[html5] r6147 - [cgiow] (0) Change cross-origin='' to crossorigin='' since people don't seem to [...]
whatwg at whatwg.org
whatwg at whatwg.org
Mon May 23 14:29:15 PDT 2011
Author: ianh
Date: 2011-05-23 14:29:13 -0700 (Mon, 23 May 2011)
New Revision: 6147
Modified:
complete.html
index
source
Log:
[cgiow] (0) Change cross-origin='' to crossorigin='' since people don't seem to like hyphens. Poor hyphens.
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=12679
Modified: complete.html
===================================================================
--- complete.html 2011-05-23 21:24:43 UTC (rev 6146)
+++ complete.html 2011-05-23 21:29:13 UTC (rev 6147)
@@ -7219,33 +7219,33 @@
<table><thead><tr><th> Keyword
<th> State
<th> Brief description
- <tbody><tr><td><dfn id=attr-cross-origin-anonymous-keyword title=attr-cross-origin-anonymous-keyword><code>anonymous</code></dfn>
- <td><dfn id=attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</dfn>
+ <tbody><tr><td><dfn id=attr-crossorigin-anonymous-keyword title=attr-crossorigin-anonymous-keyword><code>anonymous</code></dfn>
+ <td><dfn id=attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</dfn>
<td>Cross-origin CORS requests for the element will not have the <i>credentials flag</i> set.
- <tr><td><dfn id=attr-cross-origin-use-credentials-keyword title=attr-cross-origin-use-credentials-keyword><code>use-credentials</code></dfn>
- <td><dfn id=attr-cross-origin-use-credentials title=attr-cross-origin-use-credentials>Use Credentials</dfn>
+ <tr><td><dfn id=attr-crossorigin-use-credentials-keyword title=attr-crossorigin-use-credentials-keyword><code>use-credentials</code></dfn>
+ <td><dfn id=attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use Credentials</dfn>
<td>Cross-origin CORS requests for the element will have the <i>credentials flag</i> set.
- </table><p>The empty string is also a valid keyword, and maps to the <a href=#attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</a> state. The
- attribute's <i>invalid value default</i> is the <a href=#attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</a> state. The
+ </table><p>The empty string is also a valid keyword, and maps to the <a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a> state. The
+ attribute's <i>invalid value default</i> is the <a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a> state. The
<i>missing value default</i>, used when the attribute is omitted, is
- the <dfn id=attr-cross-origin-none title=attr-cross-origin-none>No CORS</dfn> state.</p>
+ the <dfn id=attr-crossorigin-none title=attr-crossorigin-none>No CORS</dfn> state.</p>
<h4 id=cors-enabled-fetch><span class=secno>2.7.6 </span>CORS-enabled fetch</h4>
<p>When the user agent is required to perform a <dfn id=potentially-cors-enabled-fetch>potentially
CORS-enabled fetch</dfn> of an <a href=#absolute-url>absolute URL</a> <var title="">URL</var>, with a mode <var title="">mode</var> that is
- either "<a href=#attr-cross-origin-none title=attr-cross-origin-none>No CORS</a>", "<a href=#attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</a>", or "<a href=#attr-cross-origin-use-credentials title=attr-cross-origin-use-credentials>Use Credentials</a>",
+ either "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>", "<a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a>", or "<a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use Credentials</a>",
an <a href=#origin>origin</a> <var title="">origin</var>, and a default
origin behaviour <var title="">default</var> which is either
"<i>taint</i>" or "<i>fail</i>", it must run the first applicable
set of steps from the following list. The default origin behaviour
- is only used if <var title="">mode</var> is "<a href=#attr-cross-origin-none title=attr-cross-origin-none>No CORS</a>". This algorithm wraps
+ is only used if <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>". This algorithm wraps
the <a href=#fetch>fetch</a> algorithm above, and labels the obtained
resource as either <dfn id=cors-same-origin>CORS-same-origin</dfn> or
<dfn id=cors-cross-origin>CORS-cross-origin</dfn>, or blocks the resource entirely.</p>
- <dl class=switch><dt>If <var title="">mode</var> is "<a href=#attr-cross-origin-none title=attr-cross-origin-none>No CORS</a>"</dt>
+ <dl class=switch><dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
<dd>
@@ -7338,7 +7338,7 @@
</ol></dd>
- <dt>If <var title="">mode</var> is "<a href=#attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</a>" or "<a href=#attr-cross-origin-use-credentials title=attr-cross-origin-use-credentials>Use
+ <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a>" or "<a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
Credentials</a>"</dt>
<dd>
@@ -7349,7 +7349,7 @@
<i>request URL</i> set to <var title="">URL</var>, the
<i>source origin</i> set to <var title="">origin</var>, and the
<i>credentials flag</i> set to true if <var title="">mode</var>
- is "<a href=#attr-cross-origin-use-credentials title=attr-cross-origin-use-credentials>Use
+ is "<a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
Credentials</a>" and set to false otherwise. <a href=#refsCORS>[CORS]</a></li>
<li><p>Wait for the CORS <a href=#cross-origin-request-status>cross-origin request status</a>
@@ -22166,7 +22166,7 @@
<dd><a href=#global-attributes>Global attributes</a></dd>
<dd><code title=attr-img-alt><a href=#attr-img-alt>alt</a></code></dd>
<dd><code title=attr-img-src><a href=#attr-img-src>src</a></code></dd>
- <dd><code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code></dd>
+ <dd><code title=attr-img-crossorigin><a href=#attr-img-crossorigin>crossorigin</a></code></dd>
<dd><code title=attr-hyperlink-usemap><a href=#attr-hyperlink-usemap>usemap</a></code></dd>
<dd><code title=attr-img-ismap><a href=#attr-img-ismap>ismap</a></code></dd>
<dd><code title=attr-dim-width><a href=#attr-dim-width>width</a></code></dd>
@@ -22202,7 +22202,7 @@
Slight hitch: their images are at a different origin, and we
don't want to allow arbitrary cross-origin inspection (privacy
- leak risk).
