[html5] r1022 - /
whatwg at whatwg.org
whatwg at whatwg.org
Fri Sep 21 16:29:12 PDT 2007
Author: ianh
Date: 2007-09-21 16:29:12 -0700 (Fri, 21 Sep 2007)
New Revision: 1022
Modified:
index
source
Log:
[] (0) Switch to having multiple named and versioned databases per origin. This is a work in progress; more changes (e.g. updating the version) are coming.
Modified: index
===================================================================
--- index 2007-09-20 05:00:22 UTC (rev 1021)
+++ index 2007-09-21 23:29:12 UTC (rev 1022)
@@ -22,7 +22,7 @@
<h1 id=html-5>HTML 5</h1>
- <h2 class="no-num no-toc" id=working>Working Draft — 20 September
+ <h2 class="no-num no-toc" id=working>Working Draft — 21 September
2007</h2>
<p>You can take part in this work. <a
@@ -1267,21 +1267,24 @@
<li><a href="#introduction2"><span class=secno>4.12.1.
</span>Introduction</a>
- <li><a href="#executing"><span class=secno>4.12.2. </span>Executing
+ <li><a href="#databases"><span class=secno>4.12.2.
+ </span>Databases</a>
+
+ <li><a href="#executing"><span class=secno>4.12.3. </span>Executing
SQL statements</a>
- <li><a href="#database"><span class=secno>4.12.3. </span>Database
+ <li><a href="#database"><span class=secno>4.12.4. </span>Database
query results</a>
- <li><a href="#privacy"><span class=secno>4.12.4. </span>Privacy</a>
+ <li><a href="#privacy"><span class=secno>4.12.5. </span>Privacy</a>
- <li><a href="#security6"><span class=secno>4.12.5. </span>Security</a>
+ <li><a href="#security6"><span class=secno>4.12.6. </span>Security</a>
<ul class=toc>
- <li><a href="#user-agents"><span class=secno>4.12.5.1. </span>User
+ <li><a href="#user-agents"><span class=secno>4.12.6.1. </span>User
agents</a>
- <li><a href="#sql-injection"><span class=secno>4.12.5.2. </span>SQL
+ <li><a href="#sql-injection"><span class=secno>4.12.6.2. </span>SQL
injection</a>
</ul>
</ul>
@@ -24342,7 +24345,7 @@
readonly attribute <a href="#clientinformation">ClientInformation</a> <a href="#navigator" title=dom-navigator>navigator</a>; <!-- XXX IE6 also has window.clientInformation pointing to this same object -->
readonly attribute <a href="#storage2">Storage</a> <a href="#sessionstorage" title=dom-sessionStorage>sessionStorage</a>;
readonly attribute <a href="#storagelist">StorageList</a> <a href="#globalstorage" title=dom-globalStorage>globalStorage</a>;
- <a href="#resultset">ResultSet</a> <a href="#executesql" title=dom-executeSql>executeSql</a>(in DOMString sqlStatement, <var title="">arguments...</var>);
+ <a href="#database0">Database</a> <a href="#opendatabase" title=dom-opendatabase>openDatabase</a>(in DOMString name, in DOMString version);
// modal user prompts
void <a href="#alert" title=dom-alert>alert</a>(in DOMString message);
@@ -29838,8 +29841,46 @@
<p class=big-issue>...
- <h4 id=executing><span class=secno>4.12.2. </span>Executing SQL statements</h4>
+ <h4 id=databases><span class=secno>4.12.2. </span>Databases</h4>
+ <p>Each <i><a href="#origin0">origin</a></i> has an associated set of
+ databases. Each database has a name and a current version. There is no way
+ to enumerate the databases available for a domain.
+
+ <p>The <dfn id=opendatabase
+ title=dom-opendatabase><code>openDatabase()</code></dfn> method returns a
+ <code><a href="#database0">Database</a></code> object. The method takes
+ two arguments, a database name and a database version.
