[html5] r8284 - [giow] (2) Move javascript: processing entirely into HTML, and fix its definitio [...]

whatwg at whatwg.org whatwg at whatwg.org
Fri Nov 15 07:56:17 PST 2013


Author: ianh
Date: 2013-11-15 07:56:16 -0800 (Fri, 15 Nov 2013)
New Revision: 8284

Modified:
   complete.html
   index
   source
Log:
[giow] (2) Move javascript: processing entirely into HTML, and fix its definitions to match reality better at the same time.
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=13720
Affected topics: DOM APIs, HTML, Security, Workers

Modified: complete.html
===================================================================
--- complete.html	2013-11-14 22:19:58 UTC (rev 8283)
+++ complete.html	2013-11-15 15:56:16 UTC (rev 8284)
@@ -298,7 +298,7 @@
 
   <header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard — Last Updated 14 November 2013</h2>
+    <h2 class="no-num no-toc">Living Standard — Last Updated 15 November 2013</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -1022,15 +1022,14 @@
        <li><a href=#definitions-1><span class=secno>7.1.4.1 </span>Definitions</a></li>
        <li><a href=#processing-model-4><span class=secno>7.1.4.2 </span>Processing model</a></li>
        <li><a href=#generic-task-sources><span class=secno>7.1.4.3 </span>Generic task sources</a></ol></li>
-     <li><a href=#javascript-protocol><span class=secno>7.1.5 </span>The <code title="">javascript:</code> URL scheme</a></li>
-     <li><a href=#events><span class=secno>7.1.6 </span>Events</a>
+     <li><a href=#events><span class=secno>7.1.5 </span>Events</a>
       <ol>
-       <li><a href=#event-handler-attributes><span class=secno>7.1.6.1 </span>Event handlers</a></li>
-       <li><a href=#event-handlers-on-elements,-document-objects,-and-window-objects><span class=secno>7.1.6.2 </span>Event handlers on elements, <code>Document</code> objects, and <code>Window</code> objects</a>
+       <li><a href=#event-handler-attributes><span class=secno>7.1.5.1 </span>Event handlers</a></li>
+       <li><a href=#event-handlers-on-elements,-document-objects,-and-window-objects><span class=secno>7.1.5.2 </span>Event handlers on elements, <code>Document</code> objects, and <code>Window</code> objects</a>
         <ol>
-         <li><a href=#idl-definitions><span class=secno>7.1.6.2.1 </span>IDL definitions</a></ol></li>
-       <li><a href=#event-firing><span class=secno>7.1.6.3 </span>Event firing</a></li>
-       <li><a href=#events-and-the-window-object><span class=secno>7.1.6.4 </span>Events and the <code>Window</code> object</a></ol></ol></li>
+         <li><a href=#idl-definitions><span class=secno>7.1.5.2.1 </span>IDL definitions</a></ol></li>
+       <li><a href=#event-firing><span class=secno>7.1.5.3 </span>Event firing</a></li>
+       <li><a href=#events-and-the-window-object><span class=secno>7.1.5.4 </span>Events and the <code>Window</code> object</a></ol></ol></li>
    <li><a href=#atob><span class=secno>7.2 </span>Base64 utility methods</a></li>
    <li><a href=#dynamic-markup-insertion><span class=secno>7.3 </span>Dynamic markup insertion</a>
     <ol>
@@ -3540,7 +3539,7 @@
      <li>The <dfn id=url-parser>URL parser</dfn>
      <li><dfn id=parsed-url>Parsed URL</dfn>
      <li>The <dfn id=concept-url-scheme title=concept-url-scheme>scheme</dfn> component of a <a href=#parsed-url>parsed URL</a>
-     <li>The <dfn id=concept-url-scheme-data title="concept-url-scheme data">scheme data</dfn> component of a <a href=#parsed-url>parsed URL</a>
+     <li>The <dfn id=concept-url-scheme-data title=concept-url-scheme-data>scheme data</dfn> component of a <a href=#parsed-url>parsed URL</a>
      <li>The <dfn id=concept-url-username title=concept-url-username>username</dfn> component of a <a href=#parsed-url>parsed URL</a>
      <li>The <dfn id=concept-url-password title=concept-url-password>password</dfn> component of a <a href=#parsed-url>parsed URL</a>
      <li>The <dfn id=concept-url-host title=concept-url-host>host</dfn> component of a <a href=#parsed-url>parsed URL</a>
@@ -6897,8 +6896,7 @@
    <li>
 
     <p>If <var title="">referrer</var> is not the empty string, is not a <a href=#data-protocol title="data
-    protocol"><code title="">data:</code> URL</a>, is not a <a href=#javascript-protocol title="javascript
-    protocol"><code title="">javascript:</code> URL</a>, and is not the <a href=#url>URL</a>
+    protocol"><code title="">data:</code> URL</a>, and is not the <a href=#url>URL</a>
     "<code><a href=#about:blank>about:blank</a></code>", then generate the <i>address of the resource from which Request-URIs
     are obtained</i> as required by HTTP for the <code title=http-referer>Referer</code> (sic)
     header from <var title="">referrer</var>. <a href=#refsHTTP>[HTTP]</a></p>
@@ -6944,9 +6942,10 @@
     <dfn id=about:blank><code>about:blank</code></dfn>, then the resource is immediately available and consists of
     the empty string, with no metadata.</p>
 
+<!--CLEANUP-->
     <p>Otherwise, at a time convenient to the user and the user agent, download (or otherwise
     obtain) the resource, applying the semantics of the relevant specifications (e.g. performing an
-    HTTP GET or POST operation, or reading the file from disk, <a href=#concept-js-deref title=concept-js-deref>dereferencing <span title="javascript protocol"><code title="">javascript:</code> URLs</span></a>, etc).</p>
+    HTTP GET or POST operation, or reading the file from disk, or expanding <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a>, etc).</p>
 
     <p>For the purposes of the <code title=http-referer>Referer</code> (sic) header, use the
     <i>address of the resource from which Request-URIs are obtained</i> generated in the earlier
@@ -7202,7 +7201,6 @@
 
   <dl class=switch><dt>If the <var title="">URL</var> has the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
    <dt>If the <var title="">URL</var> is a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a></dt>
-   <dt>If the <var title="">URL</var> is a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a></dt>
    <dt>If the <var title="">URL</var> is <code><a href=#about:blank>about:blank</a></code></dt>
 
    <dd>
@@ -7228,7 +7226,7 @@
         <p>Set <var title="">URL</var> to the target URL of the redirect and return to the top of
         the <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> algorithm (this time, one of the other
         branches below might be taken, based on the value of <var title="">mode</var><!-- but if
-        it's a data: or javascript: URL, we'll stay here -->).</p>
+        it's a data: URL, we'll stay here -->).</p>
 
        </dd>
 
@@ -51601,12 +51599,6 @@
       <p>The resource obtained in this fashion can be either <a href=#cors-same-origin>CORS-same-origin</a> or
       <a href=#cors-cross-origin>CORS-cross-origin</a>. This only affects how error reporting happens.</p>
 
-      <p>For historical reasons, if the <a href=#url>URL</a> is a <a href=#javascript-protocol title="javascript
-      protocol"><code title="">javascript:</code> URL</a>, then the user agent must not, despite
-      the requirements in the definition of the <a href=#fetch title=fetch>fetching</a> algorithm,
-      actually execute the script in the URL; instead the user agent must act as if it had received
-      an empty HTTP 400 response.</p>
-
       <p>For performance reasons, user agents may start fetching the script (as defined above) as
       soon as the <code title=attr-script-src><a href=#attr-script-src>src</a></code> attribute is set, instead, in the hope
       that the element will be inserted into the document (and that the <code title=attr-script-crossorigin><a href=#attr-script-crossorigin>crossorigin</a></code> attribute won't change value in the
@@ -64958,21 +64950,6 @@
      </dd>
 
 
-     <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#javascript-protocol title="javascript
-     protocol"><code>javascript:</code> URL</a></dt>
-
-     <dd>
-
-      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
-      <a href=#origin>origin</a> of the script of that <a href=#javascript-protocol title="javascript
-      protocol"><code>javascript:</code> URL</a>.</p>
-
-      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#origin>origin</a> of the
-      <code><a href=#document>Document</a></code>.</p>
-
-     </dd>
-
-
      <dt>If a <code><a href=#document>Document</a></code> was served over the network and has an address that uses a URL
      scheme with a server-based naming authority</dt>
 
@@ -65002,8 +64979,7 @@
      </dd>
 
 
-     <dt>If a <code><a href=#document>Document</a></code> has the <a href="#the-document's-address" title="the document's address">address</a>
-     "<code><a href=#about:blank>about:blank</a></code>"</dt>
+     <dt>If a <code><a href=#document>Document</a></code> is the initial "<code><a href=#about:blank>about:blank</a></code>" document</dt>
 
      <dd>
 
@@ -65014,6 +64990,20 @@
      </dd>
 
 
+     <dt>If a <code><a href=#document>Document</a></code> was created as part of the processing for <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code> URLs</a></dt>
+
+     <dd>
+
+      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <a href=#active-document>active document</a> of the <a href=#browsing-context>browsing context</a>
+      being navigated when the <a href=#navigate>navigate</a> algorithm was invoked.</p>
+
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#effective-script-origin>effective script origin</a> of that
+      same <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> is <a href=#an-iframe-srcdoc-document>an <code>iframe</code> <code title=attr-iframe-srcdoc>srcdoc</code> document</a></dt>
 
      <dd>
@@ -66591,50 +66581,164 @@
 
    <li>
 
-    <p>If the resource has already been obtained (e.g. because it is being used to populate an
-    <code><a href=#the-object-element>object</a></code> element's new <a href=#child-browsing-context>child browsing context</a>), then skip this step.</p>
+    <p>This is the step that attempts to obtain the resource, if necessary. Jump to the first
+    appropriate substep:</p>
 
-    <p>Otherwise:</p>
+    <dl><dt>If the resource has already been obtained (e.g. because it is being used to populate an
+     <code><a href=#the-object-element>object</a></code> element's new <a href=#child-browsing-context>child browsing context</a>)</dt>
 
-    <p>If the new resource is to be fetched using HTTP GET <a href=#concept-http-equivalent-get title=concept-http-equivalent-get>or equivalent</a>, and there are <a href=#relevant-application-cache title="relevant
-    application cache">relevant application caches</a> that are identified by a URL with the
-    <a href=#same-origin>same origin</a> as the URL in question, and that have this URL as one of their entries,
-    excluding entries marked as <a href=#concept-appcache-foreign title=concept-appcache-foreign>foreign</a>, and whose
-    <a href=#concept-appcache-mode title=concept-appcache-mode>mode</a> is <a href=#concept-appcache-mode-fast title=concept-appcache-mode-fast>fast</a>, and the user agent is not in a mode where it
-    will avoid using <a href=#application-cache title="application cache">application caches</a> then
-    <a href=#fetch>fetch</a> the resource from the <a href=#concept-appcache-selection title=concept-appcache-selection>most
-    appropriate application cache</a> of those that match.</p>
+     <dd><p>Skip this step. The data is already available.</dd>
 
-    <p class=example>For example, imagine an HTML page with an associated application cache
-    displaying an image and a form, where the image is also used by several other application
-    caches. If the user right-clicks on the image and chooses "View Image", then the user agent
-    could decide to show the image from any of those caches, but it is likely that the most useful
-    cache for the user would be the one that was used for the aforementioned HTML page. On the other
-    hand, if the user submits the form, and the form does a POST submission, then the user agent
-    will not use an application cache at all; the submission will be made to the network.</p>
+     <dt>If the new resource is a <a href=#url>URL</a> whose <a href=#concept-url-scheme title=concept-url-scheme>scheme</a> is <code title="javascript
+     protocol"><a href=#javascript-protocol>javascript</a></code></dt>
 
-    <p>Otherwise, <a href=#fetch>fetch</a><!--FETCH--> the new resource, with the <i>manual redirect
-    flag</i> set.</p>
+     <dd>
 
