[html5] r8739 - [giow] (3) Attempt to mitigate the injection elevation attack on appcache, and d [...]
whatwg at whatwg.org
whatwg at whatwg.org
Wed Sep 3 14:39:37 PDT 2014
Author: ianh
Date: 2014-09-03 14:39:34 -0700 (Wed, 03 Sep 2014)
New Revision: 8739
Modified:
complete.html
index
source
Log:
[giow] (3) Attempt to mitigate the injection elevation attack on appcache, and describe the attack in detail
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=25699
Affected topics: Offline Web Applications, Security
Modified: complete.html
===================================================================
--- complete.html 2014-09-02 22:34:58 UTC (rev 8738)
+++ complete.html 2014-09-03 21:39:34 UTC (rev 8739)
@@ -291,7 +291,7 @@
</style><link rel=stylesheet href=status.css><body onload=init()>
<header id=head class="head with-buttons">
<p><a href=//www.whatwg.org/ class=logo><img src=/images/logo width=101 alt=WHATWG height=101></a></p>
- <hgroup><h1 class=allcaps>HTML</h1><h2 id=living-standard-—-last-updated-[date:-01-jan-1901] class="no-num no-toc">Living Standard — Last Updated <span class=pubdate>2 September 2014</span></h2></hgroup>
+ <hgroup><h1 class=allcaps>HTML</h1><h2 id=living-standard-—-last-updated-[date:-01-jan-1901] class="no-num no-toc">Living Standard — Last Updated <span class=pubdate>3 September 2014</span></h2></hgroup>
<nav>
<div>
@@ -334,7 +334,7 @@
on a <code>label</code> element to define a command</a><li><a href=#using-the-accesskey-attribute-on-a-legend-element-to-define-a-command>4.11.6.9 Using the <code>accesskey</code> attribute
on a <code>legend</code> element to define a command</a><li><a href=#using-the-accesskey-attribute-to-define-a-command-on-other-elements>4.11.6.10 Using the <code>accesskey</code>
attribute to define a command on other elements</a></ol><li><a href=#the-dialog-element>4.11.7 The <code>dialog</code> element</a><ol><li><a href=#anchor-points>4.11.7.1 Anchor points</a></ol></ol><li><a href=#scripting-3>4.12 Scripting</a><ol><li><a href=#the-script-element>4.12.1 The <code>script</code> element</a><ol><li><a href=#scriptingLanguages>4.12.1.1 Scripting languages</a><li><a href=#restrictions-for-contents-of-script-elements>4.12.1.2 Restrictions for contents of <code>script</code> elements</a><li><a href=#inline-documentation-for-external-scripts>4.12.1.3 Inline documentation for external scripts</a><li><a href=#scriptTagXSLT>4.12.1.4 Interaction of <code>script</code> elements and XSLT</a></ol><li><a href=#the-noscript-element>4.12.2 The <code>noscript</code> element</a><li><a href=#the-template-element>4.12.3 The <code>template</code> element</a><ol><li><a href=#template-XSLT-XPath>4.12.3.1 Interaction of <code>template</code> elements with XSLT and XPath
</a></ol><li><a href=#the-canvas-element>4.12.4 The <code>canvas</code> element</a><ol><li><a href=#proxying-canvases-to-workers>4.12.4.1 Proxying canvases to workers</a><li><a href=#2dcontext>4.12.4.2 The 2D rendering context</a><ol><li><a href=#implementation-notes>4.12.4.2.1 Implementation notes</a><li><a href=#the-canvas-state>4.12.4.2.2 The canvas state</a><li><a href=#drawingstyle-objects>4.12.4.2.3 <code>DrawingStyle</code> objects</a><li><a href=#line-styles>4.12.4.2.4 Line styles</a><li><a href=#text-styles>4.12.4.2.5 Text styles</a><li><a href=#building-paths>4.12.4.2.6 Building paths</a><li><a href=#path2d-objects>4.12.4.2.7 <code>Path2D</code> objects</a><li><a href=#transformations>4.12.4.2.8 Transformations</a><li><a href=#image-sources-for-2d-rendering-contexts>4.12.4.2.9 Image sources for 2D rendering contexts</a><li><a href=#fill-and-stroke-styles>4.12.4.2.10 Fill and stroke styles</a><li><a href=#drawing-rectangles-to-the-bitmap>4.12.4.2.11 Drawing rectangl