+ leak risk). So it will require them to do CORS opt-in.
* See note at rel=noreferrer.
@@ -22241,7 +22241,7 @@
display transparent images, as they rarely convey meaning and rarely
add anything useful to the document.</p>
- <p>The <dfn id=attr-img-cross-origin title=attr-img-cross-origin><code>cross-origin</code></dfn>
+ <p>The <dfn id=attr-img-crossorigin title=attr-img-crossorigin><code>crossorigin</code></dfn>
attribute is a <a href=#cors-settings-attribute>CORS settings attribute</a>.</p>
<div class=impl>
@@ -22319,7 +22319,7 @@
<p>Otherwise, do a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of
the resulting <a href=#absolute-url>absolute URL</a>, with the <i>mode</i>
- being the state of the element's <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code> content
+ being the state of the element's <code title=attr-img-crossorigin><a href=#attr-img-crossorigin>crossorigin</a></code> content
attribute, the <i><a href=#origin>origin</a></i> being the <a href=#origin>origin</a> of the
<code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>, and the
<i>default origin behaviour</i> set to <i>taint</i>.</p>
@@ -22341,8 +22341,9 @@
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<a href=#origin title=origin>cross-origin</a> access control policies
- that mitigate this attack, but unfortunately such policies are
- typically not compatible with existing Web content.</p>
+ that are stricter than those described above to mitigate this
+ attack, but unfortunately such policies are typically not
+ compatible with existing Web content.</p>
</li>
@@ -22572,7 +22573,7 @@
name.</p>
<p>The <dfn id=dom-img-crossorigin title=dom-img-crossOrigin><code>crossOrigin</code></dfn> IDL
- attribute must <a href=#reflect>reflect</a> the <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code> content
+ attribute must <a href=#reflect>reflect</a> the <code title=attr-img-crossorigin><a href=#attr-img-crossorigin>crossorigin</a></code> content
attribute.</p>
<p>The <dfn id=dom-img-usemap title=dom-img-useMap><code>useMap</code></dfn> IDL
@@ -25622,7 +25623,7 @@
<dt>Content attributes:</dt>
<dd><a href=#global-attributes>Global attributes</a></dd>
<dd><code title=attr-media-src><a href=#attr-media-src>src</a></code></dd>
- <dd><code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code></dd>
+ <dd><code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code></dd>
<dd><code title=attr-video-poster><a href=#attr-video-poster>poster</a></code></dd>
<dd><code title=attr-media-preload><a href=#attr-media-preload>preload</a></code></dd>
<dd><code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code></dd>
@@ -25957,7 +25958,7 @@
<dt>Content attributes:</dt>
<dd><a href=#global-attributes>Global attributes</a></dd>
<dd><code title=attr-media-src><a href=#attr-media-src>src</a></code></dd>
- <dd><code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code></dd>
+ <dd><code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code></dd>
<dd><code title=attr-media-preload><a href=#attr-media-preload>preload</a></code></dd>
<dd><code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code></dd>
<dd><code title=attr-media-mediagroup><a href=#attr-media-mediagroup>mediagroup</a></code></dd>
@@ -26517,7 +26518,7 @@
<a href=#mutabletexttrack>MutableTextTrack</a> <a href=#dom-media-addtexttrack title=dom-media-addTextTrack>addTextTrack</a>(in DOMString kind, in optional DOMString label, in optional DOMString language);
};</pre>
- <p>The <dfn id=media-element-attributes>media element attributes</dfn>, <code title=attr-media-src><a href=#attr-media-src>src</a></code>, <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code>, <code title=attr-media-preload><a href=#attr-media-preload>preload</a></code>, <code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code>,
+ <p>The <dfn id=media-element-attributes>media element attributes</dfn>, <code title=attr-media-src><a href=#attr-media-src>src</a></code>, <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code>, <code title=attr-media-preload><a href=#attr-media-preload>preload</a></code>, <code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code>,
<code title=attr-media-mediagroup><a href=#attr-media-mediagroup>mediagroup</a></code>,
<code title=attr-media-loop><a href=#attr-media-loop>loop</a></code>,
<code title=attr-media-muted><a href=#attr-media-muted>muted</a></code>, and <code title=attr-media-controls><a href=#attr-media-controls>controls</a></code>, apply to all <a href=#media-element title="media element">media elements</a>. They are defined in
@@ -26672,7 +26673,7 @@
attribute, if present, must contain a <a href=#valid-non-empty-url-potentially-surrounded-by-spaces>valid non-empty
URL potentially surrounded by spaces</a>.</p>
- <p>The <dfn id=attr-media-cross-origin title=attr-media-cross-origin><code>cross-origin</code></dfn>
+ <p>The <dfn id=attr-media-crossorigin title=attr-media-crossorigin><code>crossorigin</code></dfn>
content attribute on <a href=#media-element title="media element">media
elements</a> is a <a href=#cors-settings-attribute>CORS settings attribute</a>.</p>
@@ -26689,7 +26690,7 @@
<a href=#reflect>reflect</a> the content attribute of the same name.</p>
<p>The <dfn id=dom-media-crossorigin title=dom-media-crossOrigin><code>crossOrigin</code></dfn> IDL
- attribute must <a href=#reflect>reflect</a> the <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code> content
+ attribute must <a href=#reflect>reflect</a> the <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code> content
attribute.</p>
</div>
@@ -27288,7 +27289,7 @@
<p>Perform a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of the
<var title="">current media resource</var>'s <a href=#absolute-url>absolute
URL</a>, with the <i>mode</i> being the state of the
