[html5] r1786 - /
whatwg at whatwg.org
whatwg at whatwg.org
Tue Jun 17 21:58:56 PDT 2008
Author: ianh
Date: 2008-06-17 21:58:56 -0700 (Tue, 17 Jun 2008)
New Revision: 1786
Modified:
index
source
Log:
[e] (0) more notes on URLs
Modified: index
===================================================================
--- index 2008-06-18 04:30:16 UTC (rev 1785)
+++ index 2008-06-18 04:58:56 UTC (rev 1786)
@@ -27412,7 +27412,6 @@
interface.</p>
<!-- XXX update to
point to dom-click when we remove dom-command-click -->
- <!-- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -->
<h3 id=datatemplate><span class=secno>3.16 </span>Data Templates</h3>
@@ -27607,12 +27606,13 @@
processing model is to be applied to that element.
<p>The <code title=attr-template><a href="#template">template</a></code>
- attribute, when specified, must be a URI to an XML or HTML document, or a
- fragment identifier pointing at another part of the document. If there is
- a fragment identifier present, then the element with that ID in the target
- document must be a <code><a href="#datatemplate0">datatemplate</a></code>
- element, otherwise, the root element must be a <code><a
- href="#datatemplate0">datatemplate</a></code> element.
+ attribute, when specified, must be a valid URI (or IRI) to an XML or HTML
+ document, or a fragment identifier pointing at another part of the
+ document. If there is a fragment identifier present, then the element with
+ that ID in the target document must be a <code><a
+ href="#datatemplate0">datatemplate</a></code> element, otherwise, the root
+ element must be a <code><a href="#datatemplate0">datatemplate</a></code>
+ element.
<p>The <dfn id=template0 title=dom-template><code>template</code></dfn> DOM
attribute must <a href="#reflect">reflect</a> the <code
@@ -27622,8 +27622,8 @@
<p>The <dfn id=ref title=attr-ref><code>ref</code></dfn> attribute may be
specified on any element on which the <code title=attr-template><a
href="#template">template</a></code> attribute is specified. If it is
- specified, it must be a URI to an XML or HTML document, or a fragment
- identifier pointing at another part of the document.
+ specified, it must be a valid URI (or IRI) to an XML or HTML document, or
+ a fragment identifier pointing at another part of the document.
<p>When an element has a <code title=attr-template><a
href="#template">template</a></code> attribute but no <code
@@ -27677,6 +27677,7 @@
<h5 id=the-template><span class=secno>3.16.6.2. </span>The <code
title=attr-template><a href="#template">template</a></code> attribute</h5>
+ <!-- XXXURL apply algorithms -->
<p><dfn id=setting title=datatemplate-template-set>Setting</dfn>: When an
<a href="#html-elements" title="HTML elements">HTML element</a> without a
@@ -27686,10 +27687,11 @@
fetch the specified file<!-- XXX or queue it up to be fetched,
or something -->
and parse it (without a <a href="#browsing1">browsing context</a>) to
- obtain a DOM. If the URI is the same as the URI of the current
- document<!-- XXX xref -->, then the current document's DOM must be assumed
- to be that parsed DOM. While this loading and parsing is in progress, the
- element is said to be <em>busy loading the template rules or data</em>.
+ obtain a DOM. If the URI is the same as <span>the document's
+ address</span><!-- XXXDOCURL xref -->, then the current document's DOM
+ must be assumed to be that parsed DOM. While this loading and parsing is
+ in progress, the element is said to be <em>busy loading the template rules
+ or data</em>.
<p>If the resource specified by the <code title=attr-template><a
href="#template">template</a></code> attribute is not the current
@@ -27802,6 +27804,7 @@
<h5 id=the-ref><span class=secno>3.16.6.3. </span>The <code
title=attr-ref><a href="#ref">ref</a></code> attribute</h5>
+ <!-- XXXURL apply algorithms -->
<p><dfn id=setting0 title=datatemplate-ref-set>Setting</dfn>: When an <a
href="#html-elements" title="HTML elements">HTML element</a> without a
@@ -27810,10 +27813,11 @@
must fetch the specified file<!-- XXX or queue it up to be fetched, or
something -->
and parse it (without a <a href="#browsing1">browsing context</a>) to
- obtain a DOM. If the URI is the same as the URI of the current
- document<!-- XXX xref -->, then the current document's DOM is assumed to
- be that parsed DOM. While this loading and parsing is in progress, the
- element is said to be <em>busy loading the template rules or data</em>.
+ obtain a DOM. If the URI is the same as <span>the document's
+ address</span><!-- XXXDOCURL xref -->, then the current document's DOM is
+ assumed to be that parsed DOM. While this loading and parsing is in
+ progress, the element is said to be <em>busy loading the template rules or
+ data</em>.
<p>If the resource specified by the <code title=attr-ref><a
href="#ref">ref</a></code> attribute is not the current
@@ -28939,7 +28943,7 @@
href="#auxiliary0">auxiliary browsing context</a>.
