>
<p><em>This section is non-normative.</em>
@@ -28423,15 +28424,15 @@
would work equivalently, but for unknown MIME types instead of unknown
protocols.
- <h3 id=offline><span class=secno>4.6 </span>Offline Web applications</h3>
+ <h3 id=offline><span class=secno>4.7 </span>Offline Web applications</h3>
- <h4 id=introduction1><span class=secno>4.6.1 </span>Introduction</h4>
+ <h4 id=introduction1><span class=secno>4.7.1 </span>Introduction</h4>
<p><em>This section is non-normative.</em>
<p class=big-issue>...
- <h4 id=appcache><span class=secno>4.6.2 </span>Application caches</h4>
+ <h4 id=appcache><span class=secno>4.7.2 </span>Application caches</h4>
<p>An <dfn id=application0>application cache</dfn> is a collection of
resources. An application cache is identified by the URI of a resource
@@ -28562,9 +28563,9 @@
<li>which application cache the user prefers.
</ul>
- <h4 id=manifests><span class=secno>4.6.3 </span>The cache manifest syntax</h4>
+ <h4 id=manifests><span class=secno>4.7.3 </span>The cache manifest syntax</h4>
- <h5 id=writing><span class=secno>4.6.3.1. </span>Writing cache manifests</h5>
+ <h5 id=writing><span class=secno>4.7.3.1. </span>Writing cache manifests</h5>
<p>Manifests must be served using the <code
title="">text/cache-manifest</code> MIME type. All resources served using
@@ -28692,7 +28693,7 @@
<p>URIs in manifests must not have fragment identifiers.
- <h5 id=parsing0><span class=secno>4.6.3.2. </span>Parsing cache manifests</h5>
+ <h5 id=parsing0><span class=secno>4.7.3.2. </span>Parsing cache manifests</h5>
<p>When a user agent is to <dfn id=parse0>parse a manifest</dfn>, it means
that the user agent must run the following steps:
@@ -28909,7 +28910,7 @@
the cached copy will only be used if it is opened from a top-level
browsing context.
- <h4 id=updating1><span class=secno>4.6.4 </span>Updating an application
+ <h4 id=updating1><span class=secno>4.7.4 </span>Updating an application
cache</h4>
<p>When the user agent is required (by other parts of this specification)
@@ -29250,7 +29251,7 @@
an update for this cache is in progress.
</ol>
- <h4 id=processing2><span class=secno>4.6.5 </span>Processing model</h4>
+ <h4 id=processing2><span class=secno>4.7.5 </span>Processing model</h4>
<p>The processing model of application caches for offline support in Web
applications is part of the <a href="#navigate"
@@ -29404,7 +29405,7 @@
update process</a> for that cache; otherwise, nothing special happens with
respect to application caches.
- <h5 id=changes><span class=secno>4.6.5.1. </span>Changes to the networking
+ <h5 id=changes><span class=secno>4.7.5.1. </span>Changes to the networking
model</h5>
<p>When a browsing context is associated with an <a
@@ -29459,7 +29460,7 @@
cache has been primed the first time), making the testing of offline
applications simpler.
- <h4 id=application><span class=secno>4.6.6 </span>Application cache API</h4>
+ <h4 id=application><span class=secno>4.7.6 </span>Application cache API</h4>
<pre class=idl>interface <dfn id=applicationcache>ApplicationCache</dfn> {
@@ -29798,7 +29799,7 @@
href="#applicationcache">ApplicationCache</a></code> object.
</dl>
- <h4 id=browser0><span class=secno>4.6.7 </span>Browser state</h4>
+ <h4 id=browser0><span class=secno>4.7.7 </span>Browser state</h4>
<p>The <dfn id=navigator.online
title=dom-navigator-onLine><code>navigator.onLine</code></dfn> attribute
@@ -29823,9 +29824,9 @@
href="#the-body1">the body element</a>.</p>
<!-- XXX ononline onoffline need to be defined -->
- <h3 id=history><span class=secno>4.7 </span>Session history and navigation</h3>
+ <h3 id=history><span class=secno>4.8 </span>Session history and navigation</h3>
- <h4 id=the-session><span class=secno>4.7.1 </span>The session history of
+ <h4 id=the-session><span class=secno>4.8.1 </span>The session history of
browsing contexts</h4>
<p>The sequence of <code>Document</code>s in a <a
@@ -29933,7 +29934,7 @@
there are no state object entries for that <code>Document</code> object
then no entries are removed.
- <h4 id=the-history><span class=secno>4.7.2 </span>The <code><a
+ <h4 id=the-history><span class=secno>4.8.2 </span>The <code><a
href="#history1">History</a></code> interface</h4>
<pre class=idl>interface <dfn id=history1>History</dfn> {
@@ -30204,7 +30205,7 @@
the last entry for that <code>Document</code> object in the session
history.
- <h4 id=activating><span class=secno>4.7.3 </span><dfn id=activating0
+ <h4 id=activating><span class=secno>4.8.3 </span><dfn id=activating0
title="activate the state object">Activating state object entries</dfn></h4>
<p>When an entry in the session history is activated (which happens during
@@ -30254,7 +30255,7 @@
represents the context information for the event, or null, if the state
represented is the initial state of the <code>Document</code>.