- <a href=#media-element>media element</a>'s <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code> content
+ <a href=#media-element>media element</a>'s <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code> content
attribute, the <i><a href=#origin>origin</a></i> being the <a href=#origin>origin</a> of the
<a href=#media-element>media element</a>'s <code><a href=#document>Document</a></code>, and the
<i>default origin behaviour</i> set to <i>taint</i>.</p>
@@ -30821,7 +30822,7 @@
<p>If <var title="">URL</var> is not the empty string, perform a
<a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of <var title="">URL</var>, with the <i>mode</i> being the state of the
- <a href=#media-element>media element</a>'s <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code> content
+ <a href=#media-element>media element</a>'s <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code> content
attribute, the <i><a href=#origin>origin</a></i> being the <a href=#origin>origin</a> of the
<a href=#media-element>media element</a>'s <code><a href=#document>Document</a></code>, and the
<i>default origin behaviour</i> set to <i>fail</i>.</p>
@@ -33934,7 +33935,7 @@
obtained if the user agent further exposes metadata within the
content such as subtitles or chapter titles. Such information is
therefore only exposed if the video resource passes a CORS
- <a href=#resource-sharing-check>resource sharing check</a>. The <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code> attribute allows
+ <a href=#resource-sharing-check>resource sharing check</a>. The <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code> attribute allows
authors to control how this check is performed. <a href=#refsCORS>[CORS]</a></p>
<p class=example>Without this restriction, an attacker could trick
@@ -95702,7 +95703,7 @@
<a href=#transparent>transparent</a>*</td>
<td><a href=#global-attributes title="global attributes">globals</a>;
<code title=attr-media-src><a href=#attr-media-src>src</a></code>;
- <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code>;
+ <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code>;
<code title=attr-media-preload><a href=#attr-media-preload>preload</a></code>;
<code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code>;
<code title=attr-media-mediagroup><a href=#attr-media-mediagroup>mediagroup</a></code>;
@@ -96107,7 +96108,7 @@
<td><a href=#global-attributes title="global attributes">globals</a>;
<code title=attr-img-alt><a href=#attr-img-alt>alt</a></code>;
<code title=attr-img-src><a href=#attr-img-src>src</a></code>;
- <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code>;
+ <code title=attr-img-crossorigin><a href=#attr-img-crossorigin>crossorigin</a></code>;
<code title=attr-hyperlink-usemap><a href=#attr-hyperlink-usemap>usemap</a></code>;
<code title=attr-img-ismap><a href=#attr-img-ismap>ismap</a></code>;
<code title=attr-dim-width><a href=#attr-dim-width>width</a></code>;
@@ -96744,7 +96745,7 @@
<a href=#transparent>transparent</a>*</td>
<td><a href=#global-attributes title="global attributes">globals</a>;
<code title=attr-media-src><a href=#attr-media-src>src</a></code>;
- <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code>;
+ <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code>;
<code title=attr-video-poster><a href=#attr-video-poster>poster</a></code>;
<code title=attr-media-preload><a href=#attr-media-preload>preload</a></code>;
<code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code>;
@@ -97219,12 +97220,12 @@
<td> <code title=attr-area-coords><a href=#attr-area-coords>area</a></code>
<td> Coordinates for the shape to be created in an <a href=#image-map>image map</a>
<td> <a href=#valid-list-of-integers>Valid list of integers</a>*
- <tr><th> <code title="">cross-origin</code>
- <td> <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>audio</a></code>;
- <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>img</a></code>;
- <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>video</a></code>
- <td> How the element handles cross-origin requests.
- <td> "<code title=attr-cross-origin-anonymous-keyword><a href=#attr-cross-origin-anonymous-keyword>anonymous</a></code>"; "<code title=attr-cross-origin-use-credentials-keyword><a href=#attr-cross-origin-use-credentials-keyword>use-credentials</a></code>"
+ <tr><th> <code title="">crossorigin</code>
+ <td> <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>audio</a></code>;
+ <code title=attr-img-crossorigin><a href=#attr-img-crossorigin>img</a></code>;
+ <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>video</a></code>
+ <td> How the element handles crossorigin requests.
+ <td> "<code title=attr-crossorigin-anonymous-keyword><a href=#attr-crossorigin-anonymous-keyword>anonymous</a></code>"; "<code title=attr-crossorigin-use-credentials-keyword><a href=#attr-crossorigin-use-credentials-keyword>use-credentials</a></code>"
<tr><th> <code title="">data</code>
<td> <code title=attr-object-data><a href=#attr-object-data>object</a></code>
<td> Address of the resource
Modified: index
===================================================================
--- index 2011-05-23 21:24:43 UTC (rev 6146)
+++ index 2011-05-23 21:29:13 UTC (rev 6147)
@@ -7236,33 +7236,33 @@
<table><thead><tr><th> Keyword
<th> State
<th> Brief description
- <tbody><tr><td><dfn id=attr-cross-origin-anonymous-keyword title=attr-cross-origin-anonymous-keyword><code>anonymous</code></dfn>
- <td><dfn id=attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</dfn>
+ <tbody><tr><td><dfn id=attr-crossorigin-anonymous-keyword title=attr-crossorigin-anonymous-keyword><code>anonymous</code></dfn>
+ <td><dfn id=attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</dfn>
<td>Cross-origin CORS requests for the element will not have the <i>credentials flag</i> set.