<p>The method has four arguments, though they are all optional.</p>
- <!-- XXXURL rfc2119 this paragraph -->
+ <!-- XXXURL rfc2119 this paragraph, apply algorithms -->
<p>The first argument, <var title="">url</var>, gives a valid URI (or IRI)
for a page to load in the browsing context. If no arguments are provided,
@@ -28981,7 +28985,8 @@
title=dom-open><a href="#open2">window.open()</a></code> API to open a
page in an iframe, but, while doing so, holds the control key down, the
user agent could override the selection of the target browsing context to
- instead target a new tab.
+ instead target a new tab.</p>
+ <!-- XXXURL apply algorithms -->
<p>Then, the user agent must <a href="#navigate">navigate</a> the selected
<a href="#browsing1">browsing context</a> to the URI given in <var
@@ -29042,7 +29047,8 @@
<p>These characteristics are defined as follows:
- <dl>
+ <dl><!-- XXXURL change to URL -->
+
<dt>For URIs
<dd>
@@ -29050,19 +29056,26 @@
script origin</a> of the URI is whatever is returned by the following
algorithm:</p>
- <ol>
+ <ol><!-- XXXURL change to URL -->
+
<li>
<p>Let <var title="">uri</var> be the URI for which the <a
href="#origin0">origin</a> is being determined.
+ </li>
+ <!-- XXXURL apply algorithms -->
<li>
<p>Parse <var title="">uri</var> according to the rules described in
RFC 3986 and RFC 3987. <a href="#refsRFC3986">[RFC3986]</a> <a
href="#refsRFC3987">[RFC3987]</a>
+ </li>
+ <!-- XXXURL change to URL -->
<li>
<p>If <var title="">uri</var> does not use a server-based naming
authority, then return a new globally unique identifier.
+ </li>
+ <!-- XXXURL use algorithms -->
<li>
<p>Let <var title="">scheme</var> be the <scheme> component of
@@ -29072,10 +29085,14 @@
<li>
<p>If the scheme is "<code title="">file</code>", then the user agent
may return a UA-specific value.
+ </li>
+ <!-- XXXURL use algorithms -->
<li>
<p>Let <var title="">host</var> be the <host>/<ihost>
component of the URI.
+ </li>
+ <!-- XXXURL use algorithms -->
<li>
<p>Apply the IDNA ToASCII algorithm to <var title="">host</var>, with
@@ -29090,6 +29107,8 @@
<li>
<p>Let <var title="">host</var> be the result of converting <var
title="">host</var> to lowercase.
+ </li>
+ <!-- XXXURL use algorithms -->
<li>
<p>If no port is explicitly listed, then let <var title="">port</var>
@@ -29119,26 +29138,32 @@
<dt>If a script is a function or other code reference created by another
script
- <dd>The owner is the script that created it.
+ <dd>The owner is the script that created it.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <a href="#the-javascript" title="javascript
protocol"><code title="">javascript:</code> URI</a> that was returned
- as the location of an HTTP redirect (or equivalent in other protocols)
+ as the location of an HTTP redirect (or equivalent in other protocols)</dt>
+ <!-- XXXURL JSURL issue -->
<dd>The owner is the URI that redirected to the <a
href="#the-javascript" title="javascript protocol"><code
- title="">javascript:</code> URI</a>.
+ title="">javascript:</code> URI</a>.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <a href="#the-javascript" title="javascript
protocol"><code title="">javascript:</code> URI</a> in an attribute
<dd>The owner is the <code>Document</code> of the element on which the
- attribute is found.
+ attribute is found.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <a href="#the-javascript" title="javascript
- protocol"><code title="">javascript:</code> URI</a> in a style sheet
+ protocol"><code title="">javascript:</code> URI</a> in a style sheet</dt>
+ <!-- XXXURL use url -->
- <dd>The owner is the URI of the style sheet.
+ <dd>The owner is the URI of the style sheet.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <a href="#the-javascript" title="javascript
protocol"><code title="">javascript:</code> URI</a> to which a <a
@@ -29148,21 +29173,25 @@
<dd>The owner is the <code>Document</code> of the <a
href="#browsing1">browsing context</a>'s <a href="#active">active
- document</a>.
+ document</a>.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <a href="#the-javascript" title="javascript
protocol"><code title="">javascript:</code> URI</a> to which a <a
href="#browsing1">browsing context</a> is being <a href="#navigate"
- title=navigate>navigated</a>, the URI having been declared in markup
+ title=navigate>navigated</a>, the URI having been declared in markup</dt>
+ <!-- XXXURL use url -->
<dd>The owner is the <code>Document</code> of the element (e.g. an
<code><a href="#a">a</a></code> or <code><a
- href="#area">area</a></code> element) that declared the URI.
+ href="#area">area</a></code> element) that declared the URI.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <a href="#the-javascript" title="javascript
protocol"><code title="">javascript:</code> URI</a> to which a <a
href="#browsing1">browsing context</a> is being <a href="#navigate"
- title=navigate>navigated</a>, the URI having been provided by script
+ title=navigate>navigated</a>, the URI having been provided by script</dt>
+ <!-- XXXURL use url -->
<dd>The owner is the script that provided the URI.