- <h4 id=the-location><span class=secno>4.7.4 </span>The <code><a
+ <h4 id=the-location><span class=secno>4.8.4 </span>The <code><a
href="#location2">Location</a></code> interface</h4>
<p>Each <code>Document</code> object in a browsing context's session
@@ -30367,7 +30368,7 @@
user reload must be equivalent to .reload()
-->
- <h5 id=security5><span class=secno>4.7.4.1. </span>Security</h5>
+ <h5 id=security5><span class=secno>4.8.4.1. </span>Security</h5>
<p>User agents must raise a <a href="#security9">security exception</a>
whenever any of the members of a <code><a
@@ -30385,7 +30386,7 @@
title=dom-location-href><a href="#href5">href</a></code> attribute's
setter.
- <h4 id=history-notes><span class=secno>4.7.5 </span>Implementation notes
+ <h4 id=history-notes><span class=secno>4.8.5 </span>Implementation notes
for session history</h4>
<p><em>This section is non-normative.</em>
@@ -30424,7 +30425,7 @@
that are invoked on a timer, or from event handlers that do not represent
a clear user action, or that are invoked in rapid succession.
- <h3 id=navigating><span class=secno>4.8 </span>Navigating across documents</h3>
+ <h3 id=navigating><span class=secno>4.9 </span>Navigating across documents</h3>
<p>Certain actions cause the <a href="#browsing0">browsing context</a> to
<dfn id=navigate>navigate</dfn>. For example, <a href="#following0"
@@ -30688,7 +30689,7 @@
</dl>
</ol>
- <h4 id=read-html><span class=secno>4.8.1 </span><dfn id=page-load
+ <h4 id=read-html><span class=secno>4.9.1 </span><dfn id=page-load
title=navigate-html>Page load processing model for HTML files</dfn></h4>
<p>When an HTML document is to be loaded in a <a href="#browsing0">browsing
@@ -30719,7 +30720,7 @@
title=concept-appcache-init-with-attribute>Application cache selection</a>
happens <a href="#parser-appcache">in the HTML parser</a>.
- <h4 id=read-xml><span class=secno>4.8.2 </span><dfn id=page-load0
+ <h4 id=read-xml><span class=secno>4.9.2 </span><dfn id=page-load0
title=navigate-xml>Page load processing model for XML files</dfn></h4>
<p>When faced with displaying an XML file inline, user agents must first
@@ -30776,7 +30777,7 @@
<p>Error messages from the parse process (e.g. namespace well-formedness
errors) may be reported inline by mutating the <code>Document</code>.
- <h4 id=read-text><span class=secno>4.8.3 </span><dfn id=page-load1
+ <h4 id=read-text><span class=secno>4.9.3 </span><dfn id=page-load1
title=navigate-text>Page load processing model for text files</dfn></h4>
<p>When a plain text document is to be loaded in a <a
@@ -30819,7 +30820,7 @@
binding, providing script, giving the document a <code><a
href="#title1">title</a></code>, etc.
- <h4 id=read-image><span class=secno>4.8.4 </span><dfn id=page-load2
+ <h4 id=read-image><span class=secno>4.9.4 </span><dfn id=page-load2
title=navigate-image>Page load processing model for images</dfn></h4>
<p>When an image resource is to be loaded in a <a
@@ -30855,7 +30856,7 @@
binding, to provide a script, to give the document a <code><a
href="#title1">title</a></code>, etc.
- <h4 id=read-plugin><span class=secno>4.8.5 </span><dfn id=page-load3
+ <h4 id=read-plugin><span class=secno>4.9.5 </span><dfn id=page-load3
title=navigate-plugin>Page load processing model for content that uses
plugins</dfn></h4>
@@ -30892,7 +30893,7 @@
XBL binding, or to give the document a <code><a
href="#title1">title</a></code>.
- <h4 id=read-ua-inline><span class=secno>4.8.6 </span><dfn id=page-load4
+ <h4 id=read-ua-inline><span class=secno>4.9.6 </span><dfn id=page-load4
title=navigate-ua-inline>Page load processing model for inline content
that doesn't have a DOM</dfn></h4>
@@ -30919,7 +30920,7 @@
the page has been completely set up, the user agent must <a
href="#update2">update the session history with the new page</a>.
- <h4 id=scroll-to-fragid><span class=secno>4.8.7 </span><dfn id=navigating0
+ <h4 id=scroll-to-fragid><span class=secno>4.9.7 </span><dfn id=navigating0
title=navigate-fragid>Navigating to a fragment identifier</dfn></h4>
<p>When a user agent is supposed to navigate to a fragment identifier, then
@@ -30983,7 +30984,7 @@
an element; otherwise there is no <i>target element</i>. <a
href="#refsSELECTORS">[SELECTORS]</a>
- <h3 id=content-type-sniffing><span class=secno>4.9 </span>Determining the
+ <h3 id=content-type-sniffing><span class=secno>4.10 </span>Determining the
type of a new resource in a browsing context</h3>
<p class=warning>It is imperative that the rules in this section be
@@ -31093,7 +31094,7 @@
<p>The sniffed type of the resource is <var title="">official type</var>.
