[html5] r838 - /

whatwg at whatwg.org whatwg at whatwg.org
Tue May 22 18:50:23 PDT 2007


Author: ianh
Date: 2007-05-22 18:50:21 -0700 (Tue, 22 May 2007)
New Revision: 838

Modified:
   index
   source
Log:
[] (0) By popular request, a SQL database for your enjoyment.

Modified: index
===================================================================
--- index	2007-05-22 21:21:13 UTC (rev 837)
+++ index	2007-05-23 01:50:21 UTC (rev 838)
@@ -22,7 +22,7 @@
 
    <h1 id=html-5>HTML 5</h1>
 
-   <h2 class="no-num no-toc" id=working>Working Draft — 22 May 2007</h2>
+   <h2 class="no-num no-toc" id=working>Working Draft — 23 May 2007</h2>
 
    <p>You can take part in this work. <a
     href="http://www.whatwg.org/mailing-list">Join the working group's
@@ -1141,7 +1141,7 @@
       </ul>
 
      <li><a href="#storage"><span class=secno>4.11. </span>Client-side
-      session and persistent storage</a>
+      session and persistent storage of name/value pairs</a>
       <ul class=toc>
        <li><a href="#introduction0"><span class=secno>4.11.1.
         </span>Introduction</a>
@@ -1207,6 +1207,31 @@
           </span>Implementation risks</a>
         </ul>
       </ul>
+
+     <li><a href="#sql"><span class=secno>4.12. </span>Client-side database
+      storage</a>
+      <ul class=toc>
+       <li><a href="#introduction1"><span class=secno>4.12.1.
+        </span>Introduction</a>
+
+       <li><a href="#executing"><span class=secno>4.12.2. </span>Executing
+        SQL statements</a>
+
+       <li><a href="#database"><span class=secno>4.12.3. </span>Database
+        query results</a>
+
+       <li><a href="#privacy"><span class=secno>4.12.4. </span>Privacy</a>
+
+       <li><a href="#security6"><span class=secno>4.12.5. </span>Security</a>
+        
+        <ul class=toc>
+         <li><a href="#user-agents"><span class=secno>4.12.5.1. </span>User
+          agents</a>
+
+         <li><a href="#sql-injection"><span class=secno>4.12.5.2. </span>SQL
+          injection</a>
+        </ul>
+      </ul>
     </ul>
 
    <li><a href="#editing"><span class=secno>5. </span>Editing</a>
@@ -1261,7 +1286,7 @@
           selection</a>
         </ul>
 
-       <li><a href="#security6"><span class=secno>5.3.6. </span>Security
+       <li><a href="#security7"><span class=secno>5.3.6. </span>Security
         risks in the drag-and-drop model</a>
       </ul>
 
@@ -2396,7 +2421,7 @@
 
   <h4 id=security><span class=secno>2.1.1. </span>Security</h4>
 
-  <p>User agents must raise a <a href="#security7">security exception</a>
+  <p>User agents must raise a <a href="#security8">security exception</a>
    whenever any of the members of an <code><a
    href="#htmldocument">HTMLDocument</a></code> object are accessed by
    scripts whose <a href="#origin0">origin</a> is not the same as the
@@ -2424,7 +2449,7 @@
    current value. On setting, if the new value is an allowed value (as
    defined below), the attribute's value must be changed to the new value. If
    the new value is not an allowed value, then a <a
-   href="#security7">security exception</a> must be raised instead.
+   href="#security8">security exception</a> must be raised instead.
 
   <p>A new value is an allowed value for the <code
    title=dom-document-domain><a href="#domain">document.domain</a></code>
@@ -15069,7 +15094,7 @@
    href="#todataurl">toDataURL()</a></code> and <code
    title=dom-context-2d-getImageData><a
    href="#getimagedata">getImageData()</a></code> methods should raise a <a
-   href="#security7">security exception</a> if the canvas has ever had an
+   href="#security8">security exception</a> if the canvas has ever had an
    image painted on it whose <a href="#origin0">origin</a> is different from
    that of the script calling the method.
 