es to the bitmap</a><li><a href=#drawing-text-to-the-bitmap>4.12.4.2.12 Drawing text to the bitmap</a><li><a href=#drawing-paths-to-the-canvas>4.12.4.2.13 Drawing paths to the canvas</a><li><a href=#drawing-images>4.12.4.2.14 Drawing images</a><li><a href=#hit-regions>4.12.4.2.15 Hit regions</a><li><a href=#pixel-manipulation>4.12.4.2.16 Pixel manipulation</a><li><a href=#compositing>4.12.4.2.17 Compositing</a><li><a href=#image-smoothing>4.12.4.2.18 Image smoothing</a><li><a href=#shadows>4.12.4.2.19 Shadows</a><li><a href=#drawing-model>4.12.4.2.20 Drawing model</a><li><a href=#best-practices>4.12.4.2.21 Best practices</a><li><a href=#examples>4.12.4.2.22 Examples</a></ol><li><a href=#colour-spaces-and-colour-correction>4.12.4.3 Colour spaces and colour correction</a><li><a href=#serialising-bitmaps-to-a-file>4.12.4.4 Serialising bitmaps to a file</a><li><a href=#security-with-canvas-elements>4.12.4.5 Security with <code>canvas</code> elements</a></ol></ol><li><a href=#com
mon-idioms>4.13 Common idioms without dedicated elements</a><ol><li><a href=#the-main-part-of-the-content>4.13.1 The main part of the content</a><li><a href=#rel-up>4.13.2 Bread crumb navigation</a><li><a href=#tag-clouds>4.13.3 Tag clouds</a><li><a href=#conversations>4.13.4 Conversations</a><li><a href=#footnotes>4.13.5 Footnotes</a></ol><li><a href=#disabled-elements>4.14 Disabled elements</a><li><a href=#selectors>4.15 Matching HTML elements using selectors</a><ol><li><a href=#case-sensitivity>4.15.1 Case-sensitivity</a><li><a href=#pseudo-classes>4.15.2 Pseudo-classes</a></ol></ol><li><a href=#microdata>5 Microdata</a><ol><li><a href=#introduction-7>5.1 Introduction</a><ol><li><a href=#overview>5.1.1 Overview</a><li><a href=#the-basic-syntax>5.1.2 The basic syntax</a><li><a href=#typed-items>5.1.3 Typed items</a><li><a href=#global-identifiers-for-items>5.1.4 Global identifiers for items</a><li><a href=#selecting-names-when-defining-vocabularies>5.1.5 Selecting names wh
en defining vocabularies</a><li><a href=#using-the-microdata-dom-api>5.1.6 Using the microdata DOM API</a></ol><li><a href=#encoding-microdata>5.2 Encoding microdata</a><ol><li><a href=#the-microdata-model>5.2.1 The microdata model</a><li><a href=#items>5.2.2 Items</a><li><a href=#names:-the-itemprop-attribute>5.2.3 Names: the <code>itemprop</code> attribute</a><li><a href=#values>5.2.4 Values</a><li><a href=#associating-names-with-items>5.2.5 Associating names with items</a><li><a href=#microdata-and-other-namespaces>5.2.6 Microdata and other namespaces</a></ol><li><a href=#microdata-dom-api>5.3 Microdata DOM API</a><li><a href=#mdvocabs>5.4 Sample microdata vocabularies</a><ol><li><a href=#vcard>5.4.1 vCard</a><ol><li><a href=#conversion-to-vcard>5.4.1.1 Conversion to vCard</a><li><a href=#examples-2>5.4.1.2 Examples</a></ol><li><a href=#vevent>5.4.2 vEvent</a><ol><li><a href=#conversion-to-icalendar>5.4.2.1 Conversion to iCalendar</a><li><a href=#examples-3>5.4.2.2 Exampl
es</a></ol><li><a href=#licensing-works>5.4.3 Licensing works</a><ol><li><a href=#examples-4>5.4.3.1 Examples</a></ol></ol><li><a href=#converting-html-to-other-formats>5.5 Converting HTML to other formats</a><ol><li><a href=#json>5.5.1 JSON</a></ol></ol><li><a href=#editing>6 User interaction</a><ol><li><a href=#the-hidden-attribute>6.1 The <code>hidden</code> attribute</a><li><a href=#inert-subtrees>6.2 Inert subtrees</a><li><a href=#activation>6.3 Activation</a><li><a href=#focus>6.4 Focus</a><ol><li><a href=#introduction-8>6.4.1 Introduction</a><li><a href=#data-model>6.4.2 Data model</a><li><a href=#the-tabindex-attribute>6.4.3 The <code>tabindex</code> attribute</a><li><a href=#processing-model-6>6.4.4 Processing model</a><li><a href=#sequential-focus-navigation>6.4.5 Sequential focus navigation</a><li><a href=#focus-management-apis>6.4.6 Focus management APIs</a></ol><li><a href=#assigning-keyboard-shortcuts>6.5 Assigning keyboard shortcuts</a><ol><li><a href=#introdu