</ol>
- <h4 id=content-type0><span class=secno>4.9.1 </span><dfn
+ <h4 id=content-type0><span class=secno>4.10.1 </span><dfn
id=content-type4>Content-Type sniffing: text or binary</dfn></h4>
<ol>
@@ -31181,7 +31182,7 @@
<p>Otherwise, the sniffed type of the resource is "text/plain".
</ol>
- <h4 id=content-type1><span class=secno>4.9.2 </span><dfn
+ <h4 id=content-type1><span class=secno>4.10.2 </span><dfn
id=content-type5>Content-Type sniffing: unknown type</dfn></h4>
<ol>
@@ -31433,7 +31434,7 @@
determine that content is not HTML and thus safe from XSS attacks, but
then a user agent detects it as HTML anyway and allows script to execute).
- <h4 id=content-type2><span class=secno>4.9.3 </span><dfn
+ <h4 id=content-type2><span class=secno>4.10.3 </span><dfn
id=content-type6>Content-Type sniffing: image</dfn></h4>
<p>If the first bytes of the file match one of the byte sequences in the
@@ -31495,7 +31496,7 @@
<p>Otherwise, the <i>sniffed type</i> of the resource is the same as its
<var title="">official type</var>.
- <h4 id=content-type3><span class=secno>4.9.4 </span><dfn
+ <h4 id=content-type3><span class=secno>4.10.4 </span><dfn
id=content-type7>Content-Type sniffing: feed or HTML</dfn></h4>
<!-- mostly based on:
http://blogs.msdn.com/rssteam/articles/PublishersGuide.aspx
@@ -31674,7 +31675,7 @@
this algorithm and the algorithm for detecting the character encoding of
HTML documents in parallel.
- <h4 id=content-type><span class=secno>4.9.5 </span>Content-Type metadata</h4>
+ <h4 id=content-type><span class=secno>4.10.5 </span>Content-Type metadata</h4>
<p>What explicit <dfn id=content-type8 title=Content-Type>Content-Type
metadata</dfn> is associated with the resource (the resource's type
@@ -31762,10 +31763,10 @@
</dl>
</ol>
- <h3 id=storage><span class=secno>4.10 </span>Client-side session and
+ <h3 id=storage><span class=secno>4.11 </span>Client-side session and
persistent storage of name/value pairs</h3>
- <h4 id=introduction2><span class=secno>4.10.1 </span>Introduction</h4>
+ <h4 id=introduction2><span class=secno>4.11.1 </span>Introduction</h4>
<p><em>This section is non-normative.</em>
@@ -31858,7 +31859,7 @@
store structured data in a storage area, you must first convert it to a
string.
- <h4 id=the-storage><span class=secno>4.10.2 </span>The <code><a
+ <h4 id=the-storage><span class=secno>4.11.2 </span>The <code><a
href="#storage0">Storage</a></code> interface</h4>
<!-- XXX shouldn't we define somewhere how null values get handled
in these methods? Do they get converted to the empty string or
@@ -31975,7 +31976,7 @@
not normative, see the sections below for the normative statement
-->
- <h4 id=the-sessionstorage><span class=secno>4.10.3 </span>The <code
+ <h4 id=the-sessionstorage><span class=secno>4.11.3 </span>The <code
title=dom-sessionStorage><a
href="#sessionstorage">sessionStorage</a></code> attribute</h4>
@@ -32047,7 +32048,7 @@
title=event-storage><a href="#storage1">storage</a></code> event must be
fired, as <a href="#storage1" title=event-storage>described below</a>.
- <h4 id=the-localstorage><span class=secno>4.10.4 </span>The <code
+ <h4 id=the-localstorage><span class=secno>4.11.4 </span>The <code
title=dom-localStorage><a href="#localstorage">localStorage</a></code>
attribute</h4>
@@ -32093,7 +32094,7 @@
must be fired, as <a href="#storage1" title=event-storage>described
below</a>.
- <h4 id=the-storage0><span class=secno>4.10.5 </span>The <code
+ <h4 id=the-storage0><span class=secno>4.11.5 </span>The <code
title=event-storage><a href="#storage1">storage</a></code> event</h4>
<p>The <dfn id=storage1 title=event-storage><code>storage</code></dfn>
@@ -32137,7 +32138,7 @@
the two documents are in the same <a href="#unit-of">unit of related
browsing contexts</a>, or null otherwise.
- <h5 id=event0><span class=secno>4.10.5.1. </span>Event definition</h5>
+ <h5 id=event0><span class=secno>4.11.5.1. </span>Event definition</h5>
<pre class=idl>interface <dfn id=storageevent>StorageEvent</dfn> : Event {
readonly attribute DOMString <a href="#key" title=dom-StorageEvent-key>key</a>;
@@ -32176,10 +32177,10 @@
represents the <code><a href="#window">Window</a></code> that changed the
key.