</dl>
@@ -29196,48 +29225,59 @@
track the <code>Document</code> to which the
<code>XMLHttpRequest</code> object's <a
href="http://dev.w3.org/2006/webapi/XMLHttpRequest-2/Overview.html#document-pointer"><code>Document</code>
- pointer</a> pointed when it was created.) <a href="#refsXHR">[XHR]</a>
+ pointer</a> pointed when it was created.) <a href="#refsXHR">[XHR]</a></dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a <code>Document</code> or image was generated from a <a
href="#the-javascript" title="javascript
- protocol"><code>javascript:</code> URI</a>
+ protocol"><code>javascript:</code> URI</a></dt>
+ <!-- XXXURL JSURL issue -->
<dd>The <a href="#origin0">origin</a> is equal to the <a
href="#origin0">origin</a> of the script of that <a
href="#the-javascript" title="javascript
- protocol"><code>javascript:</code> URI</a>.
+ protocol"><code>javascript:</code> URI</a>.</dd>
+ <!-- XXXURL use url -->
<dt>If a <code>Document</code> or image was served over the network and
has an address that uses a URI scheme with a server-based naming
- authority
+ authority</dt>
+ <!-- XXXURL use url -->
<dd>The <a href="#origin0">origin</a> is the <a
href="#origin0">origin</a> of the <span title="the document's
address">full URI</span><!--
XXXDOCURL --> of the
- <code>Document</code> or image.
+ <code>Document</code> or image.</dd>
+ <!-- XXXURL use url -->
<dt>If a <code>Document</code> or image was generated from a <code
title="">data:</code> URI that was returned as the location of an HTTP
- redirect (or equivalent in other protocols)
+ redirect (or equivalent in other protocols)</dt>
+ <!-- XXXURL use url -->
<dd>The <a href="#origin0">origin</a> is the <a
href="#origin0">origin</a> of the URI that redirected to the <code
- title="">data:</code> URI.
+ title="">data:</code> URI.</dd>
+ <!-- XXXURL use url -->
<dt>If a <code>Document</code> or image was generated from a <code
title="">data:</code> URI found in another <code>Document</code> or in
- a script
+ a script</dt>
+ <!-- XXXURL use url -->
<dd>The <a href="#origin0">origin</a> is the <a
href="#origin0">origin</a> of the <code>Document</code> or script in
- which the <code title="">data:</code> URI was found.
+ which the <code title="">data:</code> URI was found.</dd>
+ <!-- XXXURL use url -->
+ <!-- XXXDOCURL use the document's address? -->
<dt>If a <code>Document</code> has the URI "<code>about:blank</code>"
<dd>The <a href="#origin0">origin</a> of the <code>Document</code> is <a
href="#about-blank-origin">the <span>origin</span> it was assigned when
- its browsing context was created</a>.
+ its browsing context was created</a>.</dd>
+ <!-- XXXURL data: URL issue -->
<dt>If a <code>Document</code> or image was obtained in some other
manner (e.g. a <code title="">data:</code> URI typed in by the user, a
@@ -29411,7 +29451,8 @@
limited to:
<ul>
- <li>Processing of <code><a href="#script1">script</a></code> elements.
+ <li>Processing of <code><a href="#script1">script</a></code> elements.</li>
+ <!-- XXXURL JSURL issue -->
<li>Processing of inline <code title="javascript protocol"><a
href="#the-javascript">javascript:</a></code> URIs (e.g. the <code
@@ -29496,16 +29537,20 @@
<h4 id=javascript-protocol><span class=secno>4.4.3 </span><dfn
id=the-javascript title="javascript protocol">The <code
title="">javascript:</code> protocol</dfn></h4>
+ <!-- XXXURL merge into URLs section? (we could define 'fetch'/'download' while we're at it?) -->
+ <!-- XXXURL JSURL issue -->
<p>A URI using the <code title="">javascript:</code> protocol must, if and
when dereferenced, be evaluated by executing the script obtained using the
content retrieval operation defined for <code title="">javascript:</code>
URIs. <a href="#refsJSURI">[JSURI]</a></p>
+ <!-- XXXURL JSURL issue -->
<!--
JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.txt and
http://www.websitedev.de/ietf/draft-hoehrmann-javascript-scheme-00.txt should be as stable as it gets,
http://ietfreport.isoc.org/idref/draft-hoehrmann-javascript-scheme/ for the latest version
-->
+ <!-- XXXURL JSURL issue -->
<p>When a <a href="#browsing1">browsing context</a> is <a href="#navigate"
title=navigate>navigated</a> to a <code>javascript:</code> URI, and the <a
@@ -29513,7 +29558,8 @@
href="#same-origin">same origin</a> as the script given by that URI, the
<a href="#script2">script execution context</a> must be the <code><a
href="#window">Window</a></code> object of the <a
- href="#browsing1">browsing context</a> being navigated.
+ href="#browsing1">browsing context</a> being navigated.</p>
+ <!-- XXXURL JSURL issue -->
<p>When a browsing context is <a href="#navigate"
title=navigate>navigated</a> to a <code>javascript:</code> URI, and the <a
@@ -29524,18 +29570,21 @@
and the <a href="#script2">script execution context</a>'s associated <a
href="#browsing1">browsing context</a> must be the <a
href="#browsing1">browsing context</a> being <a href="#navigate"
- title=navigate>navigated</a>.
+ title=navigate>navigated</a>.</p>
+ <!-- XXXURL JSURL issue -->
<p>Otherwise, the <a href="#script2">script execution context</a> must be
an empty object, and the <a href="#script2">script execution context</a>'s
associated <a href="#browsing1">browsing context</a> must be the <a
href="#browsing1">browsing context</a> of the <code>Document</code> object
of the element, attribute, or style sheet from which the
- <code>javascript:</code> URI was reached.