@@ -18827,7 +18852,7 @@
 
      <dt>Otherwise
 
-     <dd>The user agent must immediately <a href="#executing"
+     <dd>The user agent must immediately <a href="#executing0"
       title="executing a script block">execute the script</a>, even if other
       scripts are already executing.
     </dl>
@@ -18851,7 +18876,7 @@
        do nothing yet. Stop going through these steps.</p>
 
      <li>
-      <p>Otherwise, <a href="#executing" title="executing a script
+      <p>Otherwise, <a href="#executing0" title="executing a script
        block">execute the script</a> (that is, the script associated with the
        first element in the list).</p>
 
@@ -18875,7 +18900,7 @@
        yet. Stop going through these steps.</p>
 
      <li>
-      <p><a href="#executing" title="executing a script block">Execute the
+      <p><a href="#executing0" title="executing a script block">Execute the
        script</a> (the script associated with the first element in the list).</p>
 
      <li>
@@ -18896,7 +18921,7 @@
    <dd>
     <ol>
      <li>
-      <p><a href="#executing" title="executing a script block">Execute the
+      <p><a href="#executing0" title="executing a script block">Execute the
        script</a>.</p>
 
      <li>
@@ -18914,7 +18939,7 @@
   <p>The download of an external script must <a href="#delays">delay the
    <code title=event-load>load</code> event</a>.
 
-  <p><dfn id=executing title="executing a script block">Executing a script
+  <p><dfn id=executing0 title="executing a script block">Executing a script
    block</dfn>: If the load resulted in an error (for example a DNS error, or
    an HTTP 404 error), then executing the script must just consist of <a
    href="#firing5" title="fire an error event">firing an <code
@@ -22730,6 +22755,7 @@
   readonly attribute <a href="#clientinformation">ClientInformation</a> <a href="#navigator" title=dom-navigator>navigator</a>; <!-- XXX IE6 also has window.clientInformation pointing to this same object -->
   readonly attribute <a href="#storage2">Storage</a> <a href="#sessionstorage" title=dom-sessionStorage>sessionStorage</a>;
   readonly attribute <a href="#storagelist">StorageList</a> <a href="#globalstorage" title=dom-globalStorage>globalStorage</a>;
+  <a href="#resultset">ResultSet</a> <a href="#executesql" title=dom-executeSql>executeSql</a>(in DOMString sqlStatement, <var title="">arguments...</var>);
 
   // modal user prompts
   void <a href="#alert" title=dom-alert>alert</a>(in DOMString message);
@@ -22812,7 +22838,7 @@
 
   <h4 id=security1><span class=secno>4.2.1. </span>Security</h4>
 
-  <p>User agents must raise a <a href="#security7">security exception</a>
+  <p>User agents must raise a <a href="#security8">security exception</a>
    whenever any of the members of a <code><a href="#window">Window</a></code>
    object are accessed by scripts whose <a href="#origin0">origin</a> is not
    the same as the <code><a href="#window">Window</a></code> object's <a
@@ -23401,7 +23427,7 @@
 
   <h5 id=security2><span class=secno>4.3.4.1. </span>Security</h5>
 
-  <p>User agents must raise a <a href="#security7">security exception</a>
+  <p>User agents must raise a <a href="#security8">security exception</a>
    whenever any of the members of a <code><a
    href="#location2">Location</a></code> object are accessed by scripts whose
    <a href="#origin0">origin</a> is not the same as the <code><a
@@ -25949,7 +25975,7 @@
 
   <h4 id=security3><span class=secno>4.9.3. </span>Security exceptions</h4>
 
-  <p class=big-issue>Define <dfn id=security7>security exception</dfn>.
+  <p class=big-issue>Define <dfn id=security8>security exception</dfn>.
 
   <h4 id=javascript-protocol><span class=secno>4.9.4. </span><dfn
    id=the-javascript title="javascript protocol">The <code
@@ -26728,7 +26754,7 @@
      the user what the site in question is.</p>
   </dl>
 
-  <p>User agents should raise <a href="#security7" title="security
+  <p>User agents should raise <a href="#security8" title="security
    exception">security exceptions</a> if the methods are called with <var
    title="">protocol</var> or <var title="">mimeType</var> values that the UA
    deems to be "privileged". For example, a site attempting to register a
@@ -26918,8 +26944,7 @@
    protocols.
 
   <h3 id=storage><span class=secno>4.11. </span>Client-side session and
-   persistent storage</h3>
-  <!-- local storage -->
+   persistent storage of name/value pairs</h3>
 
   <h4 id=introduction0><span class=secno>4.11.1. </span>Introduction</h4>
 
@@ -27121,7 +27146,7 @@
    objects referring to this key/value pair will return the value given in
    the <var title="">value</var> argument. If it is <em>not</em>
    <span>accessible</span>, the method must raise a <a
-   href="#security7">security exception</a>.
+   href="#security8">security exception</a>.
 
   <p>When the <code title=dom-Storage-setItem><a
    href="#setitem">setItem()</a></code> method is successfully invoked (i.e.
@@ -27143,7 +27168,7 @@
    with the object, if it exists and is <span>accessible</span>. If no item
    with that key exists, the method must do nothing. If an item with that key
    exists but is not <span>accessible</span>, the method must raise a <a
-   href="#security7">security exception</a>.
+   href="#security8">security exception</a>.
 