- <h4 id=miscellaneous0><span class=secno>4.10.6 </span>Miscellaneous
+ <h4 id=miscellaneous0><span class=secno>4.11.6 </span>Miscellaneous
implementation requirements for storage areas</h4>
- <h5 id=disk-space><span class=secno>4.10.6.1. </span>Disk space</h5>
+ <h5 id=disk-space><span class=secno>4.11.6.1. </span>Disk space</h5>
<p>User agents should limit the total amount of space allowed for a storage
area.
@@ -32204,7 +32205,7 @@
Implementation feedback is welcome and will be used to update this
suggestion in future.
- <h5 id=threads0><span class=secno>4.10.6.2. </span>Threads</h5>
+ <h5 id=threads0><span class=secno>4.11.6.2. </span>Threads</h5>
<p>Multiple browsing contexts must be able to access the local storage
areas simultaneously in a predictable manner. Scripts must not be able to
@@ -32228,9 +32229,9 @@
execution. This specification does not require any particular
implementation strategy, so long as the requirement above is met.
- <h4 id=security6><span class=secno>4.10.7 </span>Security and privacy</h4>
+ <h4 id=security6><span class=secno>4.11.7 </span>Security and privacy</h4>
- <h5 id=user-tracking><span class=secno>4.10.7.1. </span>User tracking</h5>
+ <h5 id=user-tracking><span class=secno>4.11.7.1. </span>User tracking</h5>
<p>A third-party advertiser (or any entity capable of getting content
distributed to multiple sites) could use a unique identifier stored in its
@@ -32324,7 +32325,7 @@
headers and configuration settings) to combine separate sessions into
coherent user profiles.
- <h5 id=cookie><span class=secno>4.10.7.2. </span>Cookie resurrection</h5>
+ <h5 id=cookie><span class=secno>4.11.7.2. </span>Cookie resurrection</h5>
<p>If the user interface for persistent storage presents data in the
persistent storage feature separately from data in HTTP session cookies,
@@ -32332,7 +32333,7 @@
allow sites to use the two features as redundant backup for each other,
defeating a user's attempts to protect his privacy.
- <h5 id=dns-spoofing><span class=secno>4.10.7.3. </span>DNS spoofing attacks</h5>
+ <h5 id=dns-spoofing><span class=secno>4.11.7.3. </span>DNS spoofing attacks</h5>
<p>Because of the potential for DNS spoofing attacks, one cannot guarentee
that a host claiming to be in a certain domain really is from that domain.
@@ -32340,7 +32341,7 @@
pages using SSL that have certificates identifying them as being from the
same domain can access their local storage areas.
- <h5 id=cross-directory><span class=secno>4.10.7.4. </span>Cross-directory
+ <h5 id=cross-directory><span class=secno>4.11.7.4. </span>Cross-directory
attacks</h5>
<p>Different authors sharing one host name, for example users hosting
@@ -32354,7 +32355,7 @@
usual DOM scripting security model would make it trivial to bypass this
protection and access the data from any path.
- <h5 id=implementation><span class=secno>4.10.7.5. </span>Implementation
+ <h5 id=implementation><span class=secno>4.11.7.5. </span>Implementation
risks</h5>
<p>The two primary risks when implementing this persistent storage feature
@@ -32378,14 +32379,14 @@
<p>Thus, strictly following the model described in this specification is
important for user security.
- <h3 id=sql><span class=secno>4.11 </span>Client-side database storage</h3>
+ <h3 id=sql><span class=secno>4.12 </span>Client-side database storage</h3>
<!-- Feature requests for future versions (v2):
* deleting databases
* determining how much storage room is left
* handling the database getting corrupted
-->
- <h4 id=introduction3><span class=secno>4.11.1 </span>Introduction</h4>
+ <h4 id=introduction3><span class=secno>4.12.1 </span>Introduction</h4>
<p><em>This section is non-normative.</em>
@@ -32399,7 +32400,7 @@
executeSql('SELECT rowid FROM t WHERE c IN (' + q + ')', array, ...);
-->
- <h4 id=databases><span class=secno>4.11.2 </span>Databases</h4>
+ <h4 id=databases><span class=secno>4.12.2 </span>Databases</h4>
<p>Each <i><a href="#origin0">origin</a></i> has an associated set of
databases. Each database has a name and a current version. There is no way
@@ -32518,7 +32519,7 @@
href="#changeversion">changeVersion()</a></code> method.
</ol>
- <h4 id=executing><span class=secno>4.11.3 </span>Executing SQL statements</h4>
+ <h4 id=executing><span class=secno>4.12.3 </span>Executing SQL statements</h4>
<p>The <code title=dom-database-transaction><a
href="#transaction">transaction()</a></code> and <code
@@ -32641,7 +32642,7 @@
<p class=note>A future version of this specification will probably define
the exact SQL subset required in more detail.
- <h4 id=database><span class=secno>4.11.4 </span>Database query results</h4>
+ <h4 id=database><span class=secno>4.12.4 </span>Database query results</h4>
<p>The <code title=dom-transaction-executeSql>executeSql()</code> method
invokes its callback with a <code><a
@@ -32701,7 +32702,7 @@
have the name of the column and the value of the cell, as they were
returned by the database.