+ <code>javascript:</code> URI was reached.</p>
+ <!-- XXXURL JSURL issue -->
<p>If the result of executing the script is void (there is no return
value), then the URI must be treated in a manner equivalent to an HTTP
- resource with an HTTP 204 No Content response.
+ resource with an HTTP 204 No Content response.</p>
+ <!-- XXXURL JSURL issue -->
<p>Otherwise, the URI must be treated in a manner equivalent to an HTTP
resource with a 200 OK response whose <a href="#content-type8"
@@ -29547,13 +29596,13 @@
href="#img">img</a></code> elements, ignore the <a href="#content-type8"
title=Content-Type>Content-Type metadata</a>.
- <div class=example>
+ <div class=example> <!-- XXXURL JSURL issue -->
<p>So for example a <code title="">javascript:</code> URI for a <code
title=attr-img-src><a href="#src">src</a></code> attribute of an <code><a
href="#img">img</a></code> element would be evaluated in the context of
an empty object as soon as the attribute is set; it would then be sniffed
to determine the image type and decoded as an image.</p>
-
+ <!-- XXXURL JSURL issue -->
<p>A <code title="">javascript:</code> URI in an <code
title=attr-a-href>href</code> attribute of an <code><a
href="#a">a</a></code> element would only be evaluated when the link was
@@ -29964,6 +30013,7 @@
<code>preventDefault()</code> method must be called when the function
returns true instead.</p>
<!-- IE actually uncancels the event if the function returns true -->
+ <!-- XXX update the following to match DOM3 Events -->
<p>All event handler attributes on an element, whether set to null or to a
function, must be registered as event listeners on the element, as if the
@@ -30112,7 +30162,7 @@
<p>The function referenced by the <code title=handler-onerror><a
href="#onerror">onerror</a></code> attribute must be invoked with three
arguments, before notifying the user of the error.</p>
-
+ <!-- XXXURL use url, or address -->
<p>The three arguments passed to the function are all
<code>DOMString</code>s; the first must give the message that the UA is
considering reporting, the second must give the URI to the resource in
@@ -30614,7 +30664,7 @@
href="#registerprotocolhandler">registerProtocolHandler()</a></code>
only)
- <dd>
+ <dd> <!-- XXXURL use url -->
<p>A scheme, such as <code>ftp</code> or <code>fax</code>. The scheme
must be treated case-insensitively by user agents for the purposes of
comparing with the scheme part of URIs that they consider against the
@@ -30640,16 +30690,18 @@
parameters. Thus, if <var title="">mimeType</var> values passed to this
method include characters such as commas or whitespace, or include MIME
parameters, then the handler being registered will never be used.</p>
+ </dd>
+ <!-- XXXURL use url -->
<dt><var title="">uri</var>
- <dd>
+ <dd> <!-- XXXURL use url, algorithms -->
<p>The URI of the page that will handle the requests. When the user agent
uses this URI, it must replace the first occurrence of the exact literal
string "<code>%s</code>" with an escaped version of the URI of the
content in question (as defined below), and then fetch the resulting URI
using the GET method (or equivalent for non-HTTP URIs).</p>
-
+ <!-- XXXURL use url, algorithms -->
<p>To get the escaped version of the URI, first, the domain part of the
URI (if any) must be converted to its punycode representation, and then,
every character in the URI that is not in the ranges given in the next
@@ -30661,7 +30713,7 @@
<p>The ranges of characters that must not be escaped are: U+002D (-),
U+002E (.), U+0030 (0) to U+0039 (9), U+0041 (A) to U+005A (Z), U+005F
(_), U+0061 (a) to U+007A (z), and U+007E (~).</p>
- <!-- XXX move that to a common algorithms section if any other
+ <!-- XXXURL move that to a common algorithms section if any other
part of the spec needs it -->
<div class=example>
@@ -30672,7 +30724,7 @@
<p>...and then clicked on a link such as:</p>
<pre><a href="http://www.example.net/chickenkïwi.soup">Download our Chicken Kiwi soup!</a></pre>
-
+ <!-- XXXURL use url -->
<p>...then, assuming this <code>chickenkïwi.soup</code> file was
served with the MIME type <code>application/x-soup</code>, the UA might
navigate to the following URI:</p>
@@ -30690,6 +30742,7 @@
<p>A descriptive title of the handler, which the UA might use to remind
the user what the site in question is.</p>
</dl>
+ <!-- XXXURL use url -->
<p>User agents should raise <a href="#security9" title="security
exception">security exceptions</a> if the methods are called with <var
@@ -30756,7 +30809,8 @@
against typical attacks against strings embedded in their interface, for
example ensuring that markup or escape characters in such strings are not
executed, that null bytes are properly handled, that over-long strings do
- not cause crashes or buffer overruns, and so forth.
+ not cause crashes or buffer overruns, and so forth.</p>
+ <!-- XXXURL use url -->
<p><strong>Leaking Intranet URIs.</strong> The mechanism described in this
section can result in secret Intranet URIs being leaked, in the following
@@ -30772,6 +30826,7 @@
<li>The user agent contacts the third party and hands the third party the
URI to the Intranet content.