- <tr><td><dfn id=attr-cross-origin-use-credentials-keyword title=attr-cross-origin-use-credentials-keyword><code>use-credentials</code></dfn>
- <td><dfn id=attr-cross-origin-use-credentials title=attr-cross-origin-use-credentials>Use Credentials</dfn>
+ <tr><td><dfn id=attr-crossorigin-use-credentials-keyword title=attr-crossorigin-use-credentials-keyword><code>use-credentials</code></dfn>
+ <td><dfn id=attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use Credentials</dfn>
<td>Cross-origin CORS requests for the element will have the <i>credentials flag</i> set.
- </table><p>The empty string is also a valid keyword, and maps to the <a href=#attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</a> state. The
- attribute's <i>invalid value default</i> is the <a href=#attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</a> state. The
+ </table><p>The empty string is also a valid keyword, and maps to the <a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a> state. The
+ attribute's <i>invalid value default</i> is the <a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a> state. The
<i>missing value default</i>, used when the attribute is omitted, is
- the <dfn id=attr-cross-origin-none title=attr-cross-origin-none>No CORS</dfn> state.</p>
+ the <dfn id=attr-crossorigin-none title=attr-crossorigin-none>No CORS</dfn> state.</p>
<h4 id=cors-enabled-fetch><span class=secno>2.7.6 </span>CORS-enabled fetch</h4>
<p>When the user agent is required to perform a <dfn id=potentially-cors-enabled-fetch>potentially
CORS-enabled fetch</dfn> of an <a href=#absolute-url>absolute URL</a> <var title="">URL</var>, with a mode <var title="">mode</var> that is
- either "<a href=#attr-cross-origin-none title=attr-cross-origin-none>No CORS</a>", "<a href=#attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</a>", or "<a href=#attr-cross-origin-use-credentials title=attr-cross-origin-use-credentials>Use Credentials</a>",
+ either "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>", "<a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a>", or "<a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use Credentials</a>",
an <a href=#origin>origin</a> <var title="">origin</var>, and a default
origin behaviour <var title="">default</var> which is either
"<i>taint</i>" or "<i>fail</i>", it must run the first applicable
set of steps from the following list. The default origin behaviour
- is only used if <var title="">mode</var> is "<a href=#attr-cross-origin-none title=attr-cross-origin-none>No CORS</a>". This algorithm wraps
+ is only used if <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>". This algorithm wraps
the <a href=#fetch>fetch</a> algorithm above, and labels the obtained
resource as either <dfn id=cors-same-origin>CORS-same-origin</dfn> or
<dfn id=cors-cross-origin>CORS-cross-origin</dfn>, or blocks the resource entirely.</p>
- <dl class=switch><dt>If <var title="">mode</var> is "<a href=#attr-cross-origin-none title=attr-cross-origin-none>No CORS</a>"</dt>
+ <dl class=switch><dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-none title=attr-crossorigin-none>No CORS</a>"</dt>
<dd>
@@ -7355,7 +7355,7 @@
</ol></dd>
- <dt>If <var title="">mode</var> is "<a href=#attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</a>" or "<a href=#attr-cross-origin-use-credentials title=attr-cross-origin-use-credentials>Use
+ <dt>If <var title="">mode</var> is "<a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a>" or "<a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
Credentials</a>"</dt>
<dd>
@@ -7366,7 +7366,7 @@
<i>request URL</i> set to <var title="">URL</var>, the
<i>source origin</i> set to <var title="">origin</var>, and the
<i>credentials flag</i> set to true if <var title="">mode</var>
- is "<a href=#attr-cross-origin-use-credentials title=attr-cross-origin-use-credentials>Use
+ is "<a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
Credentials</a>" and set to false otherwise. <a href=#refsCORS>[CORS]</a></li>
<li><p>Wait for the CORS <a href=#cross-origin-request-status>cross-origin request status</a>
@@ -22183,7 +22183,7 @@
<dd><a href=#global-attributes>Global attributes</a></dd>
<dd><code title=attr-img-alt><a href=#attr-img-alt>alt</a></code></dd>
<dd><code title=attr-img-src><a href=#attr-img-src>src</a></code></dd>
- <dd><code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code></dd>
+ <dd><code title=attr-img-crossorigin><a href=#attr-img-crossorigin>crossorigin</a></code></dd>
<dd><code title=attr-hyperlink-usemap><a href=#attr-hyperlink-usemap>usemap</a></code></dd>
<dd><code title=attr-img-ismap><a href=#attr-img-ismap>ismap</a></code></dd>
<dd><code title=attr-dim-width><a href=#attr-dim-width>width</a></code></dd>
@@ -22219,7 +22219,7 @@
Slight hitch: their images are at a different origin, and we
don't want to allow arbitrary cross-origin inspection (privacy
- leak risk).
+ leak risk). So it will require them to do CORS opt-in.
* See note at rel=noreferrer.