   <p>The <code title=dom-Storage-setItem><a
    href="#setitem">setItem()</a></code> and <code
@@ -27296,7 +27321,7 @@
    href="#setitem">setItem()</a></code> method is called on a <code><a
    href="#storage2">Storage</a></code> object <var title="">x</var> that is
    associated with a session storage area, then, if the method does not raise
-   a <a href="#security7">security exception</a>, in every <code><a
+   a <a href="#security8">security exception</a>, in every <code><a
    href="#htmldocument">HTMLDocument</a></code> object whose <code><a
    href="#window">Window</a></code> object's <code
    title=dom-sessionStorage><a
@@ -27387,7 +27412,7 @@
   <p>If the script's origin has no domain part, e.g. if only the server's IP
    address is known, and the <a href="#normalised0">normalised requested
    domain</a> is not the empty string, then the user agent must raise a <a
-   href="#security7">security exception</a>.
+   href="#security8">security exception</a>.
 
   <p class=note>If the <a href="#normalised0">normalised requested domain</a>
    is the empty string, then the rest of this algorithm can be skipped. This
@@ -27418,7 +27443,7 @@
 
   <p>If the two arrays are not component-for-component identical in literal
    string comparisons, then the user agent must then raise a <a
-   href="#security7">security exception</a>.
+   href="#security8">security exception</a>.
 
   <p>Otherwise, the user agent must check to see if it has allocated global
    storage area for the <a href="#normalised0">normalised requested
@@ -27457,7 +27482,7 @@
      href="#storagelist">StorageList</a></code> object's <code
      title=dom-Storagelist-namedItem><a
      href="#nameditem2">namedItem()</a></code> method would not raise a <a
-     href="#security7">security exception</a> according to the rules above if
+     href="#security8">security exception</a> according to the rules above if
      it was invoked with the domain <var title="">d</var>.
    </ul>
 
@@ -27887,6 +27912,188 @@
    list of "<a href="#public0" title="public storage area">public</a>"
    domains, and apply the restrictions described above.
 
