[html5] r4841 - [giow] (2) Explicitly fire 'error' on <img src=''> (blank src)
whatwg at whatwg.org
whatwg at whatwg.org
Thu Mar 11 15:33:39 PST 2010
Author: ianh
Date: 2010-03-11 15:33:37 -0800 (Thu, 11 Mar 2010)
New Revision: 4841
Modified:
complete.html
index
source
Log:
[giow] (2) Explicitly fire 'error' on <img src=''> (blank src)
Modified: complete.html
===================================================================
--- complete.html 2010-03-11 04:46:55 UTC (rev 4840)
+++ complete.html 2010-03-11 23:33:37 UTC (rev 4841)
@@ -18534,29 +18534,38 @@
<hr><p>Unless the user agent cannot support images, or its support for
images has been disabled, or the user agent only fetches elements on
- demand, or the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
- attribute's value is the empty string, then, when an
- <code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
- user agent must <a href=#resolve-a-url title="resolve a url">resolve</a> the value
- of that attribute, relative to the element, and if that is
- successful must then <a href=#fetch>fetch</a> that resource.</p> <!-- Note
- how this does NOT happen when the base URL changes. --> <!--
- http-origin privacy sensitive -->
+ demand, then, when an <code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
+ user agent must run the following steps:</p> <!-- Note how this does
+ NOT happen when the base URL changes. -->
- <!-- same text in <input type=image> section and similar text elsewhere -->
- <p>Fetching the image must <a href=#delay-the-load-event>delay the load event</a> of the
- element's document until the <a href=#concept-task title=concept-task>task</a>
- that is <a href=#queue-a-task title="queue a task">queued</a> by the
- <a href=#networking-task-source>networking task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a> (defined below) has been run.</p>
+ <ol><li><p>If the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
+ attribute's value is the empty string, then <a href=#queue-a-task>queue a
+ task</a> to <a href=#fire-a-simple-event>fire a simple event</a> named <code title=event-error>error</code> at the <code><a href=#the-img-element>img</a></code> element,
+ and abort these steps.</li>
- <p class=warning>This, unfortunately, can be used to perform a
- rudimentary port scan of the user's local network (especially in
- conjunction with scripting, though scripting isn't actually
- necessary to carry out such an attack). User agents may implement
- <a href=#origin title=origin>cross-origin</a> access control policies
- that mitigate this attack.</p>
+ <li>
- <p>If the image is in a supported image type and its dimensions are
+ <p>Otherwise, <a href=#resolve-a-url title="resolve a url">resolve</a> the value
+ of that attribute, relative to the element, and if that is
+ successful must then <a href=#fetch>fetch</a> that resource.</p> <!--
+ http-origin privacy sensitive -->
+
+ <!-- same text in <input type=image> section and similar text
+ elsewhere --> <p>Fetching the image must <a href=#delay-the-load-event>delay the load
+ event</a> of the element's document until the <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a
+ task">queued</a> by the <a href=#networking-task-source>networking task source</a>
+ once the resource has been <a href=#fetch title=fetch>fetched</a> (<a href=#img-load>defined below</a>) has been run.</p>
+
+ <p class=warning>This, unfortunately, can be used to perform a
+ rudimentary port scan of the user's local network (especially in
+ conjunction with scripting, though scripting isn't actually
+ necessary to carry out such an attack). User agents may implement
+ <a href=#origin title=origin>cross-origin</a> access control policies
+ that mitigate this attack.</p>
+
+ </li>
+
+ </ol><p>If the image is in a supported image type and its dimensions are
known, then the image is said to be <dfn id=img-available title=img-available><i>available</i></dfn> (this affects exactly
what the element represents, as defined below). This can be true
even before the image is completely downloaded, if the user agent
@@ -18569,9 +18578,8 @@
<p>If the image was not fetched (e.g. because the UA's image support
is disabled, or because the <code title=attr-img-src><a href=#attr-img-src>src</a></code>
- attribute's value is an <i>ignored self-reference</i>), or if the
- conditions in the previous paragraph are not met, then the image is
- <em>not</em> <i title=img-available><a href=#img-available>available</a></i>.</p>
+ attribute's value is the empty string, or if the conditions in the
+ previous paragraph are not met, then the image is <em>not</em> <i title=img-available><a href=#img-available>available</a></i>.</p>
<p class=note>An image might be <i title=img-available><a href=#img-available>available</a></i> in one <a href=#view>view</a> but not
another. For instance, a <code><a href=#document>Document</a></code> could be rendered by
@@ -18608,8 +18616,9 @@
<p>This specification does not specify which image types are to be
supported.</p>
- <p>The <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking task