@@ -22258,7 +22258,7 @@
display transparent images, as they rarely convey meaning and rarely
add anything useful to the document.</p>
- <p>The <dfn id=attr-img-cross-origin title=attr-img-cross-origin><code>cross-origin</code></dfn>
+ <p>The <dfn id=attr-img-crossorigin title=attr-img-crossorigin><code>crossorigin</code></dfn>
attribute is a <a href=#cors-settings-attribute>CORS settings attribute</a>.</p>
<div class=impl>
@@ -22336,7 +22336,7 @@
<p>Otherwise, do a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of
the resulting <a href=#absolute-url>absolute URL</a>, with the <i>mode</i>
- being the state of the element's <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code> content
+ being the state of the element's <code title=attr-img-crossorigin><a href=#attr-img-crossorigin>crossorigin</a></code> content
attribute, the <i><a href=#origin>origin</a></i> being the <a href=#origin>origin</a> of the
<code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>, and the
<i>default origin behaviour</i> set to <i>taint</i>.</p>
@@ -22358,8 +22358,9 @@
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<a href=#origin title=origin>cross-origin</a> access control policies
- that mitigate this attack, but unfortunately such policies are
- typically not compatible with existing Web content.</p>
+ that are stricter than those described above to mitigate this
+ attack, but unfortunately such policies are typically not
+ compatible with existing Web content.</p>
</li>
@@ -22589,7 +22590,7 @@
name.</p>
<p>The <dfn id=dom-img-crossorigin title=dom-img-crossOrigin><code>crossOrigin</code></dfn> IDL
- attribute must <a href=#reflect>reflect</a> the <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code> content
+ attribute must <a href=#reflect>reflect</a> the <code title=attr-img-crossorigin><a href=#attr-img-crossorigin>crossorigin</a></code> content
attribute.</p>
<p>The <dfn id=dom-img-usemap title=dom-img-useMap><code>useMap</code></dfn> IDL
@@ -25642,7 +25643,7 @@
<dt>Content attributes:</dt>
<dd><a href=#global-attributes>Global attributes</a></dd>
<dd><code title=attr-media-src><a href=#attr-media-src>src</a></code></dd>
- <dd><code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code></dd>
+ <dd><code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code></dd>
<dd><code title=attr-video-poster><a href=#attr-video-poster>poster</a></code></dd>
<dd><code title=attr-media-preload><a href=#attr-media-preload>preload</a></code></dd>
<dd><code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code></dd>
@@ -25977,7 +25978,7 @@
<dt>Content attributes:</dt>
<dd><a href=#global-attributes>Global attributes</a></dd>
<dd><code title=attr-media-src><a href=#attr-media-src>src</a></code></dd>
- <dd><code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code></dd>
+ <dd><code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code></dd>
<dd><code title=attr-media-preload><a href=#attr-media-preload>preload</a></code></dd>
<dd><code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code></dd>
<dd><code title=attr-media-mediagroup><a href=#attr-media-mediagroup>mediagroup</a></code></dd>
@@ -26537,7 +26538,7 @@
<a href=#mutabletexttrack>MutableTextTrack</a> <a href=#dom-media-addtexttrack title=dom-media-addTextTrack>addTextTrack</a>(in DOMString kind, in optional DOMString label, in optional DOMString language);
};</pre>
- <p>The <dfn id=media-element-attributes>media element attributes</dfn>, <code title=attr-media-src><a href=#attr-media-src>src</a></code>, <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code>, <code title=attr-media-preload><a href=#attr-media-preload>preload</a></code>, <code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code>,
+ <p>The <dfn id=media-element-attributes>media element attributes</dfn>, <code title=attr-media-src><a href=#attr-media-src>src</a></code>, <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code>, <code title=attr-media-preload><a href=#attr-media-preload>preload</a></code>, <code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code>,
<code title=attr-media-mediagroup><a href=#attr-media-mediagroup>mediagroup</a></code>,
<code title=attr-media-loop><a href=#attr-media-loop>loop</a></code>,
<code title=attr-media-muted><a href=#attr-media-muted>muted</a></code>, and <code title=attr-media-controls><a href=#attr-media-controls>controls</a></code>, apply to all <a href=#media-element title="media element">media elements</a>. They are defined in
@@ -26692,7 +26693,7 @@
attribute, if present, must contain a <a href=#valid-non-empty-url-potentially-surrounded-by-spaces>valid non-empty
URL potentially surrounded by spaces</a>.</p>
- <p>The <dfn id=attr-media-cross-origin title=attr-media-cross-origin><code>cross-origin</code></dfn>
+ <p>The <dfn id=attr-media-crossorigin title=attr-media-crossorigin><code>crossorigin</code></dfn>
content attribute on <a href=#media-element title="media element">media
elements</a> is a <a href=#cors-settings-attribute>CORS settings attribute</a>.</p>
@@ -26709,7 +26710,7 @@
<a href=#reflect>reflect</a> the content attribute of the same name.</p>
<p>The <dfn id=dom-media-crossorigin title=dom-media-crossOrigin><code>crossOrigin</code></dfn> IDL
- attribute must <a href=#reflect>reflect</a> the <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code> content
+ attribute must <a href=#reflect>reflect</a> the <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code> content
attribute.</p>
</div>
@@ -27308,7 +27309,7 @@
<p>Perform a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of the
<var title="">current media resource</var>'s <a href=#absolute-url>absolute
URL</a>, with the <i>mode</i> being the state of the
- <a href=#media-element>media element</a>'s <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code> content
+ <a href=#media-element>media element</a>'s <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code> content