+      <!-- http://www.hixie.ch/tests/adhoc/html/navigation/javascript-url/ -->
+
+      <p><a href=#queue-a-task>Queue a task</a> to run <dfn id=javascript-protocol title="javascript protocol">these "<code title="">javascript:</code> URL" steps</dfn>:</p>
+
+      <ol id=concept-js-deref><li><p>If the <a href=#origin>origin</a> of the <a href=#source-browsing-context>source browsing context</a> is not the
+       <a href=#same-origin>same origin</a> as the <a href=#origin>origin</a> of the <a href=#active-document>active document</a> of
+       the <a href=#browsing-context>browsing context</a> being navigated, then act as if the result of evaluating
+       the script was the void value, and jump to the step labeled <i>process results</i>
+       below.</li>
+
+       <li><p>Apply the <a href=#url-parser>URL parser</a> to the <a href=#url>URL</a> being navigated.</li>
+
+       <li><p>Let <var title="">parsed URL</var> be the result of the <a href=#url-parser>URL
+       parser</a>.</li>
+
+       <li><p>Let <var title="">script source</var> be the empty string.</li>
+
+       <li><p>Append <var title="">parsed URL</var>'s <a href=#concept-url-scheme-data title=concept-url-scheme-data>scheme
+       data</a> component to <var title="">script source</var>.</li>
+
+       <li><p>If <var title="">parsed URL</var>'s <a href=#concept-url-query title=concept-url-query>query</a>
+       component is not null, then first append a U+003F QUESTION MARK character (?) to <var title="">script source</var>, and then append <var title="">parsed URL</var>'s <a href=#concept-url-query title=concept-url-query>query</a> component to <var title="">script
+       source</var>.</li>
+
+       <li><p>If <var title="">parsed URL</var>'s <a href=#concept-url-fragment title=concept-url-fragment>fragment</a> component is not null, then first append a
+       U+003F QUESTION MARK character (?) to <var title="">script source</var>, and then append
+       <var title="">parsed URL</var>'s <a href=#concept-url-fragment title=concept-url-fragment>fragment</a>
+       component to <var title="">script source</var>.</li>
+
+       <li><p>Replace <var title="">script source</var> with the result of applying the
+       <a href=#percent-decode>percent decode</a> algorithm to <var title="">script source</var>.</li>
+
+       <li><p>Replace <var title="">script source</var> with the result of applying the <a href=#utf-8-decode>UTF-8
+       decode</a> algorithm to <var title="">script source</var>.</li>
+
+       <!-- <body onload="&#xFFFE;w('test')"> and javascript:%EF%BB%BF'test' both work, so we assume
+            that JavaScript is stripping the BOM, and we don't have to -->
+
+       <!--
+         http://software.hixie.ch/utilities/js/live-dom-viewer/saved/2639 -> about:blank
+         http://software.hixie.ch/utilities/js/live-dom-viewer/saved/2640 -> javascript:'test' in Firefox, about:blank otherwise
+       -->
+       <li><p>Let <var title="">address</var> be the <a href="#the-document's-address" title="the document's
+       address">address</a> of the <a href=#active-document>active document</a> of the <a href=#browsing-context>browsing
+       context</a> being navigated.</li>
+
+       <li>
+
+        <p><a href=#create-a-script>Create a script</a>, using <var title="">script source</var> as the script
+        source, <var title="">address</var> as the script source URL, JavaScript as the scripting
+        language, and the <a href=#script-settings-object>script settings object</a> of the <code><a href=#window>Window</a></code> object of
+        the <a href=#active-document>active document</a> of the <a href=#browsing-context>browsing context</a> being navigated.</p>
+
+        <p>Let <var title="">result</var> be the return value of the <a href=#code-entry-point>code entry-point</a>
+        of this <a href=#concept-script title=concept-script>script</a>. If an exception was thrown, let <var title="">result</var> be void instead. (The result will be void also if <a href=#concept-bc-noscript title=concept-bc-noscript>scripting is disabled</a>.)</p>
+
+       </li>
+
+       <li>
+
+        <p><i>Process results</i>: If the result of executing the script is void (there is no return
+        value), then the result of obtaining the resource for the URL is <a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>equivalent to</a> an HTTP resource with an HTTP
+        204 No Content response.</p>
+
+        <p>Otherwise, the result of obtaining the resource for the URL is <a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>equivalent</a> to an HTTP resource with a 200 OK
+        response whose <a href=#content-type title=Content-Type>Content-Type metadata</a> is
+        <code><a href=#text/html>text/html</a></code> and whose response body is the return value converted to a string
+        value.</p>
+
+        <p>When it comes time to <a href="#set-the-document's-address">set the document's address</a> in the <a href=#navigate title=navigate>navigation algorithm</a>, use <var title="">address</var> as the
+        <a href=#override-url>override URL</a>.</p>
+
+       </li>
+
+      </ol><div class=example>
+
+       <p>So for example a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code>
+       URL</a> in an <code title=attr-hyperlink-href><a href=#attr-hyperlink-href>href</a></code> attribute of an
+       <code><a href=#the-a-element>a</a></code> element would only be evaluated when the link was <a href=#following-hyperlinks title="following
+       hyperlinks">followed</a>, while such a URL in the <code title=attr-iframe-src><a href=#attr-iframe-src>src</a></code> attribute of an <code><a href=#the-iframe-element>iframe</a></code> element would be
+       evaluated in the context of the <code><a href=#the-iframe-element>iframe</a></code>'s own <a href=#nested-browsing-context>nested browsing
+       context</a> when the <code><a href=#the-iframe-element>iframe</a></code> is being set up; once evaluated, its return value
+       (if it was not void) would replace that <a href=#browsing-context>browsing context</a>'s document, thus also
+       changing the <code><a href=#window>Window</a></code> object of that <a href=#browsing-context>browsing context</a>.</p>
+
+      </div>
+
+     </dd>
+
+     <dt>If the new resource is to be fetched using HTTP GET <a href=#concept-http-equivalent-get title=concept-http-equivalent-get>or equivalent</a>, and there are <a href=#relevant-application-cache title="relevant
+     application cache">relevant application caches</a> that are identified by a URL with the
+     <a href=#same-origin>same origin</a> as the URL in question, and that have this URL as one of their
+     entries, excluding entries marked as <a href=#concept-appcache-foreign title=concept-appcache-foreign>foreign</a>,
+     and whose <a href=#concept-appcache-mode title=concept-appcache-mode>mode</a> is <a href=#concept-appcache-mode-fast title=concept-appcache-mode-fast>fast</a>, and the user agent is not in a mode where it
+     will avoid using <a href=#application-cache title="application cache">application caches</a></dt>
+
+     <dd>
+
+      <p><a href=#fetch>Fetch</a> the resource from the <a href=#concept-appcache-selection title=concept-appcache-selection>most
+      appropriate application cache</a> of those that match.</p>
+
+      <p class=example>For example, imagine an HTML page with an associated application cache
+      displaying an image and a form, where the image is also used by several other application
+      caches. If the user right-clicks on the image and chooses "View Image", then the user agent
+      could decide to show the image from any of those caches, but it is likely that the most useful
+      cache for the user would be the one that was used for the aforementioned HTML page. On the
+      other hand, if the user submits the form, and the form does a POST submission, then the user
+      agent will not use an application cache at all; the submission will be made to the
+      network.</p>
+
+     </dd>
+
+     <dt>Otherwise</dt>
+
+     <dd>
+
+      <p><a href=#fetch>Fetch</a><!--FETCH--> the new resource, with the <i>manual redirect flag</i>
+      set.</p>
+
+     </dd>
+
+    </dl><p>If the <a href=#browsing-context>browsing context</a> is a <a href=#nested-browsing-context>nested browsing context</a>, then in the
+    time between this step and either the creation of a <code><a href=#document>Document</a></code> object or the <!-- XXX
+    bug 23633 --> <span>canceling</span> of the <a href=#navigate title=navigate>navigation</a>
+    algorithm<!-- /XXX bug 23633 -->, whichever happens first, the <a href=#browsing-context>browsing context</a>
+    must be put in the <a href=#delaying-load-events-mode>delaying <code title=event-load>load</code> events mode</a>.</p>
+    <!-- this is what makes <iframe> elements delay the load event of their parent browsing context
+    when their child browsing context is in between this step and the step that starts the parser.
+    -->
+
+    <p>If the steps above invoked the <a href=#fetch>fetch</a> algorith, the following requirements also
+    apply:</p>
+
     <p>If the resource is being fetched using a method other than one <a href=#concept-http-equivalent-get title=concept-http-equivalent-get>equivalent to</a> HTTP's GET<!-- or HEAD (but that can't
     happen) -->, or, if the <a href=#navigate title=navigate>navigation algorithm</a> was invoked as a
-    result of the <a href=#concept-form-submit title=concept-form-submit>form submission algorithm</a>, then the <a href=#fetch title=fetch>fetching algorithm</a> must be invoked from the <a href=#origin>origin</a> of the
-    <a href=#active-document>active document</a> of the <a href=#source-browsing-context>source browsing context</a>, if any.</p> <!--
+    result of the <a href=#concept-form-submit title=concept-form-submit>form submission algorithm</a>, then the
+    <a href=#fetch title=fetch>fetching algorithm</a> must be invoked from the <a href=#origin>origin</a> of
+    the <a href=#active-document>active document</a> of the <a href=#source-browsing-context>source browsing context</a>, if any.</p> <!--
     potentially http-origin privacy sensitive -->
 
-    <p>If the <a href=#browsing-context>browsing context</a> being navigated is a <a href=#child-browsing-context>child browsing context</a>
-    for an <code><a href=#the-iframe-element>iframe</a></code> or <code><a href=#the-object-element>object</a></code> element, then the <a href=#fetch title=fetch>fetching
-    algorithm</a> must be invoked from the <code><a href=#the-iframe-element>iframe</a></code> or <code><a href=#the-object-element>object</a></code> element's
-    <a href=#browsing-context-scope-origin>browsing context scope origin</a>, if it has one.</p> <!-- potentially http-origin
-    privacy sensitive -->
+    <p>Otherwise, if the <a href=#browsing-context>browsing context</a> being navigated is a <a href=#child-browsing-context>child browsing
+    context</a> for an <code><a href=#the-iframe-element>iframe</a></code> or <code><a href=#the-object-element>object</a></code> element, then the <a href=#fetch title=fetch>fetching algorithm</a> must be invoked from the <code><a href=#the-iframe-element>iframe</a></code> or
+    <code><a href=#the-object-element>object</a></code> element's <a href=#browsing-context-scope-origin>browsing context scope origin</a>, if it has one.</p>
+    <!-- potentially http-origin privacy sensitive -->    
 
-    <p>If the <a href=#browsing-context>browsing context</a> is a <a href=#nested-browsing-context>nested browsing context</a>, then in the
-    time between the <a href=#fetch>fetch</a> algorithm being started by this step, and either the
-    creation of a <code><a href=#document>Document</a></code> object or the canceling of the <a href=#fetch>fetch</a> or <a href=#navigate title=navigate>navigation</a> algorithms, the <a href=#browsing-context>browsing context</a> must be put in
-    the <a href=#delaying-load-events-mode>delaying <code title=event-load>load</code> events mode</a>.</p> <!-- this is
-    what makes <iframe> elements delay the load event of their parent browsing context when their
-    child browsing context is in between this step and the step that starts the parser. -->
-
    </li>
 
    <li>
@@ -66839,8 +66943,8 @@
     its <a href="#the-document's-address" title="the document's address">address</a> set to that <a href=#url>URL</a>
     instead.</p>
 
-    <p class=note>An <a href=#override-url title="override URL">override URL</a> is set when <a href=#concept-js-deref title=concept-js-deref>dereferencing a <code>javascript:</code> URL</a> and when performing
-    <a href=#an-overridden-reload>an overridden reload</a>.</p>
+    <p class=note>An <a href=#override-url title="override URL">override URL</a> is set when <a href=#javascript-protocol title="javascript protocol">dereferencing a <code>javascript:</code> URL</a> and when
+    performing <a href=#an-overridden-reload>an overridden reload</a>.</p>
 
     <p><dfn id=create-a-document-object title="create a Document object">Creating a new <code>Document</code> object</dfn>: when
     a <code><a href=#document>Document</a></code> is created as part of the above steps, the user agent must additionally
@@ -69890,8 +69994,7 @@
 
   <ul><li>Processing of <code><a href=#the-script-element>script</a></code> elements.</li>
 
-   <li>Processing of inline <code title="javascript protocol"><a href=#javascript-protocol>javascript:</a></code> URLs (e.g. the
-   <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute of <code><a href=#the-img-element>img</a></code> elements, or an <code title="">@import</code> rule in a CSS <code><a href=#the-style-element>style</a></code> element block).</li>
+   <li>Navigating to <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code> URLs</a>.</li>
 
    <li>Event handlers, whether registered through the DOM using <code title="">addEventListener()</code>, by explicit <a href=#event-handler-content-attributes>event handler content attributes</a>, by
    <a href=#event-handler-idl-attributes>event handler IDL attributes</a>, or otherwise.</li>
@@ -70823,106 +70926,12 @@
   </dl></div>
 
 
-  <div class=impl>
 
-  <!-- SCRIPT EXEC -->
-  <h4 id=javascript-protocol><span class=secno>7.1.5 </span><dfn title="javascript protocol">The <code title="">javascript:</code> URL scheme</dfn></h4>
 
-  <p>When a <a href=#url>URL</a> using the <code title="">javascript:</code> scheme is <dfn id=concept-js-deref title=concept-js-deref>dereferenced</dfn>, the user agent must run the following steps:</p>
+  <h4 id=events><span class=secno>7.1.5 </span>Events</h4>
 