- <h4 id=errors><span class=secno>4.11.5 </span>Errors</h4>
+ <h4 id=errors><span class=secno>4.12.5 </span>Errors</h4>
<p>Errors in the database API are reported using callbacks that have a
<code><a href="#sqlerror">SQLError</a></code> object as one of their
@@ -32784,7 +32785,7 @@
return an error message describing the error encountered. The message
should be localised to the user's language.
- <h4 id=processing3><span class=secno>4.11.6 </span>Processing model</h4>
+ <h4 id=processing3><span class=secno>4.12.6 </span>Processing model</h4>
<p>The <dfn id=transaction0>transaction steps</dfn> are as follows. These
steps must be run asynchronously. These steps are invoked with a
@@ -32912,7 +32913,7 @@
still-pending statements in the transaction are discarded.
</ol>
- <h4 id=privacy><span class=secno>4.11.7 </span>Privacy</h4>
+ <h4 id=privacy><span class=secno>4.12.7 </span>Privacy</h4>
<p>In contrast with the <code title=dom-localStorage><a
href="#localstorage">localStorage</a></code> feature, which intentionally
@@ -32927,9 +32928,9 @@
way as cookies for the purposes of user interfaces, to reduce the risk of
using this feature for cookie resurrection.
- <h4 id=security7><span class=secno>4.11.8 </span>Security</h4>
+ <h4 id=security7><span class=secno>4.12.8 </span>Security</h4>
- <h5 id=user-agents><span class=secno>4.11.8.1. </span>User agents</h5>
+ <h5 id=user-agents><span class=secno>4.12.8.1. </span>User agents</h5>
<p>User agent implementors are strongly encouraged to audit all their
supported SQL statements for security implications. For example, <code
@@ -32942,7 +32943,7 @@
disk representation of the data, as all data in ECMAScript is implicitly
UTF-16.
- <h5 id=sql-injection><span class=secno>4.11.8.2. </span>SQL injection</h5>
+ <h5 id=sql-injection><span class=secno>4.12.8.2. </span>SQL injection</h5>
<p>Authors are strongly recommended to make use of the <code
title="">?</code> placeholder feature of the <code
@@ -32950,9 +32951,9 @@
href="#executesql">executeSql()</a></code> method, and to never construct
SQL statements on the fly.
- <h3 id=links><span class=secno>4.12 </span>Links</h3>
+ <h3 id=links><span class=secno>4.13 </span>Links</h3>
- <h4 id=hyperlink><span class=secno>4.12.1 </span>Hyperlink elements</h4>
+ <h4 id=hyperlink><span class=secno>4.13.1 </span>Hyperlink elements</h4>
<p>The <code><a href="#a">a</a></code>, <code><a
href="#area">area</a></code>, and <code><a href="#link">link</a></code>
@@ -33030,7 +33031,7 @@
fetching the resource, user agents must not use metadata included in the
link to the resource to determine its type.
- <h4 id=following><span class=secno>4.12.2 </span><dfn
+ <h4 id=following><span class=secno>4.13.2 </span><dfn
id=following0>Following hyperlinks</dfn></h4>
<p>When a user <em>follows a hyperlink</em>, the user agent must <a
@@ -33085,7 +33086,7 @@
<p>Otherwise, the browsing context that must be navigated is the same
browsing context as the one which the hyperlink element itself is in.
- <h5 id=hyperlink0><span class=secno>4.12.2.1. </span>Hyperlink auditing</h5>
+ <h5 id=hyperlink0><span class=secno>4.13.2.1. </span>Hyperlink auditing</h5>
<p>If an <code><a href="#a">a</a></code> or <code><a
href="#area">area</a></code> hyperlink element has a <code
@@ -33187,7 +33188,7 @@
it sounds kooky. -->
</div>
- <h4 id=linkTypes><span class=secno>4.12.3 </span>Link types</h4>
+ <h4 id=linkTypes><span class=secno>4.13.3 </span>Link types</h4>
<p>The following table summarises the link types that are defined by this
specification. This table is non-normative; the actual definitions for the
@@ -33510,7 +33511,7 @@
-->
- <h5 id=link-type><span class=secno>4.12.3.1. </span>Link type "<dfn
+ <h5 id=link-type><span class=secno>4.13.3.1. </span>Link type "<dfn
id=alternate title=rel-alternate><code>alternate</code></dfn>"</h5>
<p>The <code title=rel-alternate><a href="#alternate">alternate</a></code>
@@ -33587,7 +33588,7 @@
document, it is also implying that those two documents are alternative
representations of each other.
- <h5 id=link-type0><span class=secno>4.12.3.2. </span>Link type "<dfn
+ <h5 id=link-type0><span class=secno>4.13.3.2. </span>Link type "<dfn
id=archives title=rel-archives><code>archives</code></dfn>"</h5>
<p>The <code title=rel-archives><a href="#archives">archives</a></code>
@@ -33607,7 +33608,7 @@
treat the keyword "<code title="">archive</code>" like the <code
title=rel-archives><a href="#archives">archives</a></code> keyword.