ction-9>6.5.1 Introduction</a><li><a href=#the-accesskey-attribute>6.5.2 The <code>accesskey</code> attribute</a><li><a href=#processing-model-7>6.5.3 Processing model</a></ol><li><a href=#editing-2>6.6 Editing</a><ol><li><a href=#contenteditable>6.6.1 Making document regions editable: The <code>contenteditable</code> content attribute</a><li><a href=#making-entire-documents-editable:-the-designmode-idl-attribute>6.6.2 Making entire documents editable: The <code>designMode</code> IDL attribute</a><li><a href=#best-practices-for-in-page-editors>6.6.3 Best practices for in-page editors</a><li><a href=#editing-apis>6.6.4 Editing APIs</a><li><a href=#spelling-and-grammar-checking>6.6.5 Spelling and grammar checking</a></ol><li><a href=#dnd>6.7 Drag and drop</a><ol><li><a href=#introduction-10>6.7.1 Introduction</a><li><a href=#the-drag-data-store>6.7.2 The drag data store</a><li><a href=#the-datatransfer-interface>6.7.3 The <code>DataTransfer</code> interface</a><ol><li><a href=
#the-datatransferitemlist-interface>6.7.3.1 The <code>DataTransferItemList</code> interface</a><li><a href=#the-datatransferitem-interface>6.7.3.2 The <code>DataTransferItem</code> interface</a></ol><li><a href=#the-dragevent-interface>6.7.4 The <code>DragEvent</code> interface</a><li><a href=#drag-and-drop-processing-model>6.7.5 Drag-and-drop processing model</a><li><a href=#dndevents>6.7.6 Events summary</a><li><a href=#the-draggable-attribute>6.7.7 The <code>draggable</code> attribute</a><li><a href=#the-dropzone-attribute>6.7.8 The <code>dropzone</code> attribute</a><li><a href=#security-risks-in-the-drag-and-drop-model>6.7.9 Security risks in the drag-and-drop model</a></ol></ol><li><a href=#browsers>7 Loading Web pages</a><ol><li><a href=#windows>7.1 Browsing contexts</a><ol><li><a href=#nested-browsing-contexts>7.1.1 Nested browsing contexts</a><ol><li><a href=#navigating-nested-browsing-contexts-in-the-dom>7.1.1.1 Navigating nested browsing contexts in the DOM</a></o
l><li><a href=#auxiliary-browsing-contexts>7.1.2 Auxiliary browsing contexts</a><ol><li><a href=#navigating-auxiliary-browsing-contexts-in-the-dom>7.1.2.1 Navigating auxiliary browsing contexts in the DOM</a></ol><li><a href=#secondary-browsing-contexts>7.1.3 Secondary browsing contexts</a><li><a href=#security-nav>7.1.4 Security</a><li><a href=#groupings-of-browsing-contexts>7.1.5 Groupings of browsing contexts</a><li><a href=#browsing-context-names>7.1.6 Browsing context names</a></ol><li><a href=#the-window-object>7.2 The <code>Window</code> object</a><ol><li><a href=#security-window>7.2.1 Security</a><li><a href=#apis-for-creating-and-navigating-browsing-contexts-by-name>7.2.2 APIs for creating and navigating browsing contexts by name</a><li><a href=#accessing-other-browsing-contexts>7.2.3 Accessing other browsing contexts</a><li><a href=#named-access-on-the-window-object>7.2.4 Named access on the <code>Window</code> object</a><li><a href=#garbage-collection-and-browsing