</ol>
+ <!-- XXXURL use url -->
<p>No actual confidential file data is leaked in this manner, but the URIs
themselves could contain confidential information. For example, the URI
@@ -30780,12 +30835,14 @@
which might tell the third party that Example Corporation is intending to
merge with Samples LLC. Implementors might wish to consider allowing
administrators to disable this feature for certain subdomains, content
- types, or protocols.
+ types, or protocols.</p>
+ <!-- XXXURL use url -->
<p><strong>Leaking secure URIs.</strong> User agents should not send HTTPS
URIs to third-party sites registered as content handlers, in the same way
that user agents do not send <code>Referer</code> headers from secure
- sites to third-party sites.
+ sites to third-party sites.</p>
+ <!-- XXXURL use url -->
<p><strong>Leaking credentials.</strong> User agents must never send
username or password information in the URIs that are escaped and included
@@ -30827,6 +30884,7 @@
| |
| ( Trust kittens.example.org ) (( Cancel )) |
|____________________________________________________________|</pre>
+ <!-- XXXURL use url -->
<p>...where "Kittens at work" is the title of the page that invoked the
method, "http://kittens.example.org/" is the URI of that page, "x-meow" is
@@ -30839,10 +30897,12 @@
argument (<var title="">title</var>).
<p>If the user clicks the Cancel button, then nothing further happens. If
- the user clicks the "Trust" button, then the handler is remembered.
+ the user clicks the "Trust" button, then the handler is remembered.</p>
+ <!-- XXXURL use url -->
<p>When the user then attempts to fetch a URI that uses the "x-meow:"
- scheme, then it might display a dialog as follows:
+ scheme, then it might display a dialog as follows:</p>
+ <!-- XXXURL use url? -->
<pre>||[ Unknown Protocol ]||||||||||||||||||||||||||||||||||||||||
| |
@@ -30878,7 +30938,8 @@
<p>The <code title=dom-navigator-registerContentHandler><a
href="#registercontenthandler">registerContentHandler()</a></code> method
would work equivalently, but for unknown MIME types instead of unknown
- protocols.
+ protocols.</p>
+ <!-- XXXURL XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -->
<h3 id=offline><span class=secno>4.7 </span>Offline Web applications</h3>
Modified: source
===================================================================
--- source 2008-06-18 04:30:16 UTC (rev 1785)
+++ source 2008-06-18 04:58:56 UTC (rev 1786)
@@ -25060,7 +25060,6 @@
point to dom-click when we remove dom-command-click -->
-<!-- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -->
<h3 id="datatemplate">Data Templates</h3>
@@ -25217,12 +25216,12 @@
processing model is to be applied to that element.</p>
<p>The <code title="attr-template">template</code> attribute, when
- specified, must be a URI to an XML or HTML document, or a fragment
- identifier pointing at another part of the document. If there is a
- fragment identifier present, then the element with that ID in the
- target document must be a <code>datatemplate</code> element,
- otherwise, the root element must be a <code>datatemplate</code>
- element.</p>
+ specified, must be a valid URI (or IRI) to an XML or HTML document,
+ or a fragment identifier pointing at another part of the
+ document. If there is a fragment identifier present, then the
+ element with that ID in the target document must be a
+ <code>datatemplate</code> element, otherwise, the root element must
+ be a <code>datatemplate</code> element.</p>
<p>The <dfn title="dom-template"><code>template</code></dfn> DOM
attribute must <span>reflect</span> the <code
@@ -25232,8 +25231,9 @@
<p>The <dfn title="attr-ref"><code>ref</code></dfn> attribute may be
specified on any element on which the <code
title="attr-template">template</code> attribute is specified. If it
- is specified, it must be a URI to an XML or HTML document, or a
- fragment identifier pointing at another part of the document.</p>
+ is specified, it must be a valid URI (or IRI) to an XML or HTML
+ document, or a fragment identifier pointing at another part of the
+ document.</p>
<p>When an element has a <code title="attr-template">template</code>
attribute but no <code title="attr-ref">ref</code> attribute, the
@@ -25291,14 +25291,15 @@
<h5>The <code title="attr-template">template</code> attribute</h5>
+ <!-- XXXURL apply algorithms -->
<p><dfn title="datatemplate-template-set">Setting</dfn>: When an
<span title="HTML elements">HTML element</span> without a <code
title="attr-template">template</code> attribute has its <code
title="attr-template">template</code> attribute set, the user agent
must fetch the specified file<!-- XXX or queue it up to be fetched,
or something --> and parse it (without a <span>browsing
- context</span>) to obtain a DOM. If the URI is the same as the URI
- of the current document<!-- XXX xref -->, then the current
+ context</span>) to obtain a DOM. If the URI is the same as <span>the
+ document's address</span><!-- XXXDOCURL xref -->, then the current
document's DOM must be assumed to be that parsed DOM. While this
loading and parsing is in progress, the element is said to be
<em>busy loading the template rules or data</em>.</p>