- <h5 id=link-type1><span class=secno>4.12.3.3. </span>Link type "<dfn
+ <h5 id=link-type1><span class=secno>4.13.3.3. </span>Link type "<dfn
id=author title=rel-author><code>author</code></dfn>"</h5>
<p>The <code title=rel-author><a href="#author">author</a></code> keyword
@@ -33639,7 +33640,7 @@
"<code>made</code>" as having the <code title=rel-author><a
href="#author">author</a></code> keyword specified as a link relationship.
- <h5 id=link-type2><span class=secno>4.12.3.4. </span>Link type "<dfn
+ <h5 id=link-type2><span class=secno>4.13.3.4. </span>Link type "<dfn
id=bookmark title=rel-bookmark><code>bookmark</code></dfn>"</h5>
<p>The <code title=rel-bookmark><a href="#bookmark">bookmark</a></code>
@@ -33680,7 +33681,7 @@
...</pre>
</div>
- <h5 id=link-type3><span class=secno>4.12.3.5. </span>Link type "<dfn
+ <h5 id=link-type3><span class=secno>4.13.3.5. </span>Link type "<dfn
id=contact title=rel-contact><code>contact</code></dfn>"</h5>
<p>The <code title=rel-contact><a href="#contact">contact</a></code>
@@ -33705,7 +33706,7 @@
that the referenced document provides further contact information for the
page as a whole.
- <h5 id=link-type4><span class=secno>4.12.3.6. </span>Link type "<dfn
+ <h5 id=link-type4><span class=secno>4.13.3.6. </span>Link type "<dfn
id=external title=rel-external><code>external</code></dfn>"</h5>
<p>The <code title=rel-external><a href="#external">external</a></code>
@@ -33716,7 +33717,7 @@
keyword indicates that the link is leading to a document that is not part
of the site that the current document forms a part of.
- <h5 id=link-type5><span class=secno>4.12.3.7. </span>Link type "<dfn
+ <h5 id=link-type5><span class=secno>4.13.3.7. </span>Link type "<dfn
id=feed title=rel-feed><code>feed</code></dfn>"</h5>
<p>The <code title=rel-feed><a href="#feed">feed</a></code> keyword may be
@@ -33760,7 +33761,7 @@
</ul></pre>
</div>
- <h5 id=link-type6><span class=secno>4.12.3.8. </span>Link type "<dfn
+ <h5 id=link-type6><span class=secno>4.13.3.8. </span>Link type "<dfn
id=help title=rel-help><code>help</code></dfn>"</h5>
<p>The <code title=rel-help><a href="#help">help</a></code> keyword may be
@@ -33788,7 +33789,7 @@
title=rel-help><a href="#help">help</a></code> keyword indicates that the
referenced document provides help for the page as a whole.
- <h5 id=link-type7><span class=secno>4.12.3.9. </span>Link type "<dfn
+ <h5 id=link-type7><span class=secno>4.13.3.9. </span>Link type "<dfn
id=icon3 title=rel-icon><code>icon</code></dfn>"</h5>
<p>The <code title=rel-icon><a href="#icon3">icon</a></code> keyword may be
@@ -33810,7 +33811,7 @@
<!-- XXX we don't define
the content-type sniffing for this keyword -->
- <h5 id=link-type8><span class=secno>4.12.3.10. </span>Link type "<dfn
+ <h5 id=link-type8><span class=secno>4.13.3.10. </span>Link type "<dfn
id=license title=rel-license><code>license</code></dfn>"</h5>
<p>The <code title=rel-license><a href="#license">license</a></code>
@@ -33827,7 +33828,7 @@
treat the keyword "<code title="">copyright</code>" like the <code
title=rel-license><a href="#license">license</a></code> keyword.
- <h5 id=link-type9><span class=secno>4.12.3.11. </span>Link type "<dfn
+ <h5 id=link-type9><span class=secno>4.13.3.11. </span>Link type "<dfn
id=nofollow title=rel-nofollow><code>nofollow</code></dfn>"</h5>
<p>The <code title=rel-nofollow><a href="#nofollow">nofollow</a></code>
@@ -33838,7 +33839,7 @@
keyword indicates that the link is not endorsed by the original author or
publisher of the page.
- <h5 id=link-type10><span class=secno>4.12.3.12. </span>Link type "<dfn
+ <h5 id=link-type10><span class=secno>4.13.3.12. </span>Link type "<dfn
id=noreferrer title=rel-noreferrer><code>noreferrer</code></dfn>"</h5>
<p>The <code title=rel-noreferrer><a
@@ -33852,7 +33853,7 @@
include a <code title="">Referer</code> HTTP header (or equivalent for
other protocols) in the request.
- <h5 id=link-type11><span class=secno>4.12.3.13. </span>Link type "<dfn
+ <h5 id=link-type11><span class=secno>4.13.3.13. </span>Link type "<dfn
id=pingback title=rel-pingback><code>pingback</code></dfn>"</h5>
<p>The <code title=rel-pingback><a href="#pingback">pingback</a></code>
@@ -33864,7 +33865,7 @@
href="#pingback">pingback</a></code> keyword, see the Pingback 1.0
specification. <a href="#refsPINGBACK">[PINGBACK]</a>
- <h5 id=link-type12><span class=secno>4.12.3.14. </span>Link type "<dfn
+ <h5 id=link-type12><span class=secno>4.13.3.14. </span>Link type "<dfn
id=prefetch title=rel-prefetch><code>prefetch</code></dfn>"</h5>
<p>The <code title=rel-prefetch><a href="#prefetch">prefetch</a></code>
@@ -33880,7 +33881,7 @@
<p>There is no default type for resources given by the <code
title=rel-prefetch><a href="#prefetch">prefetch</a></code> keyword.