+  <h3 id=sql><span class=secno>4.12. </span>Client-side database storage</h3>
+
+  <h4 id=introduction1><span class=secno>4.12.1. </span>Introduction</h4>
+
+  <p class=big-issue>...
+
+  <h4 id=executing><span class=secno>4.12.2. </span>Executing SQL statements</h4>
+
+  <p>Each <a href="#origin0">origin</a> must have an associated database
+   unique to that origin. An author can interact with the database using the
+   <code title=dom-executeSql><a href="#executesql">executeSql()</a></code>
+   method.
+
+  <p>When the <dfn id=executesql title=dom-executeSql><code>executeSql(<var
+   title="">sqlStatement</var>, <var
+   title="">arguments...</var>)</code></dfn> method is invoked, the user
+   agent must first interpret the first argument to the method (<var
+   title="">sqlStatement</var>) as an SQL statement, replacing any <code
+   title="">?</code> placeholders in the statement with the values given in
+   the subsequent arguments (<var title="">arguments...</var>), and must then
+   evaluate the statement as an SQL statement in the context of the database
+   associated with the <a href="#origin0">origin</a> of the <a
+   href="#active">active document</a> of the <a href="#browsing0">browsing
+   context</a> of the <code><a href="#window">Window</a></code> object on
+   which the method was called. <a href="#refsSQL">[SQL]</a>
+
+  <p>If the <code title=dom-executeSql><a
+   href="#executesql">executeSql()</a></code> method is called with a
+   different number of arguments after the statement than there are
+   placeholder <code title="">?</code> characters in the statement, then the
+   method must raise a <code>SYNTAX_ERR</code> exception.
+
+  <p>Otherwise, the method must return a <code><a
+   href="#resultset">ResultSet</a></code> object representing the result of
+   the operation.
+
+  <p>The user agent must act as if the database was hosted in an otherwise
+   completely empty environment with no resources. For example, attempts to
+   read from or write to the filesystem will fail.
+
+  <p>User agents should limit the total amount of space allowed for each
+   origin, but may prompt the user and extend the limit if a database is
+   reaching its quota. User agents should allow users to see how much space
+   each database is using.
+
+  <p>A mostly arbitrary limit of five megabytes per origin is recommended.
+   Implementation feedback is welcome and will be used to update this
+   suggestion in future.
+
+  <p>SQL inherently supports multiple concurrent connections. Authors should
+   make use of SQL's transaction features if multiple scripts are expected to
+   interact with the same database simultaneously (as could happen if the
+   same page was opened in two different <a href="#browsing0" title="browsing
+   context">browsing contexts</a>).
+
+  <p class=note>A future version of this specification may define the exact
+   SQL subset required in more detail.
+
+  <h4 id=database><span class=secno>4.12.3. </span>Database query results</h4>
+
+  <p>Calls to the <code title=dom-executeSql><a
+   href="#executesql">executeSql()</a></code> method return <code><a
+   href="#resultset">ResultSet</a></code> objects.
+
+  <pre class=idl>interface <dfn id=resultset>ResultSet</dfn> {
+  // cursor
+  readonly attribute boolean <a href="#validrow" title=dom-ResultSet-validRow>validRow</a>;
+  void <a href="#next0" title=dom-ResultSet-next>next</a>();
+
+  // current row accessors
+  readonly attribute unsigned int <a href="#length8" title=dom-ResultSet-length>length</a>;
+  DOMString <a href="#getname" title=dom-ResultSet-getName>getName</a>(in unsigned int field);
+  Object <a href="#itemfield" title=dom-ResultSet-item>item</a>(in unsigned int field);
+  Object <a href="#nameditem3" title=dom-ResultSet-namedItem>namedItem</a>(in DOMString field);
+
+  // general result accessors
+  readonly attribute int <a href="#insertid" title=dom-ResultSet-insertId>insertId</a>;
+};</pre>
+
+  <p>A <code><a href="#resultset">ResultSet</a></code> object has a cursor
+   which visits the results of a SQL statement, in the order returned.
+   Initially, the cursor must point at the first row returned by the
+   statement, if any. Once a row has been visited, it cannot be visited again
+   (the cursor cannot go backwards).
+
+  <p>The <dfn id=validrow
+   title=dom-ResultSet-validRow><code>validRow</code></dfn> attribute must
+   return return true if the <code><a href="#resultset">ResultSet</a></code>
+   object's cursor is at a row with data. If the cursor has been moved beyond
+   the last row of the results, or if there were no results for the SQL
+   statement in question, then the method must return false.
+
+  <p>The <dfn id=next0 title=dom-ResultSet-next><code>next()</code></dfn>
+   method must advance the cursor to the next row. If there are no more rows
+   it must advance the cursor past the end of the results, so that <code
+   title=dom-ResultSet-validRow><a href="#validrow">validRow</a></code> will
+   return false.
+
+  <p>Each row of the results consists of a set of fields. Each field has a
+   name and a value. The fields are ordered. The names of the fields, and
+   their order, must be the same for every row in the results.
+
+  <p>The <dfn id=length8 title=dom-ResultSet-length><code>length</code></dfn>
+   attribute must return the number of fields in each row. If the <code><a
+   href="#resultset">ResultSet</a></code> object has no results rows (i.e. if
+   the SQL statement executed did not return any results) then the attribute
+   must return zero.
+
+  <p>The <dfn id=getname title=dom-ResultSet-getName><code>getName(<var
+   title="">field</var>)</code></dfn> method must return the name of the
+   field with index <var title="">field</var>.
+
+  <p>The <dfn id=itemfield title=dom-ResultSet-item><code>item(<var
+   title="">field</var>)</code></dfn> method must return the value of the
+   field with index <var title="">field</var>. In the ECMAScript binding, the
+   object's [[Get]] method, when invoked with a numeric argument, must have
+   the same effect as calling the <code title=dom-ResultSet-item><a
+   href="#itemfield">item()</a></code> method.
+
+  <p>If the <var title="">field</var> argument of either the <code
+   title=dom-ResultSet-getName><a href="#getname">getName()</a></code> or
+   <code title=dom-ResultSet-item><a href="#itemfield">item()</a></code>
+   methods is ever less than zero or greater than or equal to the number of
+   fields in each row, or if those methods are called when the <code><a
+   href="#resultset">ResultSet</a></code> object has no results rows, the
+   methods must instead raise an <code>INDEX_SIZE_ERR</code> exception.
+
+  <p>The <dfn id=nameditem3
+   title=dom-ResultSet-namedItem><code>namedItem(<var
+   title="">field</var>)</code></dfn> method must return the value of the
+   field with the name <var title="">field</var>. If there is no field with
+   that name, the method must instead raise a <code>SYNTAX_ERR</code>
+   exception. In the ECMAScript binding, the object's [[Get]] method, when
+   invoked with a non-numeric argument, must have the same effect as calling
+   the <code title=dom-ResultSet-namedItem><a
+   href="#nameditem3">namedItem()</a></code> method.
+
+  <p>The <dfn id=insertid
+   title=dom-ResultSet-insertId><code>insertId</code></dfn> attribute must
+   return the row ID of the row that the <code><a
+   href="#resultset">ResultSet</a></code> object's SQL statement inserted
+   into the database, if the statement inserted a row. If the statement did
+   not insert a row, then the attribute must instead raise an
+   <code>INVALID_ACCESS_ERR</code> exception.
+
+  <h4 id=privacy><span class=secno>4.12.4. </span>Privacy</h4>
+
+  <p>In contrast with the <code title=dom-globalStorage><a
+   href="#globalstorage">globalStorage</a></code> feature, which
+   intentionally allows data to be accessed across multiple domains,
+   protocols, and ports (albeit in a controlled fashion), this database
+   feature is limited to scripts running with the same <a
+   href="#origin0">origin</a> as the database. Thus, it is expected that the
+   privacy implications be equivalent to those already present in allowing
+   scripts to communicate with their originating host.
+
+  <p>User agents are encouraged to treat data stored in databases in the same
+   way as cookies for the purposes of user interfaces, to reduce the risk of
+   using this feature for cookie resurrection.
+
+  <h4 id=security6><span class=secno>4.12.5. </span>Security</h4>
+
+  <h5 id=user-agents><span class=secno>4.12.5.1. </span>User agents</h5>
+
+  <p>User agent implementors are strongly encouraged to audit all their
+   supported SQL statements for security implications. For example, <code
+   title="">LOAD DATA INFILE</code> is likely to pose security risks and
+   there is little reason to support it.
+
+  <p>In general, it is recommended that user agents not support features that
+   control how databases are stored on disk. For example, there is little
+   reason to allow Web authors to control the character encoding used in the
+   disk representation of the data, as all data in ECMAScript is implicitly
+   UTF-16.
+
+  <h5 id=sql-injection><span class=secno>4.12.5.2. </span>SQL injection</h5>
+
+  <p>Authors are strongly recommended to make use of the <code
+   title="">?</code> placeholder feature of the <code title=dom-executeSql><a
+   href="#executesql">executeSql()</a></code> method, and to never construct
+   SQL statements on the fly.
+
   <h2 id=editing><span class=secno>5. </span><dfn id=editing0>Editing</dfn></h2>
 