+
+ <p>If the database version provided is not the empty string, and the
+ database already exists but has a different version, then the method must
+ raise an <code>INVALID_STATE_ERR</code> exception.
+
+ <p>Otherwise, if the database version is the empty string, or if the
+ database doesn't yet exist, or if the database exists and the version
+ provided to the <code title=dom-opendatabase><a
+ href="#opendatabase">openDatabase()</a></code> method is the same as the
+ current version associated with the database, then the method must return
+ a <code><a href="#database0">Database</a></code> object representing the
+ database associated with the <a href="#origin0">origin</a> of the <a
+ href="#active">active document</a> of the <a href="#browsing0">browsing
+ context</a> of the <code><a href="#window">Window</a></code> object on
+ which the method was called that has the name that was given. If no such
+ database exists, it must be created first.
+
+ <p>All strings including the empty string are valid database names.
+ Database names are case-sensitive.
+
+ <p class=note>Implementations can support this even in environments that
+ only support a subset of all strings as database names by mapping database
+ names (e.g. using a hashing algorithm) to the supported set of names.
+
+ <pre class=idl>interface <dfn id=database0>Database</dfn> {
+ <a href="#resultset">ResultSet</a> <a href="#executesql" title=dom-executeSql>executeSql</a>(in DOMString sqlStatement, <var title="">arguments...</var>);
+};</pre>
+
+ <h4 id=executing><span class=secno>4.12.3. </span>Executing SQL statements</h4>
+
<p class=big-issue>There are two major missing features here: One: a way to
be secure against DNS spoofing (a database created over an SSL connection
covered by one cert should not be made accessible to content connecting
@@ -29864,10 +29905,8 @@
title="">?</code> placeholders in the statement with the values given in
the subsequent arguments (<var title="">arguments...</var>), and must then
evaluate the statement as an SQL statement in the context of the database
- associated with the <a href="#origin0">origin</a> of the <a
- href="#active">active document</a> of the <a href="#browsing0">browsing
- context</a> of the <code><a href="#window">Window</a></code> object on
- which the method was called. <a href="#refsSQL">[SQL]</a>
+ of the <code><a href="#database0">Database</a></code> object on which the
+ method was called. <a href="#refsSQL">[SQL]</a>
<p>If the <code title=dom-executeSql><a
href="#executesql">executeSql()</a></code> method is called with a
@@ -29901,7 +29940,7 @@
<p class=note>A future version of this specification may define the exact
SQL subset required in more detail.
- <h4 id=database><span class=secno>4.12.3. </span>Database query results</h4>
+ <h4 id=database><span class=secno>4.12.4. </span>Database query results</h4>
<p>Calls to the <code title=dom-executeSql><a
href="#executesql">executeSql()</a></code> method return <code><a
@@ -29989,7 +30028,7 @@
If the statement did not insert a row, then the attribute must instead
raise an <code>INVALID_ACCESS_ERR</code> exception.
- <h4 id=privacy><span class=secno>4.12.4. </span>Privacy</h4>
+ <h4 id=privacy><span class=secno>4.12.5. </span>Privacy</h4>
<p>In contrast with the <code title=dom-globalStorage><a
href="#globalstorage">globalStorage</a></code> feature, which
@@ -30004,9 +30043,9 @@
way as cookies for the purposes of user interfaces, to reduce the risk of
using this feature for cookie resurrection.
- <h4 id=security6><span class=secno>4.12.5. </span>Security</h4>
+ <h4 id=security6><span class=secno>4.12.6. </span>Security</h4>
- <h5 id=user-agents><span class=secno>4.12.5.1. </span>User agents</h5>
+ <h5 id=user-agents><span class=secno>4.12.6.1. </span>User agents</h5>
<p>User agent implementors are strongly encouraged to audit all their
supported SQL statements for security implications. For example, <code
@@ -30019,7 +30058,7 @@
disk representation of the data, as all data in ECMAScript is implicitly
UTF-16.