- source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
+ <p id=img-load>The <a href=#concept-task title=concept-task>task</a> that is
+ <a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking
+ task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
following alternatives:</p>
<dl class=switch><dt>If the download was successful and the image is <i title=img-available><a href=#img-available>available</a></i></dt>
Modified: index
===================================================================
--- index 2010-03-11 04:46:55 UTC (rev 4840)
+++ index 2010-03-11 23:33:37 UTC (rev 4841)
@@ -18433,29 +18433,38 @@
<hr><p>Unless the user agent cannot support images, or its support for
images has been disabled, or the user agent only fetches elements on
- demand, or the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
- attribute's value is the empty string, then, when an
- <code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
- user agent must <a href=#resolve-a-url title="resolve a url">resolve</a> the value
- of that attribute, relative to the element, and if that is
- successful must then <a href=#fetch>fetch</a> that resource.</p> <!-- Note
- how this does NOT happen when the base URL changes. --> <!--
- http-origin privacy sensitive -->
+ demand, then, when an <code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
+ user agent must run the following steps:</p> <!-- Note how this does
+ NOT happen when the base URL changes. -->
- <!-- same text in <input type=image> section and similar text elsewhere -->
- <p>Fetching the image must <a href=#delay-the-load-event>delay the load event</a> of the
- element's document until the <a href=#concept-task title=concept-task>task</a>
- that is <a href=#queue-a-task title="queue a task">queued</a> by the
- <a href=#networking-task-source>networking task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a> (defined below) has been run.</p>
+ <ol><li><p>If the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
+ attribute's value is the empty string, then <a href=#queue-a-task>queue a
+ task</a> to <a href=#fire-a-simple-event>fire a simple event</a> named <code title=event-error>error</code> at the <code><a href=#the-img-element>img</a></code> element,
+ and abort these steps.</li>
- <p class=warning>This, unfortunately, can be used to perform a
- rudimentary port scan of the user's local network (especially in
- conjunction with scripting, though scripting isn't actually
- necessary to carry out such an attack). User agents may implement
- <a href=#origin title=origin>cross-origin</a> access control policies
- that mitigate this attack.</p>
+ <li>
- <p>If the image is in a supported image type and its dimensions are
+ <p>Otherwise, <a href=#resolve-a-url title="resolve a url">resolve</a> the value
+ of that attribute, relative to the element, and if that is
+ successful must then <a href=#fetch>fetch</a> that resource.</p> <!--
+ http-origin privacy sensitive -->
+
+ <!-- same text in <input type=image> section and similar text
+ elsewhere --> <p>Fetching the image must <a href=#delay-the-load-event>delay the load
+ event</a> of the element's document until the <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a
+ task">queued</a> by the <a href=#networking-task-source>networking task source</a>
+ once the resource has been <a href=#fetch title=fetch>fetched</a> (<a href=#img-load>defined below</a>) has been run.</p>
+
+ <p class=warning>This, unfortunately, can be used to perform a
+ rudimentary port scan of the user's local network (especially in
+ conjunction with scripting, though scripting isn't actually
+ necessary to carry out such an attack). User agents may implement
+ <a href=#origin title=origin>cross-origin</a> access control policies
+ that mitigate this attack.</p>
+
+ </li>
+
+ </ol><p>If the image is in a supported image type and its dimensions are
known, then the image is said to be <dfn id=img-available title=img-available><i>available</i></dfn> (this affects exactly
what the element represents, as defined below). This can be true
even before the image is completely downloaded, if the user agent
@@ -18468,9 +18477,8 @@
<p>If the image was not fetched (e.g. because the UA's image support
is disabled, or because the <code title=attr-img-src><a href=#attr-img-src>src</a></code>
- attribute's value is an <i>ignored self-reference</i>), or if the
- conditions in the previous paragraph are not met, then the image is
- <em>not</em> <i title=img-available><a href=#img-available>available</a></i>.</p>
+ attribute's value is the empty string, or if the conditions in the
+ previous paragraph are not met, then the image is <em>not</em> <i title=img-available><a href=#img-available>available</a></i>.</p>
<p class=note>An image might be <i title=img-available><a href=#img-available>available</a></i> in one <a href=#view>view</a> but not
another. For instance, a <code><a href=#document>Document</a></code> could be rendered by
@@ -18507,8 +18515,9 @@
<p>This specification does not specify which image types are to be
supported.</p>
- <p>The <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking task