   <p>This section describes various features that allow authors to enable
@@ -29223,7 +29430,7 @@
   <p>If the contents of the selection cannot be represented as text or URIs,
    then the paste operation must not have any effect.
 
-  <h4 id=security6><span class=secno>5.3.6. </span>Security risks in the
+  <h4 id=security7><span class=secno>5.3.6. </span>Security risks in the
    drag-and-drop model</h4>
 
   <p>User agents must not make the data added to the <code><a
@@ -29327,7 +29534,7 @@
   void <a href="#clearundo" title=dom-UndoManager-clearUndo>clearUndo</a>();
   void <a href="#clearredo" title=dom-UndoManager-clearRedo>clearRedo</a>();
   DOMObject <a href="#itemn" title=dom-UndoManager-item>item</a>(in unsigned long index);
-  readonly attribute unsigned long <a href="#length8" title=dom-UndoManager-length>length</a>;
+  readonly attribute unsigned long <a href="#length9" title=dom-UndoManager-length>length</a>;
   readonly attribute unsigned long <a href="#position0" title=dom-UndoManager-position>position</a>;
 };</pre>
 
@@ -29352,7 +29559,7 @@
    entries are absent from the <a href="#undo-transaction">undo transaction
    history</a>.
 
-  <p>The <dfn id=length8
+  <p>The <dfn id=length9
    title=dom-UndoManager-length><code>length</code></dfn> attribute must
    return the number of <a href="#undo-object">undo object</a> entries in the
    <a href="#undo-transaction">undo transaction history</a>.
@@ -29376,7 +29583,7 @@
    nearest to the <a href="#current3">undo position</a>, on the "redo" side.
    If there are no <a href="#undo-object">undo object</a> entries on the
    "redo" side, then the attribute must return the same as the <code
-   title=dom-UndoManager-length><a href="#length8">length</a></code>
+   title=dom-UndoManager-length><a href="#length9">length</a></code>
    attribute. If there are no <a href="#undo-object">undo object</a> entries
    on the "undo" side of the <a href="#current3">undo position</a>, the <code
    title=dom-UndoManager-position><a href="#position0">position</a></code>
@@ -29423,7 +29630,7 @@
    href="#undo-object">undo object</a> entry with the specified <var
    title="">index</var>. If the index is less than zero or greater than or
    equal to <code title=dom-UndoManager-length><a
-   href="#length8">length</a></code> then the method must raise an
+   href="#length9">length</a></code> then the method must raise an
    <code>INDEX_SIZE_ERR</code> exception. <a href="#dom-changes">DOM
    changes</a> entries are unaffected by this method.
 