-  <ol><li><p>Let the script source be the string obtained using the content retrieval operation defined
-   for <code title="">javascript:</code> URLs. <a href=#refsJSURL>[JSURL]</a></li>
+  <h5 id=event-handler-attributes><span class=secno>7.1.5.1 </span>Event handlers</h5>
 
-   <li>
-
-    <p>Use the appropriate step from the following list:</p>
-
-    <dl><dt>If a <a href=#browsing-context>browsing context</a> is being <a href=#navigate title=navigate>navigated</a> to a
-     <code>javascript:</code> URL, and the <a href=#source-browsing-context>source browsing context</a> for that navigation,
-     if any, has <a href=#concept-bc-noscript title=concept-bc-noscript>scripting disabled</a></dt>
-
-     <dd>
-
-      <p>Let <var title="">result</var> be void.</p>
-
-     </dd>
-
-     <dt>If a <a href=#browsing-context>browsing context</a> is being <a href=#navigate title=navigate>navigated</a> to a
-     <code>javascript:</code> URL, and the <a href=#active-document>active document</a> of that browsing context has
-     the <a href=#same-origin>same origin</a> as the script given by that URL</dt>
-
-     <dd>
-
-      <!-- http://www.hixie.ch/tests/adhoc/html/navigation/javascript-url/ -->
-
-      <p>Let <var title="">address</var> be the <a href="#the-document's-address" title="the document's address">address</a>
-      of the <a href=#active-document>active document</a> of the <a href=#browsing-context>browsing context</a> being navigated.</p>
-
-      <p>If <var title="">address</var> is <code><a href=#about:blank>about:blank</a></code>, and the <a href=#browsing-context>browsing
-      context</a> being navigated has a <a href=#creator-browsing-context>creator browsing context</a>, then let <var title="">address</var> be the <a href="#the-document's-address" title="the document's address">address</a> of the
-      <a href=#creator-document>creator <code>Document</code></a> instead.</p>
-
-      <p><a href=#create-a-script>Create a script</a>, using the aforementioned script source, the <a href=#url>URL</a>
-      of the resource where the <code>javascript:</code> URL, was found, JavaScript as the scripting
-      language, and the <a href=#script-settings-object>script settings object</a> of the <code><a href=#window>Window</a></code> object of the
-      <a href=#active-document>active document</a>.</p>
-
-      <p>Let <var title="">result</var> be the return value of the <a href=#code-entry-point>code entry-point</a>
-      of this <a href=#concept-script title=concept-script>script</a>. If an exception was thrown, let <var title="">result</var> be void instead. (The result will be void also if <a href=#concept-bc-noscript title=concept-bc-noscript>scripting is disabled</a>.)</p>
-
-      <p>When it comes time to <a href="#set-the-document's-address">set the document's address</a> in the <a href=#navigate title=navigate>navigation algorithm</a>, use <var title="">address</var> as the
-      <a href=#override-url>override URL</a>.</p>
-
-     </dd>
-
-     <dt>Otherwise</dt>
-
-     <dd>
-
-      <p>Let <var title="">result</var> be void.</p>
-
-     </dd>
-
-    </dl></li>
-
-   <li>
-
-    <p>If the result of executing the script is void (there is no return value), then the URL must
-    be treated in a manner equivalent to an HTTP resource with an HTTP 204 No Content response.</p>
-
-    <p>Otherwise, the URL must be treated in a manner equivalent to an HTTP resource with a 200 OK
-    response whose <a href=#content-type title=Content-Type>Content-Type metadata</a> is <code><a href=#text/html>text/html</a></code>
-    and whose response body is the return value converted to a string value.</p>
-
-    <p class=note>Certain contexts, in particular <code><a href=#the-img-element>img</a></code> elements, ignore the <a href=#content-type title=Content-Type>Content-Type metadata</a>.</p>
-
-   </li>
-
-  </ol><div class=example>
-
-   <p>So for example a <code title="">javascript:</code> URL for a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute of an <code><a href=#the-img-element>img</a></code> element would be evaluated in
-   the context of an empty object as soon as the attribute is set; it would then be sniffed to
-   determine the image type and decoded as an image.</p>
-
-   <p>A <code title="">javascript:</code> URL in an <code title=attr-hyperlink-href><a href=#attr-hyperlink-href>href</a></code>
-   attribute of an <code><a href=#the-a-element>a</a></code> element would only be evaluated when the link was <a href=#following-hyperlinks title="following hyperlinks">followed</a>.</p>
-
-   <p>The <code title=attr-iframe-src><a href=#attr-iframe-src>src</a></code> attribute of an <code><a href=#the-iframe-element>iframe</a></code> element would
-   be evaluated in the context of the <code><a href=#the-iframe-element>iframe</a></code>'s own <a href=#browsing-context>browsing context</a>; once
-   evaluated, its return value (if it was not void) would replace that <a href=#browsing-context>browsing
-   context</a>'s document, thus changing the variables visible in that <a href=#browsing-context>browsing
-   context</a>.</p>
-
-  </div>
-
-  </div>
-
-
-
-  <h4 id=events><span class=secno>7.1.6 </span>Events</h4>
-
-  <h5 id=event-handler-attributes><span class=secno>7.1.6.1 </span>Event handlers</h5>
-
   <!--test: <a href="http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C!DOCTYPE%20html%3E%0A...%3Cscript%3E%0Aw(a%3Ddocument.implementation.createDocument(null%2C%20null%2C%20null))%3B%0Aw(a.appendChild(a.createElementNS('http%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml'%2C%20'html')))%3B%0Aw(b%3Da.firstChild.appendChild(a.createElementNS('http%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml'%2C%20'body')))%3B%0Aw(b.test%20%3D%20w)%3B%0Aw(b.setAttribute('onclick'%2C%20'test(%22fire%3A%20%22%20%2B%20event)'))%3B%0Aw(b.onclick)%3B%0Aw(e%3Da.createEvent('Event'))%3B%0Aw(e.initEvent('click'%2C%20false%2C%20false))%3B%0Aw(b.dispatchEvent(e))%3B%0A%3C%2Fscript%3E">test</a>-->
 
   <p>Many objects can have <dfn id=event-handlers>event handlers</dfn> specified. These act as non-capture event
@@ -71304,7 +71313,7 @@
   <!-- onreadystatechange is also defined specially, using [LenientThis]; see IDL -->
 
 
-  <h5 id=event-handlers-on-elements,-document-objects,-and-window-objects><span class=secno>7.1.6.2 </span>Event handlers on elements, <code><a href=#document>Document</a></code> objects, and <code><a href=#window>Window</a></code> objects</h5>
+  <h5 id=event-handlers-on-elements,-document-objects,-and-window-objects><span class=secno>7.1.5.2 </span>Event handlers on elements, <code><a href=#document>Document</a></code> objects, and <code><a href=#window>Window</a></code> objects</h5>
 
   <p>The following are the <a href=#event-handlers>event handlers</a> (and their corresponding <a href=#event-handler-event-type title="event
   handler event type">event handler event types</a>) <span class=impl>that must be</span>
@@ -71428,7 +71437,7 @@
 
   <table><thead><tr><th><a href=#event-handlers title="event handlers">Event handler</a> <th><a href=#event-handler-event-type>Event handler event type</a>
    <tbody><tr><td><dfn id=handler-onreadystatechange title=handler-onreadystatechange><code>onreadystatechange</code></dfn> <td> <code title=event-readystatechange><a href=#event-readystatechange>readystatechange</a></code>
-  </table><h6 id=idl-definitions><span class=secno>7.1.6.2.1 </span>IDL definitions</h6>
+  </table><h6 id=idl-definitions><span class=secno>7.1.5.2.1 </span>IDL definitions</h6>
 
   <pre class=idl>[NoInterfaceObject]
 interface <dfn id=globaleventhandlers>GlobalEventHandlers</dfn> {
@@ -71515,7 +71524,7 @@
 
   <div class=impl>
 
-  <h5 id=event-firing><span class=secno>7.1.6.3 </span>Event firing</h5>
+  <h5 id=event-firing><span class=secno>7.1.5.3 </span>Event firing</h5>
 
   <p>Certain operations and methods are defined as firing events on elements. For example, the <code title=dom-click><a href=#dom-click>click()</a></code> method on the <code><a href=#htmlelement>HTMLElement</a></code> interface is defined as
   firing a <code title=event-click><a href=#event-click>click</a></code> event on the element. <a href=#refsDOMEVENTS>[DOMEVENTS]</a></p>
@@ -71546,7 +71555,7 @@
 
   <div class=impl>
 
-  <h5 id=events-and-the-window-object><span class=secno>7.1.6.4 </span>Events and the <code><a href=#window>Window</a></code> object</h5>
+  <h5 id=events-and-the-window-object><span class=secno>7.1.5.4 </span>Events and the <code><a href=#window>Window</a></code> object</h5>
 
   <p>When an event is dispatched at a DOM node in a <code><a href=#document>Document</a></code> in a <a href=#browsing-context>browsing
   context</a>, if the event is not a <code title=event-load>load</code> event, the user agent
@@ -78278,8 +78287,7 @@
 
   <p>HTTP 200 OK responses that have a <a href=#content-type>Content-Type</a> specifying an unsupported type, or
   that have no <a href=#content-type>Content-Type</a> at all, must cause the user agent to <a href=#fail-the-connection>fail the
-  connection</a>.</p> <!-- about:blank is defined as having no MIME type; javascript: as having
-  the type text/html -->
+  connection</a>.</p> <!-- about:blank is defined as having no MIME type -->
 
   <p>HTTP 305 Use Proxy, 401 Unauthorized, and 407 Proxy Authentication Required should be treated
   transparently as for any other subresource.</p>
@@ -82509,9 +82517,10 @@
     <a href=#origin>origin</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a>, then throw a <code><a href=#securityerror>SecurityError</a></code> exception and
     abort these steps.</p>
 
+<!--CLEANUP-->
     <p class=note>Thus, scripts must either be external files with the same scheme, host, and port
     as the original page, or <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a>.
-    For example, you can't load a script from a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a>, and an <code>https:</code> page couldn't start workers
+    For example, an <code>https:</code> page couldn't start workers
     using scripts with <code>http:</code> URLs.</p>
 
    </li>
@@ -82624,9 +82633,10 @@
     the <a href=#incumbent-settings-object>incumbent settings object</a>, then throw a <code><a href=#securityerror>SecurityError</a></code> exception and abort these
     steps.</p>
 
+<!--CLEANUP-->
     <p class=note>Thus, scripts must either be external files with the same scheme, host, and port
     as the original page, or <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a>.
-    For example, you can't load a script from a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a>, and an <code>https:</code> page couldn't start workers
+    For example, and an <code>https:</code> page couldn't start workers
     using scripts with <code>http:</code> URLs.</p>
 
    </li>
@@ -101102,11 +101112,6 @@
    <dt id=refsJSON>[JSON]</dt>
    <dd><cite><a href=http://tools.ietf.org/html/rfc4627>The application/json Media Type for JavaScript Object Notation (JSON)</a></cite>, D. Crockford. IETF.</dd>
 
-   <dt id=refsJSURL>[JSURL]</dt>
-   <dd><cite><a href=http://tools.ietf.org/html/draft-hoehrmann-javascript-scheme>The 'javascript' resource identifier scheme</a></cite>, B. Höhrmann. IETF.
-   <!-- Sadly this reference has been dead for a while. Unfortunately it's the closest thing we current have to a spec. -->
-   </dd>
-
    <dt id=refsMAILTO>[MAILTO]</dt>
    <dd>(Non-normative) <cite><a href=http://tools.ietf.org/html/rfc6068>The 'mailto' URI scheme</a></cite>, M. Duerst, L. Masinter, J. Zawinski. IETF.</dd>
 

Modified: index
===================================================================
--- index	2013-11-14 22:19:58 UTC (rev 8283)
+++ index	2013-11-15 15:56:16 UTC (rev 8284)
@@ -298,7 +298,7 @@
 