attribute, the <i><a href=#origin>origin</a></i> being the <a href=#origin>origin</a> of the
<a href=#media-element>media element</a>'s <code><a href=#document>Document</a></code>, and the
<i>default origin behaviour</i> set to <i>taint</i>.</p>
@@ -30841,7 +30842,7 @@
<p>If <var title="">URL</var> is not the empty string, perform a
<a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of <var title="">URL</var>, with the <i>mode</i> being the state of the
- <a href=#media-element>media element</a>'s <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code> content
+ <a href=#media-element>media element</a>'s <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code> content
attribute, the <i><a href=#origin>origin</a></i> being the <a href=#origin>origin</a> of the
<a href=#media-element>media element</a>'s <code><a href=#document>Document</a></code>, and the
<i>default origin behaviour</i> set to <i>fail</i>.</p>
@@ -33954,7 +33955,7 @@
obtained if the user agent further exposes metadata within the
content such as subtitles or chapter titles. Such information is
therefore only exposed if the video resource passes a CORS
- <a href=#resource-sharing-check>resource sharing check</a>. The <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code> attribute allows
+ <a href=#resource-sharing-check>resource sharing check</a>. The <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code> attribute allows
authors to control how this check is performed. <a href=#refsCORS>[CORS]</a></p>
<p class=example>Without this restriction, an attacker could trick
@@ -91675,7 +91676,7 @@
<a href=#transparent>transparent</a>*</td>
<td><a href=#global-attributes title="global attributes">globals</a>;
<code title=attr-media-src><a href=#attr-media-src>src</a></code>;
- <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code>;
+ <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code>;
<code title=attr-media-preload><a href=#attr-media-preload>preload</a></code>;
<code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code>;
<code title=attr-media-mediagroup><a href=#attr-media-mediagroup>mediagroup</a></code>;
@@ -92080,7 +92081,7 @@
<td><a href=#global-attributes title="global attributes">globals</a>;
<code title=attr-img-alt><a href=#attr-img-alt>alt</a></code>;
<code title=attr-img-src><a href=#attr-img-src>src</a></code>;
- <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code>;
+ <code title=attr-img-crossorigin><a href=#attr-img-crossorigin>crossorigin</a></code>;
<code title=attr-hyperlink-usemap><a href=#attr-hyperlink-usemap>usemap</a></code>;
<code title=attr-img-ismap><a href=#attr-img-ismap>ismap</a></code>;
<code title=attr-dim-width><a href=#attr-dim-width>width</a></code>;
@@ -92717,7 +92718,7 @@
<a href=#transparent>transparent</a>*</td>
<td><a href=#global-attributes title="global attributes">globals</a>;
<code title=attr-media-src><a href=#attr-media-src>src</a></code>;
- <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>cross-origin</a></code>;
+ <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>crossorigin</a></code>;
<code title=attr-video-poster><a href=#attr-video-poster>poster</a></code>;
<code title=attr-media-preload><a href=#attr-media-preload>preload</a></code>;
<code title=attr-media-autoplay><a href=#attr-media-autoplay>autoplay</a></code>;
@@ -93192,12 +93193,12 @@
<td> <code title=attr-area-coords><a href=#attr-area-coords>area</a></code>
<td> Coordinates for the shape to be created in an <a href=#image-map>image map</a>
<td> <a href=#valid-list-of-integers>Valid list of integers</a>*
- <tr><th> <code title="">cross-origin</code>
- <td> <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>audio</a></code>;
- <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>img</a></code>;
- <code title=attr-media-cross-origin><a href=#attr-media-cross-origin>video</a></code>
- <td> How the element handles cross-origin requests.
- <td> "<code title=attr-cross-origin-anonymous-keyword><a href=#attr-cross-origin-anonymous-keyword>anonymous</a></code>"; "<code title=attr-cross-origin-use-credentials-keyword><a href=#attr-cross-origin-use-credentials-keyword>use-credentials</a></code>"
+ <tr><th> <code title="">crossorigin</code>
+ <td> <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>audio</a></code>;
+ <code title=attr-img-crossorigin><a href=#attr-img-crossorigin>img</a></code>;
+ <code title=attr-media-crossorigin><a href=#attr-media-crossorigin>video</a></code>
+ <td> How the element handles crossorigin requests.
+ <td> "<code title=attr-crossorigin-anonymous-keyword><a href=#attr-crossorigin-anonymous-keyword>anonymous</a></code>"; "<code title=attr-crossorigin-use-credentials-keyword><a href=#attr-crossorigin-use-credentials-keyword>use-credentials</a></code>"
<tr><th> <code title="">data</code>
<td> <code title=attr-object-data><a href=#attr-object-data>object</a></code>
<td> Address of the resource
Modified: source
===================================================================
--- source 2011-05-23 21:24:43 UTC (rev 6146)
+++ source 2011-05-23 21:29:13 UTC (rev 6147)
@@ -7070,21 +7070,21 @@
<th> Brief description
<tbody>
<tr>
- <td><dfn title="attr-cross-origin-anonymous-keyword"><code>anonymous</code></dfn>
- <td><dfn title="attr-cross-origin-anonymous">Anonymous</dfn>
+ <td><dfn title="attr-crossorigin-anonymous-keyword"><code>anonymous</code></dfn>
+ <td><dfn title="attr-crossorigin-anonymous">Anonymous</dfn>
<td>Cross-origin CORS requests for the element will not have the <i>credentials flag</i> set.
<tr>
- <td><dfn title="attr-cross-origin-use-credentials-keyword"><code>use-credentials</code></dfn>
- <td><dfn title="attr-cross-origin-use-credentials">Use Credentials</dfn>
+ <td><dfn title="attr-crossorigin-use-credentials-keyword"><code>use-credentials</code></dfn>
+ <td><dfn title="attr-crossorigin-use-credentials">Use Credentials</dfn>
<td>Cross-origin CORS requests for the element will have the <i>credentials flag</i> set.