@@ -30957,7 +31164,7 @@
 
   <p>First, if the domain part of the script's <a href="#origin0">origin</a>
    is not a host name (e.g. it is an IP address) then the UA must raise a <a
-   href="#security7">security exception</a>. <span class=issue>We currently
+   href="#security8">security exception</a>. <span class=issue>We currently
    don't allow connections to be set up back to an originating IP address,
    but we could, if the subdomain is the empty string.</span>
 
@@ -30977,15 +31184,15 @@
     65535,
   </ul>
 
-  <p>...then the UA must raise a <a href="#security7">security exception</a>.</p>
+  <p>...then the UA must raise a <a href="#security8">security exception</a>.</p>
   <!-- XXX we should have our own port for this too, e.g. 980 -->
 
   <p>Otherwise, the user agent must verify that the <a href="#the-string">the
    string representing the script's domain in IDNA format</a> can be obtained
    without errors. If it cannot, then the user agent must raise a <a
-   href="#security7">security exception</a>.
+   href="#security8">security exception</a>.
 
-  <p>The user agent may also raise a <a href="#security7">security
+  <p>The user agent may also raise a <a href="#security8">security
    exception</a> at this time if, for some reason, permission to create a
    direct TCP connection to the relevant host is denied. Reasons could
    include the UA being instructed by the user to not allow direct
@@ -31047,7 +31254,7 @@
    href="#network1">network</a></code> attribute of the object must be set to
    <a href="#the-string">the string representing the script's domain in IDNA
    format</a>. If this string cannot be obtained, then the user agent must
-   raise a <a href="#security7">security exception</a> exception when the
+   raise a <a href="#security8">security exception</a> exception when the
    constructor is called.
 
   <p>The <code title=dom-Connection-peer><a href="#peer">peer</a></code>
@@ -31055,7 +31262,7 @@
 
   <p>The object must then be returned, unless, for some reason, permission to
    broadcast on the local network is to be denied. In the latter case, a <a
-   href="#security7">security exception</a> must be raised instead. User
+   href="#security8">security exception</a> must be raised instead. User
    agents may deny such permission for any reason, for example a user
    preference.
 
@@ -31186,7 +31393,7 @@
    href="#network1">network</a></code> attribute of the object must be set to
    <a href="#the-string">the string representing the script's domain in IDNA
    format</a>. If this string cannot be obtained, then the user agent must
-   raise a <a href="#security7">security exception</a> exception when the
+   raise a <a href="#security8">security exception</a> exception when the
    constructor is called.
 
   <p>The <code title=dom-Connection-peer><a href="#peer">peer</a></code>
@@ -31195,7 +31402,7 @@
   <p>The object must then be returned, unless, for some reason, permission to
    establish peer-to-peer connections is generally disallowed, for example
    due to administrator settings. In the latter case, a <a
-   href="#security7">security exception</a> must be raised instead.
+   href="#security8">security exception</a> must be raised instead.
 
   <p>The user agent must then, typically while the script resumes execution,
    find a remote host to establish a connection to. To do this it must start
@@ -32969,7 +33176,7 @@
    will execute as soon as possible</a> or the first script in the <a
    href="#list-of0">list of scripts that will execute asynchronously</a>, has
    <span>completed loading</span><!-- XXX xref -->. If one has, then it must
-   be <a href="#executing" title="executing a script block">executed</a> and
+   be <a href="#executing0" title="executing a script block">executed</a> and
    removed from its list.
 
   <p>The tokeniser state machine is as follows:
@@ -35015,7 +35222,7 @@
              before the <a href="#next-input">next input character</a>.
 
            <li>
-            <p><a href="#executing" title="executing a script block">Execute
+            <p><a href="#executing0" title="executing a script block">Execute
              the script</a>.
 