   <header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard — Last Updated 14 November 2013</h2>
+    <h2 class="no-num no-toc">Living Standard — Last Updated 15 November 2013</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -1022,15 +1022,14 @@
        <li><a href=#definitions-1><span class=secno>7.1.4.1 </span>Definitions</a></li>
        <li><a href=#processing-model-4><span class=secno>7.1.4.2 </span>Processing model</a></li>
        <li><a href=#generic-task-sources><span class=secno>7.1.4.3 </span>Generic task sources</a></ol></li>
-     <li><a href=#javascript-protocol><span class=secno>7.1.5 </span>The <code title="">javascript:</code> URL scheme</a></li>
-     <li><a href=#events><span class=secno>7.1.6 </span>Events</a>
+     <li><a href=#events><span class=secno>7.1.5 </span>Events</a>
       <ol>
-       <li><a href=#event-handler-attributes><span class=secno>7.1.6.1 </span>Event handlers</a></li>
-       <li><a href=#event-handlers-on-elements,-document-objects,-and-window-objects><span class=secno>7.1.6.2 </span>Event handlers on elements, <code>Document</code> objects, and <code>Window</code> objects</a>
+       <li><a href=#event-handler-attributes><span class=secno>7.1.5.1 </span>Event handlers</a></li>
+       <li><a href=#event-handlers-on-elements,-document-objects,-and-window-objects><span class=secno>7.1.5.2 </span>Event handlers on elements, <code>Document</code> objects, and <code>Window</code> objects</a>
         <ol>
-         <li><a href=#idl-definitions><span class=secno>7.1.6.2.1 </span>IDL definitions</a></ol></li>
-       <li><a href=#event-firing><span class=secno>7.1.6.3 </span>Event firing</a></li>
-       <li><a href=#events-and-the-window-object><span class=secno>7.1.6.4 </span>Events and the <code>Window</code> object</a></ol></ol></li>
+         <li><a href=#idl-definitions><span class=secno>7.1.5.2.1 </span>IDL definitions</a></ol></li>
+       <li><a href=#event-firing><span class=secno>7.1.5.3 </span>Event firing</a></li>
+       <li><a href=#events-and-the-window-object><span class=secno>7.1.5.4 </span>Events and the <code>Window</code> object</a></ol></ol></li>
    <li><a href=#atob><span class=secno>7.2 </span>Base64 utility methods</a></li>
    <li><a href=#dynamic-markup-insertion><span class=secno>7.3 </span>Dynamic markup insertion</a>
     <ol>
@@ -3540,7 +3539,7 @@
      <li>The <dfn id=url-parser>URL parser</dfn>
      <li><dfn id=parsed-url>Parsed URL</dfn>
      <li>The <dfn id=concept-url-scheme title=concept-url-scheme>scheme</dfn> component of a <a href=#parsed-url>parsed URL</a>
-     <li>The <dfn id=concept-url-scheme-data title="concept-url-scheme data">scheme data</dfn> component of a <a href=#parsed-url>parsed URL</a>
+     <li>The <dfn id=concept-url-scheme-data title=concept-url-scheme-data>scheme data</dfn> component of a <a href=#parsed-url>parsed URL</a>
      <li>The <dfn id=concept-url-username title=concept-url-username>username</dfn> component of a <a href=#parsed-url>parsed URL</a>
      <li>The <dfn id=concept-url-password title=concept-url-password>password</dfn> component of a <a href=#parsed-url>parsed URL</a>
      <li>The <dfn id=concept-url-host title=concept-url-host>host</dfn> component of a <a href=#parsed-url>parsed URL</a>
@@ -6897,8 +6896,7 @@
    <li>
 
     <p>If <var title="">referrer</var> is not the empty string, is not a <a href=#data-protocol title="data
-    protocol"><code title="">data:</code> URL</a>, is not a <a href=#javascript-protocol title="javascript
-    protocol"><code title="">javascript:</code> URL</a>, and is not the <a href=#url>URL</a>
+    protocol"><code title="">data:</code> URL</a>, and is not the <a href=#url>URL</a>
     "<code><a href=#about:blank>about:blank</a></code>", then generate the <i>address of the resource from which Request-URIs
     are obtained</i> as required by HTTP for the <code title=http-referer>Referer</code> (sic)
     header from <var title="">referrer</var>. <a href=#refsHTTP>[HTTP]</a></p>
@@ -6944,9 +6942,10 @@
     <dfn id=about:blank><code>about:blank</code></dfn>, then the resource is immediately available and consists of
     the empty string, with no metadata.</p>
 
+<!--CLEANUP-->
     <p>Otherwise, at a time convenient to the user and the user agent, download (or otherwise
     obtain) the resource, applying the semantics of the relevant specifications (e.g. performing an
-    HTTP GET or POST operation, or reading the file from disk, <a href=#concept-js-deref title=concept-js-deref>dereferencing <span title="javascript protocol"><code title="">javascript:</code> URLs</span></a>, etc).</p>
+    HTTP GET or POST operation, or reading the file from disk, or expanding <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a>, etc).</p>
 
     <p>For the purposes of the <code title=http-referer>Referer</code> (sic) header, use the
     <i>address of the resource from which Request-URIs are obtained</i> generated in the earlier
@@ -7202,7 +7201,6 @@
 
   <dl class=switch><dt>If the <var title="">URL</var> has the <a href=#same-origin>same origin</a> as <var title="">origin</var></dt>
    <dt>If the <var title="">URL</var> is a <a href=#data-protocol title="data protocol"><code title="">data:</code> URL</a></dt>
-   <dt>If the <var title="">URL</var> is a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a></dt>
    <dt>If the <var title="">URL</var> is <code><a href=#about:blank>about:blank</a></code></dt>
 
    <dd>
@@ -7228,7 +7226,7 @@
         <p>Set <var title="">URL</var> to the target URL of the redirect and return to the top of
         the <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> algorithm (this time, one of the other
         branches below might be taken, based on the value of <var title="">mode</var><!-- but if
-        it's a data: or javascript: URL, we'll stay here -->).</p>
+        it's a data: URL, we'll stay here -->).</p>
 
        </dd>
 
@@ -51601,12 +51599,6 @@
       <p>The resource obtained in this fashion can be either <a href=#cors-same-origin>CORS-same-origin</a> or
       <a href=#cors-cross-origin>CORS-cross-origin</a>. This only affects how error reporting happens.</p>
 
-      <p>For historical reasons, if the <a href=#url>URL</a> is a <a href=#javascript-protocol title="javascript
-      protocol"><code title="">javascript:</code> URL</a>, then the user agent must not, despite
-      the requirements in the definition of the <a href=#fetch title=fetch>fetching</a> algorithm,
-      actually execute the script in the URL; instead the user agent must act as if it had received
-      an empty HTTP 400 response.</p>
-
       <p>For performance reasons, user agents may start fetching the script (as defined above) as
       soon as the <code title=attr-script-src><a href=#attr-script-src>src</a></code> attribute is set, instead, in the hope
       that the element will be inserted into the document (and that the <code title=attr-script-crossorigin><a href=#attr-script-crossorigin>crossorigin</a></code> attribute won't change value in the
@@ -64958,21 +64950,6 @@
      </dd>
 
 
-     <dt>If a <code><a href=#document>Document</a></code> was generated from a <a href=#javascript-protocol title="javascript
-     protocol"><code>javascript:</code> URL</a></dt>
-
-     <dd>
-
-      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
-      <a href=#origin>origin</a> of the script of that <a href=#javascript-protocol title="javascript
-      protocol"><code>javascript:</code> URL</a>.</p>
-
-      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#origin>origin</a> of the
-      <code><a href=#document>Document</a></code>.</p>
-
-     </dd>
-
-
      <dt>If a <code><a href=#document>Document</a></code> was served over the network and has an address that uses a URL
      scheme with a server-based naming authority</dt>
 
@@ -65002,8 +64979,7 @@
      </dd>
 
 
-     <dt>If a <code><a href=#document>Document</a></code> has the <a href="#the-document's-address" title="the document's address">address</a>
-     "<code><a href=#about:blank>about:blank</a></code>"</dt>
+     <dt>If a <code><a href=#document>Document</a></code> is the initial "<code><a href=#about:blank>about:blank</a></code>" document</dt>
 
      <dd>
 
@@ -65014,6 +64990,20 @@
      </dd>
 
 
+     <dt>If a <code><a href=#document>Document</a></code> was created as part of the processing for <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code> URLs</a></dt>
+
+     <dd>
+
+      <p>The <a href=#origin>origin</a> is an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the
+      <a href=#origin>origin</a> of the <a href=#active-document>active document</a> of the <a href=#browsing-context>browsing context</a>
+      being navigated when the <a href=#navigate>navigate</a> algorithm was invoked.</p>
+
+      <p>The <a href=#effective-script-origin>effective script origin</a> is initially an <a href=#concept-origin-alias title=concept-origin-alias>alias</a> to the <a href=#effective-script-origin>effective script origin</a> of that
+      same <code><a href=#document>Document</a></code>.</p>
+
+     </dd>
+
+
      <dt>If a <code><a href=#document>Document</a></code> is <a href=#an-iframe-srcdoc-document>an <code>iframe</code> <code title=attr-iframe-srcdoc>srcdoc</code> document</a></dt>
 
      <dd>
@@ -66591,50 +66581,164 @@
 
    <li>
 
-    <p>If the resource has already been obtained (e.g. because it is being used to populate an
-    <code><a href=#the-object-element>object</a></code> element's new <a href=#child-browsing-context>child browsing context</a>), then skip this step.</p>
+    <p>This is the step that attempts to obtain the resource, if necessary. Jump to the first
+    appropriate substep:</p>
 
-    <p>Otherwise:</p>
+    <dl><dt>If the resource has already been obtained (e.g. because it is being used to populate an
+     <code><a href=#the-object-element>object</a></code> element's new <a href=#child-browsing-context>child browsing context</a>)</dt>
 
-    <p>If the new resource is to be fetched using HTTP GET <a href=#concept-http-equivalent-get title=concept-http-equivalent-get>or equivalent</a>, and there are <a href=#relevant-application-cache title="relevant
-    application cache">relevant application caches</a> that are identified by a URL with the
-    <a href=#same-origin>same origin</a> as the URL in question, and that have this URL as one of their entries,
-    excluding entries marked as <a href=#concept-appcache-foreign title=concept-appcache-foreign>foreign</a>, and whose
-    <a href=#concept-appcache-mode title=concept-appcache-mode>mode</a> is <a href=#concept-appcache-mode-fast title=concept-appcache-mode-fast>fast</a>, and the user agent is not in a mode where it
-    will avoid using <a href=#application-cache title="application cache">application caches</a> then
-    <a href=#fetch>fetch</a> the resource from the <a href=#concept-appcache-selection title=concept-appcache-selection>most
-    appropriate application cache</a> of those that match.</p>
+     <dd><p>Skip this step. The data is already available.</dd>
 
-    <p class=example>For example, imagine an HTML page with an associated application cache
-    displaying an image and a form, where the image is also used by several other application
-    caches. If the user right-clicks on the image and chooses "View Image", then the user agent
-    could decide to show the image from any of those caches, but it is likely that the most useful
-    cache for the user would be the one that was used for the aforementioned HTML page. On the other
-    hand, if the user submits the form, and the form does a POST submission, then the user agent
-    will not use an application cache at all; the submission will be made to the network.</p>
+     <dt>If the new resource is a <a href=#url>URL</a> whose <a href=#concept-url-scheme title=concept-url-scheme>scheme</a> is <code title="javascript
+     protocol"><a href=#javascript-protocol>javascript</a></code></dt>
 
-    <p>Otherwise, <a href=#fetch>fetch</a><!--FETCH--> the new resource, with the <i>manual redirect
-    flag</i> set.</p>
+     <dd>
 