- <h5 id=link-type13><span class=secno>4.12.3.15. </span>Link type "<dfn
+ <h5 id=link-type13><span class=secno>4.13.3.15. </span>Link type "<dfn
id=search0 title=rel-search><code>search</code></dfn>"</h5>
<p>The <code title=rel-search><a href="#search0">search</a></code> keyword
@@ -33901,7 +33902,7 @@
http://www.opensearch.org/Specifications/OpenSearch/1.1#Autodiscovery_in_HTML.2FXHTML
-->
- <h5 id=link-type14><span class=secno>4.12.3.16. </span>Link type "<dfn
+ <h5 id=link-type14><span class=secno>4.13.3.16. </span>Link type "<dfn
id=stylesheet title=rel-stylesheet><code>stylesheet</code></dfn>"</h5>
<p>The <code title=rel-stylesheet><a
@@ -33929,7 +33930,7 @@
not a supported style sheet type, the user agent must instead assume it to
be <code title="">text/css</code>.
- <h5 id=link-type15><span class=secno>4.12.3.17. </span>Link type "<dfn
+ <h5 id=link-type15><span class=secno>4.13.3.17. </span>Link type "<dfn
id=sidebar title=rel-sidebar><code>sidebar</code></dfn>"</h5>
<p>The <code title=rel-sidebar><a href="#sidebar">sidebar</a></code>
@@ -33949,7 +33950,7 @@
specified is a <dfn id=sidebar0 title=rel-sidebar-hyperlink>sidebar
hyperlink</dfn>.
- <h5 id=link-type16><span class=secno>4.12.3.18. </span>Link type "<dfn
+ <h5 id=link-type16><span class=secno>4.13.3.18. </span>Link type "<dfn
id=tag title=rel-tag><code>tag</code></dfn>"</h5>
<p>The <code title=rel-tag><a href="#tag">tag</a></code> keyword may be
@@ -33962,7 +33963,7 @@
that the <em>tag</em> that the referenced document represents applies to
the current document.
- <h5 id=hierarchical><span class=secno>4.12.3.19. </span>Hierarchical link
+ <h5 id=hierarchical><span class=secno>4.13.3.19. </span>Hierarchical link
types</h5>
<p>Some documents form part of a hierarchical structure of documents.
@@ -33974,7 +33975,7 @@
<p>A document may be part of multiple hierarchies.
- <h6 id=link-type17><span class=secno>4.12.3.19.1. </span>Link type "<dfn
+ <h6 id=link-type17><span class=secno>4.13.3.19.1. </span>Link type "<dfn
id=index title=rel-index><code>index</code></dfn>"</h6>
<p>The <code title=rel-index><a href="#index">index</a></code> keyword may
@@ -33994,7 +33995,7 @@
title="">contents</code>", and "<code title="">toc</code>" like the <code
title=rel-index><a href="#index">index</a></code> keyword.
- <h6 id=link-type18><span class=secno>4.12.3.19.2. </span>Link type "<dfn
+ <h6 id=link-type18><span class=secno>4.13.3.19.2. </span>Link type "<dfn
id=up title=rel-up><code>up</code></dfn>"</h6>
<p>The <code title=rel-up><a href="#up">up</a></code> keyword may be used
@@ -34059,7 +34060,7 @@
<code title=rel-up><a href="#up">up</a></code> keywords (the interface
hides duplicates).
- <h5 id=sequential0><span class=secno>4.12.3.20. </span>Sequential link
+ <h5 id=sequential0><span class=secno>4.13.3.20. </span>Sequential link
types</h5>
<p>Some documents form part of a sequence of documents.
@@ -34071,7 +34072,7 @@
<p>A document may be part of multiple sequences.
- <h6 id=link-type19><span class=secno>4.12.3.20.1. </span>Link type "<dfn
+ <h6 id=link-type19><span class=secno>4.13.3.20.1. </span>Link type "<dfn
id=first title=rel-first><code>first</code></dfn>"</h6>
<p>The <code title=rel-first><a href="#first">first</a></code> keyword may
@@ -34090,7 +34091,7 @@
title="">start</code>" like the <code title=rel-first><a
href="#first">first</a></code> keyword.
- <h6 id=link-type20><span class=secno>4.12.3.20.2. </span>Link type "<dfn
+ <h6 id=link-type20><span class=secno>4.13.3.20.2. </span>Link type "<dfn
id=last title=rel-last><code>last</code></dfn>"</h6>
<p>The <code title=rel-last><a href="#last">last</a></code> keyword may be
@@ -34107,7 +34108,7 @@
treat the keyword "<code title="">end</code>" like the <code
title=rel-last><a href="#last">last</a></code> keyword.