            <li>

Modified: source
===================================================================
--- source	2007-05-22 21:21:13 UTC (rev 837)
+++ source	2007-05-23 01:50:21 UTC (rev 838)
@@ -20435,6 +20435,7 @@
   readonly attribute <span>ClientInformation</span> <span title="dom-navigator">navigator</span>; <!-- XXX IE6 also has window.clientInformation pointing to this same object -->
   readonly attribute <span>Storage</span> <span title="dom-sessionStorage">sessionStorage</span>;
   readonly attribute <span>StorageList</span> <span title="dom-globalStorage">globalStorage</span>;
+  <span>ResultSet</span> <span title="dom-executeSql">executeSql</span>(in DOMString sqlStatement, <var title="">arguments...</var>);
 
   // modal user prompts
   void <span title="dom-alert">alert</span>(in DOMString message);
@@ -24421,7 +24422,7 @@
   of unknown protocols.</p>
 
 
-  <h3 id="storage">Client-side session and persistent storage</h3> <!-- local storage -->
+  <h3 id="storage">Client-side session and persistent storage of name/value pairs</h3>
 
   <h4>Introduction</h4>
 
@@ -25421,8 +25422,195 @@
 
 
 
+  <h3 id="sql">Client-side database storage</h3>
 
+  <h4>Introduction</h4>
 
+  <p class="big-issue">...</p>
+
+  <h4>Executing SQL statements</h4>
+
+  <p>Each <span>origin</span> must have an associated database unique
+  to that origin. An author can interact with the database using the
+  <code title="dom-executeSql">executeSql()</code> method.</p>
+
+  <p>When the <dfn title="dom-executeSql"><code>executeSql(<var
+  title="">sqlStatement</var>, <var
+  title="">arguments...</var>)</code></dfn> method is invoked, the
+  user agent must first interpret the first argument to the method
+  (<var title="">sqlStatement</var>) as an SQL statement, replacing
+  any <code title="">?</code> placeholders in the statement with the
+  values given in the subsequent arguments (<var
+  title="">arguments...</var>), and must then evaluate the statement
+  as an SQL statement in the context of the database associated with
+  the <span>origin</span> of the <span>active document</span> of the
+  <span>browsing context</span> of the <code>Window</code> object on
+  which the method was called. <a href="#refsSQL">[SQL]</a></p>
+
+  <p>If the <code title="dom-executeSql">executeSql()</code> method is
+  called with a different number of arguments after the statement than
+  there are placeholder <code title="">?</code> characters in the
+  statement, then the method must raise a <code>SYNTAX_ERR</code>
+  exception.</p>
+
+  <p>Otherwise, the method must return a <code>ResultSet</code> object
+  representing the result of the operation.</p>
+
+  <p>The user agent must act as if the database was hosted in an
+  otherwise completely empty environment with no resources. For
+  example, attempts to read from or write to the filesystem will
+  fail.</p>
+
+  <p>User agents should limit the total amount of space allowed for
+  each origin, but may prompt the user and extend the limit if a
+  database is reaching its quota. User agents should allow users to
+  see how much space each database is using.</p>
+
+  <p>A mostly arbitrary limit of five megabytes per origin is
+  recommended. Implementation feedback is welcome and will be used to
+  update this suggestion in future.</p>
+
+  <p>SQL inherently supports multiple concurrent connections. Authors
+  should make use of SQL's transaction features if multiple scripts
+  are expected to interact with the same database simultaneously (as
+  could happen if the same page was opened in two different <span
+  title="browsing context">browsing contexts</span>).</p>
+
+  <p class="note">A future version of this specification may define
+  the exact SQL subset required in more detail.</p>
+
+
+  <h4>Database query results</h4>
+
+  <p>Calls to the <code title="dom-executeSql">executeSql()</code>
+  method return <code>ResultSet</code> objects.</p>
+
+  <pre class="idl">interface <dfn>ResultSet</dfn> {
+  // cursor
+  readonly attribute boolean <span title="dom-ResultSet-validRow">validRow</span>;
+  void <span title="dom-ResultSet-next">next</span>();
+
+  // current row accessors
+  readonly attribute unsigned int <span title="dom-ResultSet-length">length</span>;
+  DOMString <span title="dom-ResultSet-getName">getName</span>(in unsigned int field);
+  Object <span title="dom-ResultSet-item">item</span>(in unsigned int field);
+  Object <span title="dom-ResultSet-namedItem">namedItem</span>(in DOMString field);
+
+  // general result accessors
+  readonly attribute int <span title="dom-ResultSet-insertId">insertId</span>;
+};</pre>
+
+  <p>A <code>ResultSet</code> object has a cursor which visits the
+  results of a SQL statement, in the order returned. Initially, the
+  cursor must point at the first row returned by the statement, if
+  any. Once a row has been visited, it cannot be visited again (the
+  cursor cannot go backwards).</p>