+      <!-- http://www.hixie.ch/tests/adhoc/html/navigation/javascript-url/ -->
+
+      <p><a href=#queue-a-task>Queue a task</a> to run <dfn id=javascript-protocol title="javascript protocol">these "<code title="">javascript:</code> URL" steps</dfn>:</p>
+
+      <ol id=concept-js-deref><li><p>If the <a href=#origin>origin</a> of the <a href=#source-browsing-context>source browsing context</a> is not the
+       <a href=#same-origin>same origin</a> as the <a href=#origin>origin</a> of the <a href=#active-document>active document</a> of
+       the <a href=#browsing-context>browsing context</a> being navigated, then act as if the result of evaluating
+       the script was the void value, and jump to the step labeled <i>process results</i>
+       below.</li>
+
+       <li><p>Apply the <a href=#url-parser>URL parser</a> to the <a href=#url>URL</a> being navigated.</li>
+
+       <li><p>Let <var title="">parsed URL</var> be the result of the <a href=#url-parser>URL
+       parser</a>.</li>
+
+       <li><p>Let <var title="">script source</var> be the empty string.</li>
+
+       <li><p>Append <var title="">parsed URL</var>'s <a href=#concept-url-scheme-data title=concept-url-scheme-data>scheme
+       data</a> component to <var title="">script source</var>.</li>
+
+       <li><p>If <var title="">parsed URL</var>'s <a href=#concept-url-query title=concept-url-query>query</a>
+       component is not null, then first append a U+003F QUESTION MARK character (?) to <var title="">script source</var>, and then append <var title="">parsed URL</var>'s <a href=#concept-url-query title=concept-url-query>query</a> component to <var title="">script
+       source</var>.</li>
+
+       <li><p>If <var title="">parsed URL</var>'s <a href=#concept-url-fragment title=concept-url-fragment>fragment</a> component is not null, then first append a
+       U+003F QUESTION MARK character (?) to <var title="">script source</var>, and then append
+       <var title="">parsed URL</var>'s <a href=#concept-url-fragment title=concept-url-fragment>fragment</a>
+       component to <var title="">script source</var>.</li>
+
+       <li><p>Replace <var title="">script source</var> with the result of applying the
+       <a href=#percent-decode>percent decode</a> algorithm to <var title="">script source</var>.</li>
+
+       <li><p>Replace <var title="">script source</var> with the result of applying the <a href=#utf-8-decode>UTF-8
+       decode</a> algorithm to <var title="">script source</var>.</li>
+
+       <!-- <body onload="&#xFFFE;w('test')"> and javascript:%EF%BB%BF'test' both work, so we assume
+            that JavaScript is stripping the BOM, and we don't have to -->
+
+       <!--
+         http://software.hixie.ch/utilities/js/live-dom-viewer/saved/2639 -> about:blank
+         http://software.hixie.ch/utilities/js/live-dom-viewer/saved/2640 -> javascript:'test' in Firefox, about:blank otherwise
+       -->
+       <li><p>Let <var title="">address</var> be the <a href="#the-document's-address" title="the document's
+       address">address</a> of the <a href=#active-document>active document</a> of the <a href=#browsing-context>browsing
+       context</a> being navigated.</li>
+
+       <li>
+
+        <p><a href=#create-a-script>Create a script</a>, using <var title="">script source</var> as the script
+        source, <var title="">address</var> as the script source URL, JavaScript as the scripting
+        language, and the <a href=#script-settings-object>script settings object</a> of the <code><a href=#window>Window</a></code> object of
+        the <a href=#active-document>active document</a> of the <a href=#browsing-context>browsing context</a> being navigated.</p>
+
+        <p>Let <var title="">result</var> be the return value of the <a href=#code-entry-point>code entry-point</a>
+        of this <a href=#concept-script title=concept-script>script</a>. If an exception was thrown, let <var title="">result</var> be void instead. (The result will be void also if <a href=#concept-bc-noscript title=concept-bc-noscript>scripting is disabled</a>.)</p>
+
+       </li>
+
+       <li>
+
+        <p><i>Process results</i>: If the result of executing the script is void (there is no return
+        value), then the result of obtaining the resource for the URL is <a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>equivalent to</a> an HTTP resource with an HTTP
+        204 No Content response.</p>
+
+        <p>Otherwise, the result of obtaining the resource for the URL is <a href=#concept-http-equivalent-codes title=concept-http-equivalent-codes>equivalent</a> to an HTTP resource with a 200 OK
+        response whose <a href=#content-type title=Content-Type>Content-Type metadata</a> is
+        <code><a href=#text/html>text/html</a></code> and whose response body is the return value converted to a string
+        value.</p>
+
+        <p>When it comes time to <a href="#set-the-document's-address">set the document's address</a> in the <a href=#navigate title=navigate>navigation algorithm</a>, use <var title="">address</var> as the
+        <a href=#override-url>override URL</a>.</p>
+
+       </li>
+
+      </ol><div class=example>
+
+       <p>So for example a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code>
+       URL</a> in an <code title=attr-hyperlink-href><a href=#attr-hyperlink-href>href</a></code> attribute of an
+       <code><a href=#the-a-element>a</a></code> element would only be evaluated when the link was <a href=#following-hyperlinks title="following
+       hyperlinks">followed</a>, while such a URL in the <code title=attr-iframe-src><a href=#attr-iframe-src>src</a></code> attribute of an <code><a href=#the-iframe-element>iframe</a></code> element would be
+       evaluated in the context of the <code><a href=#the-iframe-element>iframe</a></code>'s own <a href=#nested-browsing-context>nested browsing
+       context</a> when the <code><a href=#the-iframe-element>iframe</a></code> is being set up; once evaluated, its return value
+       (if it was not void) would replace that <a href=#browsing-context>browsing context</a>'s document, thus also
+       changing the <code><a href=#window>Window</a></code> object of that <a href=#browsing-context>browsing context</a>.</p>
+
+      </div>
+
+     </dd>
+
+     <dt>If the new resource is to be fetched using HTTP GET <a href=#concept-http-equivalent-get title=concept-http-equivalent-get>or equivalent</a>, and there are <a href=#relevant-application-cache title="relevant
+     application cache">relevant application caches</a> that are identified by a URL with the
+     <a href=#same-origin>same origin</a> as the URL in question, and that have this URL as one of their
+     entries, excluding entries marked as <a href=#concept-appcache-foreign title=concept-appcache-foreign>foreign</a>,
+     and whose <a href=#concept-appcache-mode title=concept-appcache-mode>mode</a> is <a href=#concept-appcache-mode-fast title=concept-appcache-mode-fast>fast</a>, and the user agent is not in a mode where it
+     will avoid using <a href=#application-cache title="application cache">application caches</a></dt>
+
+     <dd>
+
+      <p><a href=#fetch>Fetch</a> the resource from the <a href=#concept-appcache-selection title=concept-appcache-selection>most
+      appropriate application cache</a> of those that match.</p>
+
+      <p class=example>For example, imagine an HTML page with an associated application cache
+      displaying an image and a form, where the image is also used by several other application
+      caches. If the user right-clicks on the image and chooses "View Image", then the user agent
+      could decide to show the image from any of those caches, but it is likely that the most useful
+      cache for the user would be the one that was used for the aforementioned HTML page. On the
+      other hand, if the user submits the form, and the form does a POST submission, then the user
+      agent will not use an application cache at all; the submission will be made to the
+      network.</p>
+
+     </dd>
+
+     <dt>Otherwise</dt>
+
+     <dd>
+
+      <p><a href=#fetch>Fetch</a><!--FETCH--> the new resource, with the <i>manual redirect flag</i>
+      set.</p>
+
+     </dd>
+
+    </dl><p>If the <a href=#browsing-context>browsing context</a> is a <a href=#nested-browsing-context>nested browsing context</a>, then in the
+    time between this step and either the creation of a <code><a href=#document>Document</a></code> object or the <!-- XXX
+    bug 23633 --> <span>canceling</span> of the <a href=#navigate title=navigate>navigation</a>
+    algorithm<!-- /XXX bug 23633 -->, whichever happens first, the <a href=#browsing-context>browsing context</a>
+    must be put in the <a href=#delaying-load-events-mode>delaying <code title=event-load>load</code> events mode</a>.</p>
+    <!-- this is what makes <iframe> elements delay the load event of their parent browsing context
+    when their child browsing context is in between this step and the step that starts the parser.
+    -->
+
+    <p>If the steps above invoked the <a href=#fetch>fetch</a> algorith, the following requirements also
+    apply:</p>
+
     <p>If the resource is being fetched using a method other than one <a href=#concept-http-equivalent-get title=concept-http-equivalent-get>equivalent to</a> HTTP's GET<!-- or HEAD (but that can't
     happen) -->, or, if the <a href=#navigate title=navigate>navigation algorithm</a> was invoked as a
-    result of the <a href=#concept-form-submit title=concept-form-submit>form submission algorithm</a>, then the <a href=#fetch title=fetch>fetching algorithm</a> must be invoked from the <a href=#origin>origin</a> of the
-    <a href=#active-document>active document</a> of the <a href=#source-browsing-context>source browsing context</a>, if any.</p> <!--
+    result of the <a href=#concept-form-submit title=concept-form-submit>form submission algorithm</a>, then the
+    <a href=#fetch title=fetch>fetching algorithm</a> must be invoked from the <a href=#origin>origin</a> of
+    the <a href=#active-document>active document</a> of the <a href=#source-browsing-context>source browsing context</a>, if any.</p> <!--
     potentially http-origin privacy sensitive -->
 
-    <p>If the <a href=#browsing-context>browsing context</a> being navigated is a <a href=#child-browsing-context>child browsing context</a>
-    for an <code><a href=#the-iframe-element>iframe</a></code> or <code><a href=#the-object-element>object</a></code> element, then the <a href=#fetch title=fetch>fetching
-    algorithm</a> must be invoked from the <code><a href=#the-iframe-element>iframe</a></code> or <code><a href=#the-object-element>object</a></code> element's
-    <a href=#browsing-context-scope-origin>browsing context scope origin</a>, if it has one.</p> <!-- potentially http-origin
-    privacy sensitive -->
+    <p>Otherwise, if the <a href=#browsing-context>browsing context</a> being navigated is a <a href=#child-browsing-context>child browsing
+    context</a> for an <code><a href=#the-iframe-element>iframe</a></code> or <code><a href=#the-object-element>object</a></code> element, then the <a href=#fetch title=fetch>fetching algorithm</a> must be invoked from the <code><a href=#the-iframe-element>iframe</a></code> or
+    <code><a href=#the-object-element>object</a></code> element's <a href=#browsing-context-scope-origin>browsing context scope origin</a>, if it has one.</p>
+    <!-- potentially http-origin privacy sensitive -->    
 
-    <p>If the <a href=#browsing-context>browsing context</a> is a <a href=#nested-browsing-context>nested browsing context</a>, then in the
-    time between the <a href=#fetch>fetch</a> algorithm being started by this step, and either the
-    creation of a <code><a href=#document>Document</a></code> object or the canceling of the <a href=#fetch>fetch</a> or <a href=#navigate title=navigate>navigation</a> algorithms, the <a href=#browsing-context>browsing context</a> must be put in
-    the <a href=#delaying-load-events-mode>delaying <code title=event-load>load</code> events mode</a>.</p> <!-- this is
-    what makes <iframe> elements delay the load event of their parent browsing context when their
-    child browsing context is in between this step and the step that starts the parser. -->
-
    </li>
 
    <li>
@@ -66839,8 +66943,8 @@
     its <a href="#the-document's-address" title="the document's address">address</a> set to that <a href=#url>URL</a>
     instead.</p>
 
-    <p class=note>An <a href=#override-url title="override URL">override URL</a> is set when <a href=#concept-js-deref title=concept-js-deref>dereferencing a <code>javascript:</code> URL</a> and when performing
-    <a href=#an-overridden-reload>an overridden reload</a>.</p>
+    <p class=note>An <a href=#override-url title="override URL">override URL</a> is set when <a href=#javascript-protocol title="javascript protocol">dereferencing a <code>javascript:</code> URL</a> and when
+    performing <a href=#an-overridden-reload>an overridden reload</a>.</p>
 
     <p><dfn id=create-a-document-object title="create a Document object">Creating a new <code>Document</code> object</dfn>: when
     a <code><a href=#document>Document</a></code> is created as part of the above steps, the user agent must additionally
@@ -69890,8 +69994,7 @@
 
   <ul><li>Processing of <code><a href=#the-script-element>script</a></code> elements.</li>
 
-   <li>Processing of inline <code title="javascript protocol"><a href=#javascript-protocol>javascript:</a></code> URLs (e.g. the
-   <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute of <code><a href=#the-img-element>img</a></code> elements, or an <code title="">@import</code> rule in a CSS <code><a href=#the-style-element>style</a></code> element block).</li>
+   <li>Navigating to <a href=#javascript-protocol title="javascript protocol"><code>javascript:</code> URLs</a>.</li>
 
    <li>Event handlers, whether registered through the DOM using <code title="">addEventListener()</code>, by explicit <a href=#event-handler-content-attributes>event handler content attributes</a>, by
    <a href=#event-handler-idl-attributes>event handler IDL attributes</a>, or otherwise.</li>
@@ -70823,106 +70926,12 @@
   </dl></div>
 
 
-  <div class=impl>
 
-  <!-- SCRIPT EXEC -->
-  <h4 id=javascript-protocol><span class=secno>7.1.5 </span><dfn title="javascript protocol">The <code title="">javascript:</code> URL scheme</dfn></h4>
 
-  <p>When a <a href=#url>URL</a> using the <code title="">javascript:</code> scheme is <dfn id=concept-js-deref title=concept-js-deref>dereferenced</dfn>, the user agent must run the following steps:</p>
+  <h4 id=events><span class=secno>7.1.5 </span>Events</h4>
 
-  <ol><li><p>Let the script source be the string obtained using the content retrieval operation defined
-   for <code title="">javascript:</code> URLs. <a href=#refsJSURL>[JSURL]</a></li>
+  <h5 id=event-handler-attributes><span class=secno>7.1.5.1 </span>Event handlers</h5>
 