- <h6 id=link-type21><span class=secno>4.12.3.20.3. </span>Link type "<dfn
+ <h6 id=link-type21><span class=secno>4.13.3.20.3. </span>Link type "<dfn
id=next title=rel-next><code>next</code></dfn>"</h6>
<p>The <code title=rel-next><a href="#next">next</a></code> keyword may be
@@ -34120,7 +34121,7 @@
indicates that the document is part of a sequence, and that the link is
leading to the document that is the next logical document in the sequence.
- <h6 id=link-type22><span class=secno>4.12.3.20.4. </span>Link type "<dfn
+ <h6 id=link-type22><span class=secno>4.13.3.20.4. </span>Link type "<dfn
id=prev title=rel-prev><code>prev</code></dfn>"</h6>
<p>The <code title=rel-prev><a href="#prev">prev</a></code> keyword may be
@@ -34138,7 +34139,7 @@
treat the keyword "<code title="">previous</code>" like the <code
title=rel-prev><a href="#prev">prev</a></code> keyword.
- <h5 id=other0><span class=secno>4.12.3.21. </span>Other link types</h5>
+ <h5 id=other0><span class=secno>4.13.3.21. </span>Other link types</h5>
<p>Other than the types defined above, only types defined as extensions in
the <a href="http://wiki.whatwg.org/wiki/RelExtensions">WHATWG Wiki
@@ -34267,7 +34268,7 @@
<p>This specification does not define how new values will get approved. It
is expected that the Wiki will have a community that addresses this.
- <h3 id=interfaces><span class=secno>4.13 </span>Interfaces for URI
+ <h3 id=interfaces><span class=secno>4.14 </span>Interfaces for URI
manipulation</h3>
<p>An interface that has a complement of <dfn id=uri-decomposition>URI
Modified: source
===================================================================
--- source 2008-04-28 09:45:02 UTC (rev 1498)
+++ source 2008-04-28 10:08:56 UTC (rev 1499)
@@ -24758,46 +24758,7 @@
- <h3 id="scripting">Scripting</h3>
-
- <h4>Running executable code</h4>
-
- <p>Various mechanisms can cause author-provided executable code to
- run in the context of a document. These mechanisms include, but are
- probably not limited to:</p>
-
- <ul>
-
- <li>Processing of <code>script</code> elements.</li>
-
- <li>Processing of inline <code title="javascript
- protocol">javascript:</code> URIs (e.g. the <code
- title="attr-img-src">src</code> attribute of <code>img</code>
- elements, or an <code title="">@import</code> rule in a CSS
- <code>style</code> element block).</li>
-
- <li>Event handlers, whether registered through the DOM using <code
- title="">addEventListener()</code>, by explicit <span>event handler
- content attributes</span>, by <span>event handler DOM
- attributes</span>, or otherwise.</li>
-
- <li>Processing of technologies like XBL or SVG that have their own
- scripting features.</li>
-
- </ul>
-
- <p>User agents may provide a mechanism to enable or disable the
- execution of author-provided code. When the user agent is configured
- such that author-provided code does not execute, or if the user
- agent is implemented so as to never execute author-provided code, it
- is said that <dfn>scripting is disabled</dfn>. When author-provided
- code <em>does</em> execute, <dfn>scripting is enabled</dfn>. A user
- agent with scripting disabled is a <span title="User agents with no
- scripting support">user agent with no scripting support</span> for
- the purposes of conformance.</p>
-
-
- <h4>Origin</h4>
+ <h3>Origin</h3>
<!-- Hallowed are the Ori -->
<!--
@@ -25008,6 +24969,46 @@
</ol>
+
+
+ <h3 id="scripting">Scripting</h3>
+
+ <h4>Running executable code</h4>
+
+ <p>Various mechanisms can cause author-provided executable code to
+ run in the context of a document. These mechanisms include, but are
+ probably not limited to:</p>
+
+ <ul>
+
+ <li>Processing of <code>script</code> elements.</li>
+
+ <li>Processing of inline <code title="javascript
+ protocol">javascript:</code> URIs (e.g. the <code
+ title="attr-img-src">src</code> attribute of <code>img</code>
+ elements, or an <code title="">@import</code> rule in a CSS
+ <code>style</code> element block).</li>
+
+ <li>Event handlers, whether registered through the DOM using <code
+ title="">addEventListener()</code>, by explicit <span>event handler
+ content attributes</span>, by <span>event handler DOM
+ attributes</span>, or otherwise.</li>
+
+ <li>Processing of technologies like XBL or SVG that have their own
+ scripting features.</li>
+
+ </ul>
+
+ <p>User agents may provide a mechanism to enable or disable the
+ execution of author-provided code. When the user agent is configured
+ such that author-provided code does not execute, or if the user
+ agent is implemented so as to never execute author-provided code, it
+ is said that <dfn>scripting is disabled</dfn>. When author-provided
+ code <em>does</em> execute, <dfn>scripting is enabled</dfn>. A user
+ agent with scripting disabled is a <span title="User agents with no
+ scripting support">user agent with no scripting support</span> for
+ the purposes of conformance.</p>
+
More information about the Commit-Watchers
mailing list