+
+  <p>The <dfn
+  title="dom-ResultSet-validRow"><code>validRow</code></dfn> attribute
+  must return return true if the <code>ResultSet</code> object's
+  cursor is at a row with data. If the cursor has been moved beyond
+  the last row of the results, or if there were no results for the SQL
+  statement in question, then the method must return false.</p>
+
+  <p>The <dfn title="dom-ResultSet-next"><code>next()</code></dfn>
+  method must advance the cursor to the next row. If there are no more
+  rows it must advance the cursor past the end of the results, so that
+  <code title="dom-ResultSet-validRow">validRow</code> will return
+  false.</p>
+
+
+  <p>Each row of the results consists of a set of fields. Each field
+  has a name and a value. The fields are ordered. The names of the
+  fields, and their order, must be the same for every row in the
+  results.</p>
+
+  <p>The <dfn title="dom-ResultSet-length"><code>length</code></dfn>
+  attribute must return the number of fields in each row. If the
+  <code>ResultSet</code> object has no results rows (i.e. if the SQL
+  statement executed did not return any results) then the attribute
+  must return zero.</p>
+
+  <p>The <dfn title="dom-ResultSet-getName"><code>getName(<var
+  title="">field</var>)</code></dfn> method must return the name of
+  the field with index <var title="">field</var>.</p>
+
+  <p>The <dfn title="dom-ResultSet-item"><code>item(<var
+  title="">field</var>)</code></dfn> method must return the value of
+  the field with index <var title="">field</var>. In the ECMAScript
+  binding, the object's [[Get]] method, when invoked with a numeric
+  argument, must have the same effect as calling the <code
+  title="dom-ResultSet-item">item()</code> method.</p>
+
+  <p>If the <var title="">field</var> argument of either the <code
+  title="dom-ResultSet-getName">getName()</code> or <code
+  title="dom-ResultSet-item">item()</code> methods is ever less than
+  zero or greater than or equal to the number of fields in each row,
+  or if those methods are called when the <code>ResultSet</code>
+  object has no results rows, the methods must instead raise an
+  <code>INDEX_SIZE_ERR</code> exception.</p>
+
+  <p>The <dfn title="dom-ResultSet-namedItem"><code>namedItem(<var
+  title="">field</var>)</code></dfn> method must return the value of
+  the field with the name <var title="">field</var>. If there is no
+  field with that name, the method must instead raise a
+  <code>SYNTAX_ERR</code> exception. In the ECMAScript binding, the
+  object's [[Get]] method, when invoked with a non-numeric argument,
+  must have the same effect as calling the <code
+  title="dom-ResultSet-namedItem">namedItem()</code> method.</p>
+
+
+  <p>The <dfn
+  title="dom-ResultSet-insertId"><code>insertId</code></dfn> attribute
+  must return the row ID of the row that the <code>ResultSet</code>
+  object's SQL statement inserted into the database, if the statement
+  inserted a row. If the statement did not insert a row, then the
+  attribute must instead raise an <code>INVALID_ACCESS_ERR</code>
+  exception.</p>
+
+
+  <h4>Privacy</h4>
+
+  <p>In contrast with the <code
+  title="dom-globalStorage">globalStorage</code> feature, which
+  intentionally allows data to be accessed across multiple domains,
+  protocols, and ports (albeit in a controlled fashion), this database
+  feature is limited to scripts running with the same
+  <span>origin</span> as the database. Thus, it is expected that the
+  privacy implications be equivalent to those already present in
+  allowing scripts to communicate with their originating host.</p>
+
+  <p>User agents are encouraged to treat data stored in databases in
+  the same way as cookies for the purposes of user interfaces, to
+  reduce the risk of using this feature for cookie resurrection.</p>
+
+
+  <h4>Security</h4>
+
+  <h5>User agents</h5>
+
+  <p>User agent implementors are strongly encouraged to audit all
+  their supported SQL statements for security implications. For
+  example, <code title="">LOAD DATA INFILE</code> is likely to pose
+  security risks and there is little reason to support it.</p>
+
+  <p>In general, it is recommended that user agents not support
+  features that control how databases are stored on disk. For example,
+  there is little reason to allow Web authors to control the character
+  encoding used in the disk representation of the data, as all data in
+  ECMAScript is implicitly UTF-16.</p>
+
+
+  <h5>SQL injection</h5>
+
+  <p>Authors are strongly recommended to make use of the <code
+  title="">?</code> placeholder feature of the <code
+  title="dom-executeSql">executeSql()</code> method, and to never
+  construct SQL statements on the fly.</p>
+
+
+
+
   <h2 id="editing"><dfn>Editing</dfn></h2>
 
   <p>This section describes various features that allow authors to




More information about the Commit-Watchers mailing list