- source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
+ <p id=img-load>The <a href=#concept-task title=concept-task>task</a> that is
+ <a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking
+ task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
following alternatives:</p>
<dl class=switch><dt>If the download was successful and the image is <i title=img-available><a href=#img-available>available</a></i></dt>
Modified: source
===================================================================
--- source 2010-03-11 04:46:55 UTC (rev 4840)
+++ source 2010-03-11 23:33:37 UTC (rev 4841)
@@ -19657,31 +19657,46 @@
<p>Unless the user agent cannot support images, or its support for
images has been disabled, or the user agent only fetches elements on
- demand, or the element's <code title="attr-img-src">src</code>
- attribute's value is the empty string, then, when an
- <code>img</code> is created with a <code
+ demand, then, when an <code>img</code> is created with a <code
title="attr-img-src">src</code> attribute, and whenever the <code
title="attr-img-src">src</code> attribute is set subsequently, the
- user agent must <span title="resolve a url">resolve</span> the value
- of that attribute, relative to the element, and if that is
- successful must then <span>fetch</span> that resource.</p> <!-- Note
- how this does NOT happen when the base URL changes. --> <!--
- http-origin privacy sensitive -->
+ user agent must run the following steps:</p> <!-- Note how this does
+ NOT happen when the base URL changes. -->
- <!-- same text in <input type=image> section and similar text elsewhere -->
- <p>Fetching the image must <span>delay the load event</span> of the
- element's document until the <span title="concept-task">task</span>
- that is <span title="queue a task">queued</span> by the
- <span>networking task source</span> once the resource has been <span
- title="fetch">fetched</span> (defined below) has been run.</p>
+ <ol>
- <p class="warning">This, unfortunately, can be used to perform a
- rudimentary port scan of the user's local network (especially in
- conjunction with scripting, though scripting isn't actually
- necessary to carry out such an attack). User agents may implement
- <span title="origin">cross-origin</span> access control policies
- that mitigate this attack.</p>
+ <li><p>If the element's <code title="attr-img-src">src</code>
+ attribute's value is the empty string, then <span>queue a
+ task</span> to <span>fire a simple event</span> named <code
+ title="event-error">error</code> at the <code>img</code> element,
+ and abort these steps.</p></li>
+ <li>
+
+ <p>Otherwise, <span title="resolve a url">resolve</span> the value
+ of that attribute, relative to the element, and if that is
+ successful must then <span>fetch</span> that resource.</p> <!--
+ http-origin privacy sensitive -->
+
+ <!-- same text in <input type=image> section and similar text
+ elsewhere --> <p>Fetching the image must <span>delay the load
+ event</span> of the element's document until the <span
+ title="concept-task">task</span> that is <span title="queue a
+ task">queued</span> by the <span>networking task source</span>
+ once the resource has been <span title="fetch">fetched</span> (<a
+ href="#img-load">defined below</a>) has been run.</p>
+
+ <p class="warning">This, unfortunately, can be used to perform a
+ rudimentary port scan of the user's local network (especially in
+ conjunction with scripting, though scripting isn't actually
+ necessary to carry out such an attack). User agents may implement
+ <span title="origin">cross-origin</span> access control policies
+ that mitigate this attack.</p>
+
+ </li>
+
+ </ol>
+
<p>If the image is in a supported image type and its dimensions are
known, then the image is said to be <dfn
title="img-available"><i>available</i></dfn> (this affects exactly
@@ -19697,9 +19712,9 @@
<p>If the image was not fetched (e.g. because the UA's image support
is disabled, or because the <code title="attr-img-src">src</code>
- attribute's value is an <i>ignored self-reference</i>), or if the
- conditions in the previous paragraph are not met, then the image is
- <em>not</em> <i title="img-available">available</i>.</p>
+ attribute's value is the empty string, or if the conditions in the
+ previous paragraph are not met, then the image is <em>not</em> <i
+ title="img-available">available</i>.</p>
<p class="note">An image might be <i
title="img-available">available</i> in one <span>view</span> but not
@@ -19739,9 +19754,9 @@
<p>This specification does not specify which image types are to be
supported.</p>
- <p>The <span title="concept-task">task</span> that is <span
- title="queue a task">queued</span> by the <span>networking task
- source</span> once the resource has been <span
+ <p id="img-load">The <span title="concept-task">task</span> that is
+ <span title="queue a task">queued</span> by the <span>networking
+ task source</span> once the resource has been <span
title="fetch">fetched</span>, must act as appropriate given the
following alternatives:</p>
More information about the Commit-Watchers
mailing list