@@ -25419,17 +25420,18 @@
<h5>The <code title="attr-ref">ref</code> attribute</h5>
+ <!-- XXXURL apply algorithms -->
<p><dfn title="datatemplate-ref-set">Setting</dfn>: When an <span
title="HTML elements">HTML element</span> without a <code
title="attr-ref">ref</code> attribute has its <code
title="attr-ref">ref</code> attribute set, the user agent must fetch
the specified file<!-- XXX or queue it up to be fetched, or
something --> and parse it (without a <span>browsing context</span>)
- to obtain a DOM. If the URI is the same as the URI of the current
- document<!-- XXX xref -->, then the current document's DOM is
- assumed to be that parsed DOM. While this loading and parsing is in
- progress, the element is said to be <em>busy loading the template
- rules or data</em>.</p>
+ to obtain a DOM. If the URI is the same as <span>the document's
+ address</span><!-- XXXDOCURL xref -->, then the current document's
+ DOM is assumed to be that parsed DOM. While this loading and parsing
+ is in progress, the element is said to be <em>busy loading the
+ template rules or data</em>.</p>
<p>If the resource specified by the <code
title="attr-ref">ref</code> attribute is not the current
@@ -26575,7 +26577,7 @@
<p>The method has four arguments, though they are all optional.</p>
- <!-- XXXURL rfc2119 this paragraph -->
+ <!-- XXXURL rfc2119 this paragraph, apply algorithms -->
<p>The first argument, <var title="">url</var>, gives a valid URI
(or IRI) for a page to load in the browsing context. If no arguments
are provided, then the <var title="">url</var> argument defaults to
@@ -26620,6 +26622,7 @@
agent could override the selection of the target browsing context to
instead target a new tab.</p>
+ <!-- XXXURL apply algorithms -->
<p>Then, the user agent must <span>navigate</span> the selected
<span>browsing context</span> to the URI given in <var
title="">url</var>. If the <var title="">replace</var> is true, then
@@ -26680,6 +26683,7 @@
<dl>
+ <!-- XXXURL change to URL -->
<dt>For URIs</dt>
<dd>
@@ -26690,18 +26694,22 @@
<ol>
+ <!-- XXXURL change to URL -->
<li><p>Let <var title="">uri</var> be the URI for which the
<span>origin</span> is being determined.</p></li>
+ <!-- XXXURL apply algorithms -->
<li><p>Parse <var title="">uri</var> according to the rules
described in RFC 3986 and RFC 3987. <a
href="#refsRFC3986">[RFC3986]</a> <a
href="#refsRFC3987">[RFC3987]</a></p></li>
+ <!-- XXXURL change to URL -->
<li><p>If <var title="">uri</var> does not use a server-based
naming authority, then return a new globally unique
identifier.</p></li>
+ <!-- XXXURL use algorithms -->
<li><p>Let <var title="">scheme</var> be the <scheme>
component of the URI, converted to lowercase. If the UA doesn't
support the given protocol, then return a new globally unique
@@ -26710,9 +26718,11 @@
<li><p>If the scheme is "<code title="">file</code>", then the
user agent may return a UA-specific value.</p></li>
+ <!-- XXXURL use algorithms -->
<li><p>Let <var title="">host</var> be the
<host>/<ihost> component of the URI.</p></li>
+ <!-- XXXURL use algorithms -->
<li>
<p>Apply the IDNA ToASCII algorithm to <var title="">host</var>,
@@ -26730,6 +26740,7 @@
<li><p>Let <var title="">host</var> be the result of converting
<var title="">host</var> to lowercase.</p></li>
+ <!-- XXXURL use algorithms -->
<li><p>If no port is explicitly listed, then let <var
title="">port</var> be the default port for the protocol given by
<var title="">scheme</var>. Otherwise, let <var
@@ -26765,16 +26776,19 @@
<dd>The owner is the script that created it.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <span title="javascript protocol"><code
title="">javascript:</code> URI</span> that was returned as the
location of an HTTP redirect (or equivalent in other
protocols)</dt>
+ <!-- XXXURL JSURL issue -->
<dd>The owner is the URI that redirected to the <span
title="javascript protocol"><code title="">javascript:</code>
URI</span>.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <span title="javascript protocol"><code
title="">javascript:</code> URI</span> in an attribute</dt>
@@ -26782,12 +26796,15 @@
which the attribute is found.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <span title="javascript protocol"><code
title="">javascript:</code> URI</span> in a style sheet</dt>
+ <!-- XXXURL use url -->
<dd>The owner is the URI of the style sheet.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <span title="javascript protocol"><code
title="">javascript:</code> URI</span> to which a <span>browsing
context</span> is being <span title="navigate">navigated</span>,
@@ -26798,21 +26815,25 @@
context</span>'s <span>active document</span>.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <span title="javascript protocol"><code
title="">javascript:</code> URI</span> to which a <span>browsing
context</span> is being <span title="navigate">navigated</span>,
the URI having been declared in markup</dt>
+ <!-- XXXURL use url -->
<dd>The owner is the <code>Document</code> of the element
(e.g. an <code>a</code> or <code>area</code> element) that
declared the URI.</dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a script is a <span title="javascript protocol"><code