- <h5 id=sql-injection><span class=secno>4.12.5.2. </span>SQL injection</h5>
+ <h5 id=sql-injection><span class=secno>4.12.6.2. </span>SQL injection</h5>
<p>Authors are strongly recommended to make use of the <code
title="">?</code> placeholder feature of the <code title=dom-executeSql><a
Modified: source
===================================================================
--- source 2007-09-20 05:00:22 UTC (rev 1021)
+++ source 2007-09-21 23:29:12 UTC (rev 1022)
@@ -21961,7 +21961,7 @@
readonly attribute <span>ClientInformation</span> <span title="dom-navigator">navigator</span>; <!-- XXX IE6 also has window.clientInformation pointing to this same object -->
readonly attribute <span>Storage</span> <span title="dom-sessionStorage">sessionStorage</span>;
readonly attribute <span>StorageList</span> <span title="dom-globalStorage">globalStorage</span>;
- <span>ResultSet</span> <span title="dom-executeSql">executeSql</span>(in DOMString sqlStatement, <var title="">arguments...</var>);
+ <span>Database</span> <span title="dom-opendatabase">openDatabase</span>(in DOMString name, in DOMString version);
// modal user prompts
void <span title="dom-alert">alert</span>(in DOMString message);
@@ -27294,6 +27294,46 @@
<p class="big-issue">...</p>
+ <h4>Databases</h4>
+
+ <p>Each <i>origin</i> has an associated set of databases. Each
+ database has a name and a current version. There is no way to
+ enumerate the databases available for a domain.</p>
+
+ <p>The <dfn
+ title="dom-opendatabase"><code>openDatabase()</code></dfn> method
+ returns a <code>Database</code> object. The method takes two
+ arguments, a database name and a database version.</p>
+
+ <p>If the database version provided is not the empty string, and the
+ database already exists but has a different version, then the method
+ must raise an <code>INVALID_STATE_ERR</code> exception.</p>
+
+ <p>Otherwise, if the database version is the empty string, or if the
+ database doesn't yet exist, or if the database exists and the
+ version provided to the <code
+ title="dom-opendatabase">openDatabase()</code> method is the same as
+ the current version associated with the database, then the method
+ must return a <code>Database</code> object representing the database
+ associated with the <span>origin</span> of the <span>active
+ document</span> of the <span>browsing context</span> of the
+ <code>Window</code> object on which the method was called that has
+ the name that was given. If no such database exists, it must be
+ created first.</p>
+
+ <p>All strings including the empty string are valid database
+ names. Database names are case-sensitive.</p>
+
+ <p class="note">Implementations can support this even in
+ environments that only support a subset of all strings as database
+ names by mapping database names (e.g. using a hashing algorithm) to
+ the supported set of names.</p>
+
+ <pre class="idl">interface <dfn>Database</dfn> {
+ <span>ResultSet</span> <span title="dom-executeSql">executeSql</span>(in DOMString sqlStatement, <var title="">arguments...</var>);
+};</pre>
+
+
<h4>Executing SQL statements</h4>
<p class="big-issue">There are two major missing features here: One:
@@ -27320,10 +27360,9 @@
any <code title="">?</code> placeholders in the statement with the
values given in the subsequent arguments (<var
title="">arguments...</var>), and must then evaluate the statement
- as an SQL statement in the context of the database associated with
- the <span>origin</span> of the <span>active document</span> of the
- <span>browsing context</span> of the <code>Window</code> object on
- which the method was called. <a href="#refsSQL">[SQL]</a></p>
+ as an SQL statement in the context of the database of the
+ <code>Database</code> object on which the method was called. <a
+ href="#refsSQL">[SQL]</a></p>
<p>If the <code title="dom-executeSql">executeSql()</code> method is
called with a different number of arguments after the statement than
More information about the Commit-Watchers
mailing list