-   <li>
-
-    <p>Use the appropriate step from the following list:</p>
-
-    <dl><dt>If a <a href=#browsing-context>browsing context</a> is being <a href=#navigate title=navigate>navigated</a> to a
-     <code>javascript:</code> URL, and the <a href=#source-browsing-context>source browsing context</a> for that navigation,
-     if any, has <a href=#concept-bc-noscript title=concept-bc-noscript>scripting disabled</a></dt>
-
-     <dd>
-
-      <p>Let <var title="">result</var> be void.</p>
-
-     </dd>
-
-     <dt>If a <a href=#browsing-context>browsing context</a> is being <a href=#navigate title=navigate>navigated</a> to a
-     <code>javascript:</code> URL, and the <a href=#active-document>active document</a> of that browsing context has
-     the <a href=#same-origin>same origin</a> as the script given by that URL</dt>
-
-     <dd>
-
-      <!-- http://www.hixie.ch/tests/adhoc/html/navigation/javascript-url/ -->
-
-      <p>Let <var title="">address</var> be the <a href="#the-document's-address" title="the document's address">address</a>
-      of the <a href=#active-document>active document</a> of the <a href=#browsing-context>browsing context</a> being navigated.</p>
-
-      <p>If <var title="">address</var> is <code><a href=#about:blank>about:blank</a></code>, and the <a href=#browsing-context>browsing
-      context</a> being navigated has a <a href=#creator-browsing-context>creator browsing context</a>, then let <var title="">address</var> be the <a href="#the-document's-address" title="the document's address">address</a> of the
-      <a href=#creator-document>creator <code>Document</code></a> instead.</p>
-
-      <p><a href=#create-a-script>Create a script</a>, using the aforementioned script source, the <a href=#url>URL</a>
-      of the resource where the <code>javascript:</code> URL, was found, JavaScript as the scripting
-      language, and the <a href=#script-settings-object>script settings object</a> of the <code><a href=#window>Window</a></code> object of the
-      <a href=#active-document>active document</a>.</p>
-
-      <p>Let <var title="">result</var> be the return value of the <a href=#code-entry-point>code entry-point</a>
-      of this <a href=#concept-script title=concept-script>script</a>. If an exception was thrown, let <var title="">result</var> be void instead. (The result will be void also if <a href=#concept-bc-noscript title=concept-bc-noscript>scripting is disabled</a>.)</p>
-
-      <p>When it comes time to <a href="#set-the-document's-address">set the document's address</a> in the <a href=#navigate title=navigate>navigation algorithm</a>, use <var title="">address</var> as the
-      <a href=#override-url>override URL</a>.</p>
-
-     </dd>
-
-     <dt>Otherwise</dt>
-
-     <dd>
-
-      <p>Let <var title="">result</var> be void.</p>
-
-     </dd>
-
-    </dl></li>
-
-   <li>
-
-    <p>If the result of executing the script is void (there is no return value), then the URL must
-    be treated in a manner equivalent to an HTTP resource with an HTTP 204 No Content response.</p>
-
-    <p>Otherwise, the URL must be treated in a manner equivalent to an HTTP resource with a 200 OK
-    response whose <a href=#content-type title=Content-Type>Content-Type metadata</a> is <code><a href=#text/html>text/html</a></code>
-    and whose response body is the return value converted to a string value.</p>
-
-    <p class=note>Certain contexts, in particular <code><a href=#the-img-element>img</a></code> elements, ignore the <a href=#content-type title=Content-Type>Content-Type metadata</a>.</p>
-
-   </li>
-
-  </ol><div class=example>
-
-   <p>So for example a <code title="">javascript:</code> URL for a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute of an <code><a href=#the-img-element>img</a></code> element would be evaluated in
-   the context of an empty object as soon as the attribute is set; it would then be sniffed to
-   determine the image type and decoded as an image.</p>
-
-   <p>A <code title="">javascript:</code> URL in an <code title=attr-hyperlink-href><a href=#attr-hyperlink-href>href</a></code>
-   attribute of an <code><a href=#the-a-element>a</a></code> element would only be evaluated when the link was <a href=#following-hyperlinks title="following hyperlinks">followed</a>.</p>
-
-   <p>The <code title=attr-iframe-src><a href=#attr-iframe-src>src</a></code> attribute of an <code><a href=#the-iframe-element>iframe</a></code> element would
-   be evaluated in the context of the <code><a href=#the-iframe-element>iframe</a></code>'s own <a href=#browsing-context>browsing context</a>; once
-   evaluated, its return value (if it was not void) would replace that <a href=#browsing-context>browsing
-   context</a>'s document, thus changing the variables visible in that <a href=#browsing-context>browsing
-   context</a>.</p>
-
-  </div>
-
-  </div>
-
-
-
-  <h4 id=events><span class=secno>7.1.6 </span>Events</h4>
-
-  <h5 id=event-handler-attributes><span class=secno>7.1.6.1 </span>Event handlers</h5>
-
   <!--test: <a href="http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C!DOCTYPE%20html%3E%0A...%3Cscript%3E%0Aw(a%3Ddocument.implementation.createDocument(null%2C%20null%2C%20null))%3B%0Aw(a.appendChild(a.createElementNS('http%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml'%2C%20'html')))%3B%0Aw(b%3Da.firstChild.appendChild(a.createElementNS('http%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml'%2C%20'body')))%3B%0Aw(b.test%20%3D%20w)%3B%0Aw(b.setAttribute('onclick'%2C%20'test(%22fire%3A%20%22%20%2B%20event)'))%3B%0Aw(b.onclick)%3B%0Aw(e%3Da.createEvent('Event'))%3B%0Aw(e.initEvent('click'%2C%20false%2C%20false))%3B%0Aw(b.dispatchEvent(e))%3B%0A%3C%2Fscript%3E">test</a>-->
 
   <p>Many objects can have <dfn id=event-handlers>event handlers</dfn> specified. These act as non-capture event
@@ -71304,7 +71313,7 @@
   <!-- onreadystatechange is also defined specially, using [LenientThis]; see IDL -->
 
 
-  <h5 id=event-handlers-on-elements,-document-objects,-and-window-objects><span class=secno>7.1.6.2 </span>Event handlers on elements, <code><a href=#document>Document</a></code> objects, and <code><a href=#window>Window</a></code> objects</h5>
+  <h5 id=event-handlers-on-elements,-document-objects,-and-window-objects><span class=secno>7.1.5.2 </span>Event handlers on elements, <code><a href=#document>Document</a></code> objects, and <code><a href=#window>Window</a></code> objects</h5>
 
   <p>The following are the <a href=#event-handlers>event handlers</a> (and their corresponding <a href=#event-handler-event-type title="event
   handler event type">event handler event types</a>) <span class=impl>that must be</span>
@@ -71428,7 +71437,7 @@
 
   <table><thead><tr><th><a href=#event-handlers title="event handlers">Event handler</a> <th><a href=#event-handler-event-type>Event handler event type</a>
    <tbody><tr><td><dfn id=handler-onreadystatechange title=handler-onreadystatechange><code>onreadystatechange</code></dfn> <td> <code title=event-readystatechange><a href=#event-readystatechange>readystatechange</a></code>
-  </table><h6 id=idl-definitions><span class=secno>7.1.6.2.1 </span>IDL definitions</h6>
+  </table><h6 id=idl-definitions><span class=secno>7.1.5.2.1 </span>IDL definitions</h6>
 
   <pre class=idl>[NoInterfaceObject]
 interface <dfn id=globaleventhandlers>GlobalEventHandlers</dfn> {
@@ -71515,7 +71524,7 @@
 
   <div class=impl>
 
-  <h5 id=event-firing><span class=secno>7.1.6.3 </span>Event firing</h5>
+  <h5 id=event-firing><span class=secno>7.1.5.3 </span>Event firing</h5>
 
   <p>Certain operations and methods are defined as firing events on elements. For example, the <code title=dom-click><a href=#dom-click>click()</a></code> method on the <code><a href=#htmlelement>HTMLElement</a></code> interface is defined as
   firing a <code title=event-click><a href=#event-click>click</a></code> event on the element. <a href=#refsDOMEVENTS>[DOMEVENTS]</a></p>
@@ -71546,7 +71555,7 @@
 
   <div class=impl>
 
-  <h5 id=events-and-the-window-object><span class=secno>7.1.6.4 </span>Events and the <code><a href=#window>Window</a></code> object</h5>
+  <h5 id=events-and-the-window-object><span class=secno>7.1.5.4 </span>Events and the <code><a href=#window>Window</a></code> object</h5>
 
   <p>When an event is dispatched at a DOM node in a <code><a href=#document>Document</a></code> in a <a href=#browsing-context>browsing
   context</a>, if the event is not a <code title=event-load>load</code> event, the user agent
@@ -78278,8 +78287,7 @@
 
   <p>HTTP 200 OK responses that have a <a href=#content-type>Content-Type</a> specifying an unsupported type, or
   that have no <a href=#content-type>Content-Type</a> at all, must cause the user agent to <a href=#fail-the-connection>fail the
-  connection</a>.</p> <!-- about:blank is defined as having no MIME type; javascript: as having
-  the type text/html -->
+  connection</a>.</p> <!-- about:blank is defined as having no MIME type -->
 
   <p>HTTP 305 Use Proxy, 401 Unauthorized, and 407 Proxy Authentication Required should be treated
   transparently as for any other subresource.</p>
@@ -82509,9 +82517,10 @@
     <a href=#origin>origin</a> specified by the <a href=#incumbent-settings-object>incumbent settings object</a>, then throw a <code><a href=#securityerror>SecurityError</a></code> exception and
     abort these steps.</p>
 
+<!--CLEANUP-->
     <p class=note>Thus, scripts must either be external files with the same scheme, host, and port
     as the original page, or <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a>.
-    For example, you can't load a script from a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a>, and an <code>https:</code> page couldn't start workers
+    For example, an <code>https:</code> page couldn't start workers
     using scripts with <code>http:</code> URLs.</p>
 
    </li>
@@ -82624,9 +82633,10 @@
     the <a href=#incumbent-settings-object>incumbent settings object</a>, then throw a <code><a href=#securityerror>SecurityError</a></code> exception and abort these
     steps.</p>
 
+<!--CLEANUP-->
     <p class=note>Thus, scripts must either be external files with the same scheme, host, and port
     as the original page, or <a href=#data-protocol title="data protocol"><code title="">data:</code> URLs</a>.
-    For example, you can't load a script from a <a href=#javascript-protocol title="javascript protocol"><code title="">javascript:</code> URL</a>, and an <code>https:</code> page couldn't start workers
+    For example, and an <code>https:</code> page couldn't start workers
     using scripts with <code>http:</code> URLs.</p>
 
    </li>
@@ -101102,11 +101112,6 @@
    <dt id=refsJSON>[JSON]</dt>
    <dd><cite><a href=http://tools.ietf.org/html/rfc4627>The application/json Media Type for JavaScript Object Notation (JSON)</a></cite>, D. Crockford. IETF.</dd>
 
-   <dt id=refsJSURL>[JSURL]</dt>
-   <dd><cite><a href=http://tools.ietf.org/html/draft-hoehrmann-javascript-scheme>The 'javascript' resource identifier scheme</a></cite>, B. Höhrmann. IETF.
-   <!-- Sadly this reference has been dead for a while. Unfortunately it's the closest thing we current have to a spec. -->
-   </dd>
-
    <dt id=refsMAILTO>[MAILTO]</dt>
    <dd>(Non-normative) <cite><a href=http://tools.ietf.org/html/rfc6068>The 'mailto' URI scheme</a></cite>, M. Duerst, L. Masinter, J. Zawinski. IETF.</dd>
 

Modified: source
===================================================================
--- source	2013-11-14 22:19:58 UTC (rev 8283)
+++ source	2013-11-15 15:56:16 UTC (rev 8284)
@@ -2273,7 +2273,7 @@
      <li>The <dfn>URL parser</dfn>
      <li><dfn>Parsed URL</dfn>
      <li>The <dfn data-x="concept-url-scheme">scheme</dfn> component of a <span>parsed URL</span>
-     <li>The <dfn data-x="concept-url-scheme data">scheme data</dfn> component of a <span>parsed URL</span>
+     <li>The <dfn data-x="concept-url-scheme-data">scheme data</dfn> component of a <span>parsed URL</span>
      <li>The <dfn data-x="concept-url-username">username</dfn> component of a <span>parsed URL</span>
      <li>The <dfn data-x="concept-url-password">password</dfn> component of a <span>parsed URL</span>
      <li>The <dfn data-x="concept-url-host">host</dfn> component of a <span>parsed URL</span>
@@ -6288,8 +6288,7 @@
    <li>
 
     <p>If <var data-x="">referrer</var> is not the empty string, is not a <span data-x="data
-    protocol"><code data-x="">data:</code> URL</span>, is not a <span data-x="javascript
-    protocol"><code data-x="">javascript:</code> URL</span>, and is not the <span>URL</span>
+    protocol"><code data-x="">data:</code> URL</span>, and is not the <span>URL</span>
     "<code>about:blank</code>", then generate the <i>address of the resource from which Request-URIs
     are obtained</i> as required by HTTP for the <code data-x="http-referer">Referer</code> (sic)
     header from <var data-x="">referrer</var>. <a href="#refsHTTP">[HTTP]</a></p>
@@ -6338,11 +6337,11 @@
     <dfn><code>about:blank</code></dfn>, then the resource is immediately available and consists of
     the empty string, with no metadata.</p>
 