title="">javascript:</code> URI</span> to which a <span>browsing
context</span> is being <span title="navigate">navigated</span>,
the URI having been provided by script</dt>
+ <!-- XXXURL use url -->
<dd>The owner is the script that provided the URI.</dd>
</dl>
@@ -26854,41 +26875,51 @@
href="#refsXHR">[XHR]</a></dd>
+ <!-- XXXURL JSURL issue -->
<dt>If a <code>Document</code> or image was generated from a
<span title="javascript protocol"><code>javascript:</code>
URI</span></dt>
+ <!-- XXXURL JSURL issue -->
<dd>The <span>origin</span> is equal to the <span>origin</span>
of the script of that <span title="javascript
protocol"><code>javascript:</code> URI</span>.</dd>
+ <!-- XXXURL use url -->
<dt>If a <code>Document</code> or image was served over the
network and has an address that uses a URI scheme with a
server-based naming authority</dt>
+ <!-- XXXURL use url -->
<dd>The <span>origin</span> is the <span>origin</span> of the
<span title="the document's address">full URI</span><!--
XXXDOCURL --> of the <code>Document</code> or image.</dd>
+ <!-- XXXURL use url -->
<dt>If a <code>Document</code> or image was generated from a
<code title="">data:</code> URI that was returned as the location
of an HTTP redirect (or equivalent in other protocols)</dt>
+ <!-- XXXURL use url -->
<dd>The <span>origin</span> is the <span>origin</span> of the URI
that redirected to the <code title="">data:</code> URI.</dd>
+ <!-- XXXURL use url -->
<dt>If a <code>Document</code> or image was generated from a
<code title="">data:</code> URI found in another
<code>Document</code> or in a script</dt>
+ <!-- XXXURL use url -->
<dd>The <span>origin</span> is the <span>origin</span> of the
<code>Document</code> or script in which the <code
title="">data:</code> URI was found.</dd>
+ <!-- XXXURL use url -->
+ <!-- XXXDOCURL use the document's address? -->
<dt>If a <code>Document</code> has the URI
"<code>about:blank</code>"</dt>
@@ -26897,6 +26928,7 @@
assigned when its browsing context was created</a>.</dd>
+ <!-- XXXURL data: URL issue -->
<dt>If a <code>Document</code> or image was obtained in some
other manner (e.g. a <code title="">data:</code> URI typed in by
the user, a <code>Document</code> created using the <code
@@ -27113,6 +27145,7 @@
<li>Processing of <code>script</code> elements.</li>
+ <!-- XXXURL JSURL issue -->
<li>Processing of inline <code title="javascript
protocol">javascript:</code> URIs (e.g. the <code
title="attr-img-src">src</code> attribute of <code>img</code>
@@ -27200,18 +27233,22 @@
<h4 id="javascript-protocol"><dfn title="javascript protocol">The <code title="">javascript:</code> protocol</dfn></h4>
+ <!-- XXXURL merge into URLs section? (we could define 'fetch'/'download' while we're at it?) -->
+ <!-- XXXURL JSURL issue -->
<p>A URI using the <code title="">javascript:</code> protocol must,
if and when dereferenced, be evaluated by executing the script
obtained using the content retrieval operation defined for <code
title="">javascript:</code> URIs. <a
href="#refsJSURI">[JSURI]</a></p>
+<!-- XXXURL JSURL issue -->
<!--
JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.txt and
http://www.websitedev.de/ietf/draft-hoehrmann-javascript-scheme-00.txt should be as stable as it gets,
http://ietfreport.isoc.org/idref/draft-hoehrmann-javascript-scheme/ for the latest version
-->
+ <!-- XXXURL JSURL issue -->
<p>When a <span>browsing context</span> is <span
title="navigate">navigated</span> to a <code>javascript:</code> URI,
and the <span>active document</span> of that browsing context has
@@ -27220,6 +27257,7 @@
<code>Window</code> object of the <span>browsing context</span>
being navigated.</p>
+ <!-- XXXURL JSURL issue -->
<p>When a browsing context is <span
title="navigate">navigated</span> to a <code>javascript:</code> URI,
and the <span>active document</span> of that browsing context has an
@@ -27230,6 +27268,7 @@
<span>browsing context</span> must be the <span>browsing
context</span> being <span title="navigate">navigated</span>.</p>
+ <!-- XXXURL JSURL issue -->
<p>Otherwise, the <span>script execution context</span> must be an
empty object, and the <span>script execution context</span>'s
associated <span>browsing context</span> must be the <span>browsing
@@ -27237,10 +27276,12 @@
attribute, or style sheet from which the <code>javascript:</code>
URI was reached.</p>
+ <!-- XXXURL JSURL issue -->
<p>If the result of executing the script is void (there is no return
value), then the URI must be treated in a manner equivalent to an
HTTP resource with an HTTP 204 No Content response.</p>
+ <!-- XXXURL JSURL issue -->
<p>Otherwise, the URI must be treated in a manner equivalent to an
HTTP resource with a 200 OK response whose <span
title="Content-Type">Content-Type metadata</span> is <code
@@ -27253,12 +27294,14 @@
<div class="example">
+ <!-- XXXURL JSURL issue -->
<p>So for example a <code title="">javascript:</code> URI for a
<code title="attr-img-src">src</code> attribute of an
<code>img</code> element would be evaluated in the context of an
empty object as soon as the attribute is set; it would then be
sniffed to determine the image type and decoded as an image.</p>
+ <!-- XXXURL JSURL issue -->