</table>
<p>The empty string is also a valid keyword, and maps to the <span
- title="attr-cross-origin-anonymous">Anonymous</span> state. The
+ title="attr-crossorigin-anonymous">Anonymous</span> state. The
attribute's <i>invalid value default</i> is the <span
- title="attr-cross-origin-anonymous">Anonymous</span> state. The
+ title="attr-crossorigin-anonymous">Anonymous</span> state. The
<i>missing value default</i>, used when the attribute is omitted, is
- the <dfn title="attr-cross-origin-none">No CORS</dfn> state.</p>
+ the <dfn title="attr-crossorigin-none">No CORS</dfn> state.</p>
<h4>CORS-enabled fetch</h4>
@@ -7092,15 +7092,15 @@
<p>When the user agent is required to perform a <dfn>potentially
CORS-enabled fetch</dfn> of an <span>absolute URL</span> <var
title="">URL</var>, with a mode <var title="">mode</var> that is
- either "<span title="attr-cross-origin-none">No CORS</span>", "<span
- title="attr-cross-origin-anonymous">Anonymous</span>", or "<span
- title="attr-cross-origin-use-credentials">Use Credentials</span>",
+ either "<span title="attr-crossorigin-none">No CORS</span>", "<span
+ title="attr-crossorigin-anonymous">Anonymous</span>", or "<span
+ title="attr-crossorigin-use-credentials">Use Credentials</span>",
an <span>origin</span> <var title="">origin</var>, and a default
origin behaviour <var title="">default</var> which is either
"<i>taint</i>" or "<i>fail</i>", it must run the first applicable
set of steps from the following list. The default origin behaviour
is only used if <var title="">mode</var> is "<span
- title="attr-cross-origin-none">No CORS</span>". This algorithm wraps
+ title="attr-crossorigin-none">No CORS</span>". This algorithm wraps
the <span>fetch</span> algorithm above, and labels the obtained
resource as either <dfn>CORS-same-origin</dfn> or
<dfn>CORS-cross-origin</dfn>, or blocks the resource entirely.</p>
@@ -7108,7 +7108,7 @@
<dl class="switch">
<dt>If <var title="">mode</var> is "<span
- title="attr-cross-origin-none">No CORS</span>"</dt>
+ title="attr-crossorigin-none">No CORS</span>"</dt>
<dd>
@@ -7214,8 +7214,8 @@
<dt>If <var title="">mode</var> is "<span
- title="attr-cross-origin-anonymous">Anonymous</span>" or "<span
- title="attr-cross-origin-use-credentials">Use
+ title="attr-crossorigin-anonymous">Anonymous</span>" or "<span
+ title="attr-crossorigin-use-credentials">Use
Credentials</span>"</dt>
<dd>
@@ -7228,7 +7228,7 @@
<i>request URL</i> set to <var title="">URL</var>, the
<i>source origin</i> set to <var title="">origin</var>, and the
<i>credentials flag</i> set to true if <var title="">mode</var>
- is "<span title="attr-cross-origin-use-credentials">Use
+ is "<span title="attr-crossorigin-use-credentials">Use
Credentials</span>" and set to false otherwise. <a
href="#refsCORS">[CORS]</a></p></li>
@@ -23895,7 +23895,7 @@
<dd><span>Global attributes</span></dd>
<dd><code title="attr-img-alt">alt</code></dd>
<dd><code title="attr-img-src">src</code></dd>
- <dd><code title="attr-img-cross-origin">cross-origin</code></dd>
+ <dd><code title="attr-img-crossorigin">crossorigin</code></dd>
<dd><code title="attr-hyperlink-usemap">usemap</code></dd>
<dd><code title="attr-img-ismap">ismap</code></dd>
<dd><code title="attr-dim-width">width</code></dd>
@@ -23933,7 +23933,7 @@
Slight hitch: their images are at a different origin, and we
don't want to allow arbitrary cross-origin inspection (privacy
- leak risk).
+ leak risk). So it will require them to do CORS opt-in.
* See note at rel=noreferrer.
@@ -23975,7 +23975,7 @@
add anything useful to the document.</p>
<p>The <dfn
- title="attr-img-cross-origin"><code>cross-origin</code></dfn>
+ title="attr-img-crossorigin"><code>crossorigin</code></dfn>
attribute is a <span>CORS settings attribute</span>.</p>
<div class="impl">
@@ -24071,7 +24071,7 @@
<p>Otherwise, do a <span>potentially CORS-enabled fetch</span> of
the resulting <span>absolute URL</span>, with the <i>mode</i>
being the state of the element's <code
- title="attr-img-cross-origin">cross-origin</code> content
+ title="attr-img-crossorigin">crossorigin</code> content
attribute, the <i>origin</i> being the <span>origin</span> of the
<code>img</code> element's <code>Document</code>, and the
<i>default origin behaviour</i> set to <i>taint</i>.</p>
@@ -24095,8 +24095,9 @@
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<span title="origin">cross-origin</span> access control policies
- that mitigate this attack, but unfortunately such policies are
- typically not compatible with existing Web content.</p>
+ that are stricter than those described above to mitigate this
+ attack, but unfortunately such policies are typically not
+ compatible with existing Web content.</p>
</li>
@@ -24369,7 +24370,7 @@
<p>The <dfn
title="dom-img-crossOrigin"><code>crossOrigin</code></dfn> IDL
attribute must <span>reflect</span> the <code
- title="attr-img-cross-origin">cross-origin</code> content
+ title="attr-img-crossorigin">crossorigin</code> content
attribute.</p>
<p>The <dfn title="dom-img-useMap"><code>useMap</code></dfn> IDL
@@ -27735,7 +27736,7 @@
<dt>Content attributes:</dt>
<dd><span>Global attributes</span></dd>
<dd><code title="attr-media-src">src</code></dd>
- <dd><code title="attr-media-cross-origin">cross-origin</code></dd>
+ <dd><code title="attr-media-crossorigin">crossorigin</code></dd>