+<!--CLEANUP-->
     <p>Otherwise, at a time convenient to the user and the user agent, download (or otherwise
     obtain) the resource, applying the semantics of the relevant specifications (e.g. performing an
-    HTTP GET or POST operation, or reading the file from disk, <span
-    data-x="concept-js-deref">dereferencing <span data-x="javascript protocol"><code
-    data-x="">javascript:</code> URLs</span></span>, etc).</p>
+    HTTP GET or POST operation, or reading the file from disk, or expanding <span data-x="data protocol"><code
+    data-x="">data:</code> URLs</span>, etc).</p>
 
     <p>For the purposes of the <code data-x="http-referer">Referer</code> (sic) header, use the
     <i>address of the resource from which Request-URIs are obtained</i> generated in the earlier
@@ -6646,7 +6645,6 @@
 
    <dt>If the <var data-x="">URL</var> has the <span>same origin</span> as <var data-x="">origin</var></dt>
    <dt>If the <var data-x="">URL</var> is a <span data-x="data protocol"><code data-x="">data:</code> URL</span></dt>
-   <dt>If the <var data-x="">URL</var> is a <span data-x="javascript protocol"><code data-x="">javascript:</code> URL</span></dt>
    <dt>If the <var data-x="">URL</var> is <code>about:blank</code></dt>
 
    <dd>
@@ -6677,7 +6675,7 @@
         <p>Set <var data-x="">URL</var> to the target URL of the redirect and return to the top of
         the <span>potentially CORS-enabled fetch</span> algorithm (this time, one of the other
         branches below might be taken, based on the value of <var data-x="">mode</var><!-- but if
-        it's a data: or javascript: URL, we'll stay here -->).</p>
+        it's a data: URL, we'll stay here -->).</p>
 
        </dd>
 
@@ -56999,12 +56997,6 @@
       <p>The resource obtained in this fashion can be either <span>CORS-same-origin</span> or
       <span>CORS-cross-origin</span>. This only affects how error reporting happens.</p>
 
-      <p>For historical reasons, if the <span>URL</span> is a <span data-x="javascript
-      protocol"><code data-x="">javascript:</code> URL</span>, then the user agent must not, despite
-      the requirements in the definition of the <span data-x="fetch">fetching</span> algorithm,
-      actually execute the script in the URL; instead the user agent must act as if it had received
-      an empty HTTP 400 response.</p>
-
       <p>For performance reasons, user agents may start fetching the script (as defined above) as
       soon as the <code data-x="attr-script-src">src</code> attribute is set, instead, in the hope
       that the element will be inserted into the document (and that the <code
@@ -72305,22 +72297,6 @@
      </dd>
 
 
-     <dt>If a <code>Document</code> was generated from a <span data-x="javascript
-     protocol"><code>javascript:</code> URL</span></dt>
-
-     <dd>
-
-      <p>The <span>origin</span> is an <span data-x="concept-origin-alias">alias</span> to the
-      <span>origin</span> of the script of that <span data-x="javascript
-      protocol"><code>javascript:</code> URL</span>.</p>
-
-      <p>The <span>effective script origin</span> is initially an <span
-      data-x="concept-origin-alias">alias</span> to the <span>origin</span> of the
-      <code>Document</code>.</p>
-
-     </dd>
-
-
      <dt>If a <code>Document</code> was served over the network and has an address that uses a URL
      scheme with a server-based naming authority</dt>
 
@@ -72354,8 +72330,7 @@
      </dd>
 
 
-     <dt>If a <code>Document</code> has the <span data-x="the document's address">address</span>
-     "<code>about:blank</code>"</dt>
+     <dt>If a <code>Document</code> is the initial "<code>about:blank</code>" document</dt>
 
      <dd>
 
@@ -72366,6 +72341,22 @@
      </dd>
 
 
+     <dt>If a <code>Document</code> was created as part of the processing for <span
+     data-x="javascript protocol"><code>javascript:</code> URLs</span></dt>
+
+     <dd>
+
+      <p>The <span>origin</span> is an <span data-x="concept-origin-alias">alias</span> to the
+      <span>origin</span> of the <span>active document</span> of the <span>browsing context</span>
+      being navigated when the <span>navigate</span> algorithm was invoked.</p>
+
+      <p>The <span>effective script origin</span> is initially an <span
+      data-x="concept-origin-alias">alias</span> to the <span>effective script origin</span> of that
+      same <code>Document</code>.</p>
+
+     </dd>
+
+
      <dt>If a <code>Document</code> is <span>an <code>iframe</code> <code
      data-x="attr-iframe-srcdoc">srcdoc</code> document</span></dt>
 
@@ -74167,55 +74158,187 @@
 
    <li>
 
-    <p>If the resource has already been obtained (e.g. because it is being used to populate an
-    <code>object</code> element's new <span>child browsing context</span>), then skip this step.</p>
+    <p>This is the step that attempts to obtain the resource, if necessary. Jump to the first
+    appropriate substep:</p>
 
-    <p>Otherwise:</p>
+    <dl>
 
-    <p>If the new resource is to be fetched using HTTP GET <span
-    data-x="concept-http-equivalent-get">or equivalent</span>, and there are <span data-x="relevant
-    application cache">relevant application caches</span> that are identified by a URL with the
-    <span>same origin</span> as the URL in question, and that have this URL as one of their entries,
-    excluding entries marked as <span data-x="concept-appcache-foreign">foreign</span>, and whose
-    <span data-x="concept-appcache-mode">mode</span> is <span
-    data-x="concept-appcache-mode-fast">fast</span>, and the user agent is not in a mode where it
-    will avoid using <span data-x="application cache">application caches</span> then
-    <span>fetch</span> the resource from the <span data-x="concept-appcache-selection">most
-    appropriate application cache</span> of those that match.</p>
+     <dt>If the resource has already been obtained (e.g. because it is being used to populate an
+     <code>object</code> element's new <span>child browsing context</span>)</dt>
 
-    <p class="example">For example, imagine an HTML page with an associated application cache
-    displaying an image and a form, where the image is also used by several other application
-    caches. If the user right-clicks on the image and chooses "View Image", then the user agent
-    could decide to show the image from any of those caches, but it is likely that the most useful
-    cache for the user would be the one that was used for the aforementioned HTML page. On the other
-    hand, if the user submits the form, and the form does a POST submission, then the user agent
-    will not use an application cache at all; the submission will be made to the network.</p>
+     <dd><p>Skip this step. The data is already available.</p></dd>
 
-    <p>Otherwise, <span>fetch</span><!--FETCH--> the new resource, with the <i>manual redirect
-    flag</i> set.</p>
+     <dt>If the new resource is a <span>URL</span> whose <span
+     data-x="concept-url-scheme">scheme</span> is <code data-x="javascript
+     protocol">javascript</code></dt>
 
+     <dd>
+
+      <!-- http://www.hixie.ch/tests/adhoc/html/navigation/javascript-url/ -->
+
+      <p><span>Queue a task</span> to run <dfn data-x="javascript protocol">these "<code
+      data-x="">javascript:</code> URL" steps</dfn>:</p>
+
+      <ol id="concept-js-deref">
+
+       <li><p>If the <span>origin</span> of the <span>source browsing context</span> is not the
+       <span>same origin</span> as the <span>origin</span> of the <span>active document</span> of
+       the <span>browsing context</span> being navigated, then act as if the result of evaluating
+       the script was the void value, and jump to the step labeled <i>process results</i>
+       below.</p></li>
+
+       <li><p>Apply the <span>URL parser</span> to the <span>URL</span> being navigated.</p></li>
+
+       <li><p>Let <var data-x="">parsed URL</var> be the result of the <span>URL
+       parser</span>.</p></li>
+
+       <li><p>Let <var data-x="">script source</var> be the empty string.</p></li>
+
+       <li><p>Append <var data-x="">parsed URL</var>'s <span data-x="concept-url-scheme-data">scheme
+       data</span> component to <var data-x="">script source</var>.</p></li>
+
+       <li><p>If <var data-x="">parsed URL</var>'s <span data-x="concept-url-query">query</span>
+       component is not null, then first append a U+003F QUESTION MARK character (?) to <var
+       data-x="">script source</var>, and then append <var data-x="">parsed URL</var>'s <span
+       data-x="concept-url-query">query</span> component to <var data-x="">script
+       source</var>.</p></li>
+
+       <li><p>If <var data-x="">parsed URL</var>'s <span
+       data-x="concept-url-fragment">fragment</span> component is not null, then first append a
+       U+003F QUESTION MARK character (?) to <var data-x="">script source</var>, and then append
+       <var data-x="">parsed URL</var>'s <span data-x="concept-url-fragment">fragment</span>
+       component to <var data-x="">script source</var>.</p></li>
+
+       <li><p>Replace <var data-x="">script source</var> with the result of applying the
+       <span>percent decode</span> algorithm to <var data-x="">script source</var>.</p></li>
+
+       <li><p>Replace <var data-x="">script source</var> with the result of applying the <span>UTF-8
+       decode</span> algorithm to <var data-x="">script source</var>.</p></li>
+
+       <!-- <body onload="&#xFFFE;w('test')"> and javascript:%EF%BB%BF'test' both work, so we assume
+            that JavaScript is stripping the BOM, and we don't have to -->
+
+       <!--
+         http://software.hixie.ch/utilities/js/live-dom-viewer/saved/2639 -> about:blank
+         http://software.hixie.ch/utilities/js/live-dom-viewer/saved/2640 -> javascript:'test' in Firefox, about:blank otherwise
+       -->
+       <li><p>Let <var data-x="">address</var> be the <span data-x="the document's
+       address">address</span> of the <span>active document</span> of the <span>browsing
+       context</span> being navigated.</p></li>
+
+       <li>
+
+        <p><span>Create a script</span>, using <var data-x="">script source</var> as the script
+        source, <var data-x="">address</var> as the script source URL, JavaScript as the scripting
+        language, and the <span>script settings object</span> of the <code>Window</code> object of
+        the <span>active document</span> of the <span>browsing context</span> being navigated.</p>
+
+        <p>Let <var data-x="">result</var> be the return value of the <span>code entry-point</span>
+        of this <span data-x="concept-script">script</span>. If an exception was thrown, let <var
+        data-x="">result</var> be void instead. (The result will be void also if <span
+        data-x="concept-bc-noscript">scripting is disabled</span>.)</p>
+
+       </li>
+
+       <li>
+
+        <p><i>Process results</i>: If the result of executing the script is void (there is no return
+        value), then the result of obtaining the resource for the URL is <span
+        data-x="concept-http-equivalent-codes">equivalent to</span> an HTTP resource with an HTTP
+        204 No Content response.</p>
+
+        <p>Otherwise, the result of obtaining the resource for the URL is <span
+        data-x="concept-http-equivalent-codes">equivalent</span> to an HTTP resource with a 200 OK
+        response whose <span data-x="Content-Type">Content-Type metadata</span> is
+        <code>text/html</code> and whose response body is the return value converted to a string
+        value.</p>
+
+        <p>When it comes time to <span>set the document's address</span> in the <span
+        data-x="navigate">navigation algorithm</span>, use <var data-x="">address</var> as the
+        <span>override URL</span>.</p>
+
+       </li>
+
+      </ol>
+
+      <div class="example">
+
+       <p>So for example a <span data-x="javascript protocol"><code data-x="">javascript:</code>
+       URL</span> in an <code data-x="attr-hyperlink-href">href</code> attribute of an
+       <code>a</code> element would only be evaluated when the link was <span data-x="following
+       hyperlinks">followed</span>, while such a URL in the <code
+       data-x="attr-iframe-src">src</code> attribute of an <code>iframe</code> element would be
+       evaluated in the context of the <code>iframe</code>'s own <span>nested browsing
+       context</span> when the <code>iframe</code> is being set up; once evaluated, its return value
+       (if it was not void) would replace that <span>browsing context</span>'s document, thus also
+       changing the <code>Window</code> object of that <span>browsing context</span>.</p>
+
+      </div>
+
+     </dd>
+
+     <dt>If the new resource is to be fetched using HTTP GET <span
+     data-x="concept-http-equivalent-get">or equivalent</span>, and there are <span data-x="relevant
+     application cache">relevant application caches</span> that are identified by a URL with the
+     <span>same origin</span> as the URL in question, and that have this URL as one of their
+     entries, excluding entries marked as <span data-x="concept-appcache-foreign">foreign</span>,
+     and whose <span data-x="concept-appcache-mode">mode</span> is <span
+     data-x="concept-appcache-mode-fast">fast</span>, and the user agent is not in a mode where it
+     will avoid using <span data-x="application cache">application caches</span></dt>
+
+     <dd>
+
+      <p><span>Fetch</span> the resource from the <span data-x="concept-appcache-selection">most
+      appropriate application cache</span> of those that match.</p>
+
+      <p class="example">For example, imagine an HTML page with an associated application cache
+      displaying an image and a form, where the image is also used by several other application
+      caches. If the user right-clicks on the image and chooses "View Image", then the user agent
+      could decide to show the image from any of those caches, but it is likely that the most useful
+      cache for the user would be the one that was used for the aforementioned HTML page. On the
+      other hand, if the user submits the form, and the form does a POST submission, then the user
+      agent will not use an application cache at all; the submission will be made to the
+      network.</p>
+
+     </dd>
+
+     <dt>Otherwise</dt>
+
+     <dd>
+
+      <p><span>Fetch</span><!--FETCH--> the new resource, with the <i>manual redirect flag</i>
+      set.</p>
+
+     </dd>
+
+    </dl>
+
+    <p>If the <span>browsing context</span> is a <span>nested browsing context</span>, then in the
+    time between this step and either the creation of a <code>Document</code> object or the <!-- XXX
+    bug 23633 --> <span>canceling</span> of the <span data-x="navigate">navigation</span>
+    algorithm<!-- /XXX bug 23633 -->, whichever happens first, the <span>browsing context</span>
+    must be put in the <span>delaying <code data-x="event-load">load</code> events mode</span>.</p>
+    <!-- this is what makes <iframe> elements delay the load event of their parent browsing context
+    when their child browsing context is in between this step and the step that starts the parser.
+    -->
+
+    <p>If the steps above invoked the <span>fetch</span> algorith, the following requirements also
+    apply:</p>
+
     <p>If the resource is being fetched using a method other than one <span
     data-x="concept-http-equivalent-get">equivalent to</span> HTTP's GET<!-- or HEAD (but that can't
     happen) -->, or, if the <span data-x="navigate">navigation algorithm</span> was invoked as a
-    result of the <span data-x="concept-form-submit">form submission algorithm</span>, then the <span
-    data-x="fetch">fetching algorithm</span> must be invoked from the <span>origin</span> of the
-    <span>active document</span> of the <span>source browsing context</span>, if any.</p> <!--
+    result of the <span data-x="concept-form-submit">form submission algorithm</span>, then the
+    <span data-x="fetch">fetching algorithm</span> must be invoked from the <span>origin</span> of
+    the <span>active document</span> of the <span>source browsing context</span>, if any.</p> <!--
     potentially http-origin privacy sensitive -->
 