<p>A <code title="">javascript:</code> URI in an <code
title="attr-a-href">href</code> attribute of an <code>a</code>
element would only be evaluated when the link was <span
@@ -27600,6 +27643,7 @@
<!-- IE actually uncancels the event if the function returns true -->
+ <!-- XXX update the following to match DOM3 Events -->
<p>All event handler attributes on an element, whether set to null
or to a function, must be registered as event listeners on the
element, as if the <code
@@ -27765,6 +27809,7 @@
title="handler-onerror">onerror</code> attribute must be invoked
with three arguments, before notifying the user of the error.</p>
+ <!-- XXXURL use url, or address -->
<p>The three arguments passed to the function are all
<code>DOMString</code>s; the first must give the message that the
UA is considering reporting, the second must give the URI to the
@@ -28342,14 +28387,15 @@
<dd>
+ <!-- XXXURL use url -->
<p>A scheme, such as <code>ftp</code> or <code>fax</code>. The
scheme must be treated case-insensitively by user agents for the
purposes of comparing with the scheme part of URIs that they
consider against the list of registered handlers.</p>
- <p>The <var title="">protocol</var> value, if it contains a colon (as in
- "<code>ftp:</code>"), will never match anything, since schemes
- don't contain colons.</p>
+ <p>The <var title="">protocol</var> value, if it contains a colon
+ (as in "<code>ftp:</code>"), will never match anything, since
+ schemes don't contain colons.</p>
</dd>
@@ -28372,10 +28418,12 @@
</dd>
+ <!-- XXXURL use url -->
<dt><var title="">uri</var></dt>
<dd>
+ <!-- XXXURL use url, algorithms -->
<p>The URI of the page that will handle the requests. When the
user agent uses this URI, it must replace the first occurrence of
the exact literal string "<code>%s</code>" with an escaped version
@@ -28383,6 +28431,7 @@
fetch the resulting URI using the GET method (or equivalent for
non-HTTP URIs).</p>
+ <!-- XXXURL use url, algorithms -->
<p>To get the escaped version of the URI, first, the domain part
of the URI (if any) must be converted to its punycode
representation, and then, every character in the URI that is not
@@ -28396,7 +28445,7 @@
(-), U+002E (.), U+0030 (0) to U+0039 (9), U+0041 (A) to U+005A
(Z), U+005F (_), U+0061 (a) to U+007A (z), and U+007E (~).</p>
- <!-- XXX move that to a common algorithms section if any other
+ <!-- XXXURL move that to a common algorithms section if any other
part of the spec needs it -->
<div class="example">
@@ -28409,6 +28458,7 @@
<pre><a href="http://www.example.net/chickenkïwi.soup">Download our Chicken Kiwi soup!</a></pre>
+ <!-- XXXURL use url -->
<p>...then, assuming this <code>chickenkïwi.soup</code> file
was served with the MIME type <code>application/x-soup</code>,
the UA might navigate to the following URI:</p>
@@ -28434,6 +28484,7 @@
</dl>
+ <!-- XXXURL use url -->
<p>User agents should raise <span title="security
exception">security exceptions</span> if the methods are called with
<var title="">protocol</var> or <var title="">mimeType</var> values
@@ -28507,6 +28558,7 @@
that over-long strings do not cause crashes or buffer overruns, and
so forth.</p>
+ <!-- XXXURL use url -->
<p><strong>Leaking Intranet URIs.</strong> The mechanism described
in this section can result in secret Intranet URIs being leaked, in
the following manner:</p>
@@ -28524,6 +28576,7 @@
</ol>
+ <!-- XXXURL use url -->
<p>No actual confidential file data is leaked in this manner, but
the URIs themselves could contain confidential information. For
example, the URI could be
@@ -28533,11 +28586,13 @@
consider allowing administrators to disable this feature for certain
subdomains, content types, or protocols.</p>
+ <!-- XXXURL use url -->
<p><strong>Leaking secure URIs.</strong> User agents should not send
HTTPS URIs to third-party sites registered as content handlers, in
the same way that user agents do not send <code>Referer</code>
headers from secure sites to third-party sites.</p>
+ <!-- XXXURL use url -->
<p><strong>Leaking credentials.</strong> User agents must never send
username or password information in the URIs that are escaped and
included sent to the handler sites. User agents may even avoid
@@ -28579,6 +28634,7 @@
| ( Trust kittens.example.org ) (( Cancel )) |
|____________________________________________________________|</pre>
+ <!-- XXXURL use url -->
<p>...where "Kittens at work" is the title of the page that invoked
the method, "http://kittens.example.org/" is the URI of that page,
"x-meow" is the string that was passed to the <code
@@ -28592,9 +28648,11 @@
happens. If the user clicks the "Trust" button, then the handler is
remembered.</p>
+ <!-- XXXURL use url -->
<p>When the user then attempts to fetch a URI that uses the
"x-meow:" scheme, then it might display a dialog as follows:</p>
+ <!-- XXXURL use url? -->
<pre>||[ Unknown Protocol ]||||||||||||||||||||||||||||||||||||||||
| |
| You have attempted to access: |
@@ -28632,6 +28690,7 @@
of unknown protocols.</p>
+<!-- XXXURL XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -->
<h3 id="offline">Offline Web applications</h3>
More information about the Commit-Watchers
mailing list