<dd><code title="attr-video-poster">poster</code></dd>
<dd><code title="attr-media-preload">preload</code></dd>
<dd><code title="attr-media-autoplay">autoplay</code></dd>
@@ -28110,7 +28111,7 @@
<dt>Content attributes:</dt>
<dd><span>Global attributes</span></dd>
<dd><code title="attr-media-src">src</code></dd>
- <dd><code title="attr-media-cross-origin">cross-origin</code></dd>
+ <dd><code title="attr-media-crossorigin">crossorigin</code></dd>
<dd><code title="attr-media-preload">preload</code></dd>
<dd><code title="attr-media-autoplay">autoplay</code></dd>
<dd><code title="attr-media-mediagroup">mediagroup</code></dd>
@@ -28741,7 +28742,7 @@
<p>The <dfn>media element attributes</dfn>, <code
title="attr-media-src">src</code>, <code
- title="attr-media-cross-origin">cross-origin</code>, <code
+ title="attr-media-crossorigin">crossorigin</code>, <code
title="attr-media-preload">preload</code>, <code
title="attr-media-autoplay">autoplay</code>,
<code title="attr-media-mediagroup">mediagroup</code>,
@@ -28919,7 +28920,7 @@
URL potentially surrounded by spaces</span>.</p>
<p>The <dfn
- title="attr-media-cross-origin"><code>cross-origin</code></dfn>
+ title="attr-media-crossorigin"><code>crossorigin</code></dfn>
content attribute on <span title="media element">media
elements</span> is a <span>CORS settings attribute</span>.</p>
@@ -28939,7 +28940,7 @@
<p>The <dfn
title="dom-media-crossOrigin"><code>crossOrigin</code></dfn> IDL
attribute must <span>reflect</span> the <code
- title="attr-media-cross-origin">cross-origin</code> content
+ title="attr-media-crossorigin">crossorigin</code> content
attribute.</p>
</div>
@@ -29671,7 +29672,7 @@
<var title="">current media resource</var>'s <span>absolute
URL</span>, with the <i>mode</i> being the state of the
<span>media element</span>'s <code
- title="attr-media-cross-origin">cross-origin</code> content
+ title="attr-media-crossorigin">crossorigin</code> content
attribute, the <i>origin</i> being the <span>origin</span> of the
<span>media element</span>'s <code>Document</code>, and the
<i>default origin behaviour</i> set to <i>taint</i>.</p>
@@ -33778,7 +33779,7 @@
<span>potentially CORS-enabled fetch</span> of <var
title="">URL</var>, with the <i>mode</i> being the state of the
<span>media element</span>'s <code
- title="attr-media-cross-origin">cross-origin</code> content
+ title="attr-media-crossorigin">crossorigin</code> content
attribute, the <i>origin</i> being the <span>origin</span> of the
<span>media element</span>'s <code>Document</code>, and the
<i>default origin behaviour</i> set to <i>fail</i>.</p>
@@ -37481,7 +37482,7 @@
content such as subtitles or chapter titles. Such information is
therefore only exposed if the video resource passes a CORS
<span>resource sharing check</span>. The <code
- title="attr-media-cross-origin">cross-origin</code> attribute allows
+ title="attr-media-crossorigin">crossorigin</code> attribute allows
authors to control how this check is performed. <a
href="#refsCORS">[CORS]</a></p>
@@ -108806,7 +108807,7 @@
<span>transparent</span>*</td>
<td><span title="global attributes">globals</span>;
<code title="attr-media-src">src</code>;
- <code title="attr-media-cross-origin">cross-origin</code>;
+ <code title="attr-media-crossorigin">crossorigin</code>;
<code title="attr-media-preload">preload</code>;
<code title="attr-media-autoplay">autoplay</code>;
<code title="attr-media-mediagroup">mediagroup</code>;
@@ -109328,7 +109329,7 @@
<td><span title="global attributes">globals</span>;
<code title="attr-img-alt">alt</code>;
<code title="attr-img-src">src</code>;
- <code title="attr-img-cross-origin">cross-origin</code>;
+ <code title="attr-img-crossorigin">crossorigin</code>;
<code title="attr-hyperlink-usemap">usemap</code>;
<code title="attr-img-ismap">ismap</code>;
<code title="attr-dim-width">width</code>;
@@ -110133,7 +110134,7 @@
<span>transparent</span>*</td>
<td><span title="global attributes">globals</span>;
<code title="attr-media-src">src</code>;
- <code title="attr-media-cross-origin">cross-origin</code>;
+ <code title="attr-media-crossorigin">crossorigin</code>;
<code title="attr-video-poster">poster</code>;
<code title="attr-media-preload">preload</code>;
<code title="attr-media-autoplay">autoplay</code>;
@@ -110664,12 +110665,12 @@
<td> Coordinates for the shape to be created in an <span>image map</span>
<td> <span>Valid list of integers</span>*
<tr>
- <th> <code title="">cross-origin</code>
- <td> <code title="attr-media-cross-origin">audio</code>;
- <code title="attr-img-cross-origin">img</code>;
- <code title="attr-media-cross-origin">video</code>
- <td> How the element handles cross-origin requests.
- <td> "<code title="attr-cross-origin-anonymous-keyword">anonymous</code>"; "<code title="attr-cross-origin-use-credentials-keyword">use-credentials</code>"
+ <th> <code title="">crossorigin</code>
+ <td> <code title="attr-media-crossorigin">audio</code>;
+ <code title="attr-img-crossorigin">img</code>;
+ <code title="attr-media-crossorigin">video</code>
+ <td> How the element handles crossorigin requests.
+ <td> "<code title="attr-crossorigin-anonymous-keyword">anonymous</code>"; "<code title="attr-crossorigin-use-credentials-keyword">use-credentials</code>"
<tr>
<th> <code title="">data</code>
<td> <code title="attr-object-data">object</code>
More information about the Commit-Watchers
mailing list