-    <p>If the <span>browsing context</span> being navigated is a <span>child browsing context</span>
-    for an <code>iframe</code> or <code>object</code> element, then the <span data-x="fetch">fetching
-    algorithm</span> must be invoked from the <code>iframe</code> or <code>object</code> element's
-    <span>browsing context scope origin</span>, if it has one.</p> <!-- potentially http-origin
-    privacy sensitive -->
+    <p>Otherwise, if the <span>browsing context</span> being navigated is a <span>child browsing
+    context</span> for an <code>iframe</code> or <code>object</code> element, then the <span
+    data-x="fetch">fetching algorithm</span> must be invoked from the <code>iframe</code> or
+    <code>object</code> element's <span>browsing context scope origin</span>, if it has one.</p>
+    <!-- potentially http-origin privacy sensitive -->    
 
-    <p>If the <span>browsing context</span> is a <span>nested browsing context</span>, then in the
-    time between the <span>fetch</span> algorithm being started by this step, and either the
-    creation of a <code>Document</code> object or the canceling of the <span>fetch</span> or <span
-    data-x="navigate">navigation</span> algorithms, the <span>browsing context</span> must be put in
-    the <span>delaying <code data-x="event-load">load</code> events mode</span>.</p> <!-- this is
-    what makes <iframe> elements delay the load event of their parent browsing context when their
-    child browsing context is in between this step and the step that starts the parser. -->
-
    </li>
 
    <li>
@@ -74441,8 +74564,8 @@
     instead.</p>
 
     <p class="note">An <span data-x="override URL">override URL</span> is set when <span
-    data-x="concept-js-deref">dereferencing a <code>javascript:</code> URL</span> and when performing
-    <span>an overridden reload</span>.</p>
+    data-x="javascript protocol">dereferencing a <code>javascript:</code> URL</span> and when
+    performing <span>an overridden reload</span>.</p>
 
     <p><dfn data-x="create a Document object">Creating a new <code>Document</code> object</dfn>: when
     a <code>Document</code> is created as part of the above steps, the user agent must additionally
@@ -77996,9 +78119,7 @@
 
    <li>Processing of <code>script</code> elements.</li>
 
-   <li>Processing of inline <code data-x="javascript protocol">javascript:</code> URLs (e.g. the
-   <code data-x="attr-img-src">src</code> attribute of <code>img</code> elements, or an <code
-   data-x="">@import</code> rule in a CSS <code>style</code> element block).</li>
+   <li>Navigating to <span data-x="javascript protocol"><code>javascript:</code> URLs</span>.</li>
 
    <li>Event handlers, whether registered through the DOM using <code
    data-x="">addEventListener()</code>, by explicit <span>event handler content attributes</span>, by
@@ -79083,118 +79204,8 @@
   </div>
 
 
-  <div class="impl">
 
-  <!-- SCRIPT EXEC -->
-  <h4 id="javascript-protocol"><dfn data-x="javascript protocol">The <code data-x="">javascript:</code> URL scheme</dfn></h4>
 
-  <p>When a <span>URL</span> using the <code data-x="">javascript:</code> scheme is <dfn
-  data-x="concept-js-deref">dereferenced</dfn>, the user agent must run the following steps:</p>
-
-  <ol>
-
-   <li><p>Let the script source be the string obtained using the content retrieval operation defined
-   for <code data-x="">javascript:</code> URLs. <a href="#refsJSURL">[JSURL]</a></p></li>
-
-   <li>
-
-    <p>Use the appropriate step from the following list:</p>
-
-    <dl>
-
-     <dt>If a <span>browsing context</span> is being <span data-x="navigate">navigated</span> to a
-     <code>javascript:</code> URL, and the <span>source browsing context</span> for that navigation,
-     if any, has <span data-x="concept-bc-noscript">scripting disabled</span></dt>
-
-     <dd>
-
-      <p>Let <var data-x="">result</var> be void.</p>
-
-     </dd>
-
-     <dt>If a <span>browsing context</span> is being <span data-x="navigate">navigated</span> to a
-     <code>javascript:</code> URL, and the <span>active document</span> of that browsing context has
-     the <span>same origin</span> as the script given by that URL</dt>
-
-     <dd>
-
-      <!-- http://www.hixie.ch/tests/adhoc/html/navigation/javascript-url/ -->
-
-      <p>Let <var data-x="">address</var> be the <span data-x="the document's address">address</span>
-      of the <span>active document</span> of the <span>browsing context</span> being navigated.</p>
-
-      <p>If <var data-x="">address</var> is <code>about:blank</code>, and the <span>browsing
-      context</span> being navigated has a <span>creator browsing context</span>, then let <var
-      data-x="">address</var> be the <span data-x="the document's address">address</span> of the
-      <span>creator <code>Document</code></span> instead.</p>
-
-      <p><span>Create a script</span>, using the aforementioned script source, the <span>URL</span>
-      of the resource where the <code>javascript:</code> URL, was found, JavaScript as the scripting
-      language, and the <span>script settings object</span> of the <code>Window</code> object of the
-      <span>active document</span>.</p>
-
-      <p>Let <var data-x="">result</var> be the return value of the <span>code entry-point</span>
-      of this <span data-x="concept-script">script</span>. If an exception was thrown, let <var
-      data-x="">result</var> be void instead. (The result will be void also if <span
-      data-x="concept-bc-noscript">scripting is disabled</span>.)</p>
-
-      <p>When it comes time to <span>set the document's address</span> in the <span
-      data-x="navigate">navigation algorithm</span>, use <var data-x="">address</var> as the
-      <span>override URL</span>.</p>
-
-     </dd>
-
-     <dt>Otherwise</dt>
-
-     <dd>
-
-      <p>Let <var data-x="">result</var> be void.</p>
-
-     </dd>
-
-    </dl>
-
-   </li>
-
-   <li>
-
-    <p>If the result of executing the script is void (there is no return value), then the URL must
-    be treated in a manner equivalent to an HTTP resource with an HTTP 204 No Content response.</p>
-
-    <p>Otherwise, the URL must be treated in a manner equivalent to an HTTP resource with a 200 OK
-    response whose <span data-x="Content-Type">Content-Type metadata</span> is <code>text/html</code>
-    and whose response body is the return value converted to a string value.</p>
-
-    <p class="note">Certain contexts, in particular <code>img</code> elements, ignore the <span
-    data-x="Content-Type">Content-Type metadata</span>.</p>
-
-   </li>
-
-  </ol>
-
-  <div class="example">
-
-   <p>So for example a <code data-x="">javascript:</code> URL for a <code
-   data-x="attr-img-src">src</code> attribute of an <code>img</code> element would be evaluated in
-   the context of an empty object as soon as the attribute is set; it would then be sniffed to
-   determine the image type and decoded as an image.</p>
-
-   <p>A <code data-x="">javascript:</code> URL in an <code data-x="attr-hyperlink-href">href</code>
-   attribute of an <code>a</code> element would only be evaluated when the link was <span
-   data-x="following hyperlinks">followed</span>.</p>
-
-   <p>The <code data-x="attr-iframe-src">src</code> attribute of an <code>iframe</code> element would
-   be evaluated in the context of the <code>iframe</code>'s own <span>browsing context</span>; once
-   evaluated, its return value (if it was not void) would replace that <span>browsing
-   context</span>'s document, thus changing the variables visible in that <span>browsing
-   context</span>.</p>
-
-  </div>
-
-  </div>
-
-
-
   <h4>Events</h4>
 
   <h5 id="event-handler-attributes">Event handlers</h5>
@@ -87647,8 +87658,7 @@
 
   <p>HTTP 200 OK responses that have a <span>Content-Type</span> specifying an unsupported type, or
   that have no <span>Content-Type</span> at all, must cause the user agent to <span>fail the
-  connection</span>.</p> <!-- about:blank is defined as having no MIME type; javascript: as having
-  the type text/html -->
+  connection</span>.</p> <!-- about:blank is defined as having no MIME type -->
 
   <p>HTTP 305 Use Proxy, 401 Unauthorized, and 407 Proxy Authentication Required should be treated
   transparently as for any other subresource.</p>
@@ -91761,10 +91771,10 @@
     <span>origin</span> specified by the <span>incumbent settings object</span>, then throw a <code>SecurityError</code> exception and
     abort these steps.</p>
 
+<!--CLEANUP-->
     <p class="note">Thus, scripts must either be external files with the same scheme, host, and port
     as the original page, or <span data-x="data protocol"><code data-x="">data:</code> URLs</span>.
-    For example, you can't load a script from a <span data-x="javascript protocol"><code
-    data-x="">javascript:</code> URL</span>, and an <code>https:</code> page couldn't start workers
+    For example, an <code>https:</code> page couldn't start workers
     using scripts with <code>http:</code> URLs.</p>
 
    </li>
@@ -91885,10 +91895,10 @@
     the <span>incumbent settings object</span>, then throw a <code>SecurityError</code> exception and abort these
     steps.</p>
 
+<!--CLEANUP-->
     <p class="note">Thus, scripts must either be external files with the same scheme, host, and port
     as the original page, or <span data-x="data protocol"><code data-x="">data:</code> URLs</span>.
-    For example, you can't load a script from a <span data-x="javascript protocol"><code
-    data-x="">javascript:</code> URL</span>, and an <code>https:</code> page couldn't start workers
+    For example, and an <code>https:</code> page couldn't start workers
     using scripts with <code>http:</code> URLs.</p>
 
    </li>
@@ -112915,11 +112925,6 @@
    <dt id="refsJSON">[JSON]</dt>
    <dd><cite><a href="http://tools.ietf.org/html/rfc4627">The application/json Media Type for JavaScript Object Notation (JSON)</a></cite>, D. Crockford. IETF.</dd>
 
-   <dt id="refsJSURL">[JSURL]</dt>
-   <dd><cite><a href="http://tools.ietf.org/html/draft-hoehrmann-javascript-scheme">The 'javascript' resource identifier scheme</a></cite>, B. Höhrmann. IETF.
-   <!-- Sadly this reference has been dead for a while. Unfortunately it's the closest thing we current have to a spec. -->
-   </dd>
-
    <dt id="refsMAILTO">[MAILTO]</dt>
    <dd>(Non-normative) <cite><a href="http://tools.ietf.org/html/rfc6068">The 'mailto' URI scheme</a></cite>, M. Duerst, L. Masinter, J. Zawinski. IETF.</dd>
 




More information about the Commit-Watchers mailing list