-contexts>7.2.5 Garbage collection and browsing contexts</a><li><a href=#closing-browsing-contexts>7.2.6 Closing browsing contexts</a><li><a href=#browser-interface-elements>7.2.7 Browser interface elements</a><li><a href=#the-windowproxy-object>7.2.8 The <code>WindowProxy</code> object</a></ol><li><a href=#origin>7.3 Origin</a><ol><li><a href=#relaxing-the-same-origin-restriction>7.3.1 Relaxing the same-origin restriction</a></ol><li><a href=#sandboxing>7.4 Sandboxing</a><li><a href=#history>7.5 Session history and navigation</a><ol><li><a href=#the-session-history-of-browsing-contexts>7.5.1 The session history of browsing contexts</a><li><a href=#the-history-interface>7.5.2 The <code>History</code> interface</a><li><a href=#the-location-interface>7.5.3 The <code>Location</code> interface</a><ol><li><a href=#security-location>7.5.3.1 Security</a></ol><li><a href=#history-notes>7.5.4 Implementation notes for session history</a></ol><li><a href=#browsing-the-web>7.6 Browsing
the Web</a><ol><li><a href=#navigating-across-documents>7.6.1 Navigating across documents</a><li><a href=#read-html>7.6.2 Page load processing model for HTML files</a><li><a href=#read-xml>7.6.3 Page load processing model for XML files</a><li><a href=#read-text>7.6.4 Page load processing model for text files</a><li><a href=#read-multipart-x-mixed-replace>7.6.5 Page load processing model for <code>multipart/x-mixed-replace</code> resources</a><li><a href=#read-media>7.6.6 Page load processing model for media</a><li><a href=#read-plugin>7.6.7 Page load processing model for content that uses plugins</a><li><a href=#read-ua-inline>7.6.8 Page load processing model for inline
- content that doesn't have a DOM</a><li><a href=#scroll-to-fragid>7.6.9 Navigating to a fragment identifier</a><li><a href=#history-traversal>7.6.10 History traversal</a><ol><li><a href=#the-popstateevent-interface>7.6.10.1 The <code>PopStateEvent</code> interface</a><li><a href=#the-hashchangeevent-interface>7.6.10.2 The <code>HashChangeEvent</code> interface</a><li><a href=#the-pagetransitionevent-interface>7.6.10.3 The <code>PageTransitionEvent</code> interface</a></ol><li><a href=#unloading-documents>7.6.11 Unloading documents</a><ol><li><a href=#the-beforeunloadevent-interface>7.6.11.1 The <code>BeforeUnloadEvent</code> interface</a></ol><li><a href=#aborting-a-document-load>7.6.12 Aborting a document load</a></ol><li><a href=#offline>7.7 Offline Web applications</a><ol><li><a href=#introduction-11>7.7.1 Introduction</a><ol><li><a href=#supporting-offline-caching-for-legacy-applications>7.7.1.1 Supporting offline caching for legacy applications</a><li><a href=#appcache
events>7.7.1.2 Event summary</a></ol><li><a href=#appcache>7.7.2 Application caches</a><li><a href=#manifests>7.7.3 The cache manifest syntax</a><ol><li><a href=#some-sample-manifests>7.7.3.1 Some sample manifests</a><li><a href=#writing-cache-manifests>7.7.3.2 Writing cache manifests</a><li><a href=#parsing-cache-manifests>7.7.3.3 Parsing cache manifests</a></ol><li><a href=#downloading-or-updating-an-application-cache>7.7.4 Downloading or updating an application cache</a><li><a href=#the-application-cache-selection-algorithm>7.7.5 The application cache selection algorithm</a><li><a href=#changesToNetworkingModel>7.7.6 Changes to the networking model</a><li><a href=#expiring-application-caches>7.7.7 Expiring application caches</a><li><a href=#disk-space>7.7.8 Disk space</a><li><a href=#application-cache-api>7.7.9 Application cache API</a><li><a href=#browser-state>7.7.10 Browser state</a></ol></ol><li><a href=#webappapis>8 Web application APIs</a><ol><li><a href=#scripting>
8.1 Scripting</a><ol><li><a href=#introduction-12>8.1.1 Introduction</a><li><a href=#enabling-and-disabling-scripting>8.1.2 Enabling and disabling scripting</a><li><a href=#processing-model-8>8.1.3 Processing model</a><ol><li><a href=#definitions-2>8.1.3.1 Definitions</a><li><a href=#script-settings-for-browsing-contexts>8.1.3.2 Script settings for browsing contexts</a><li><a href=#calling-scripts>8.1.3.3 Calling scripts</a><li><a href=#creating-scripts>8.1.3.4 Creating scripts</a><li><a href=#killing-scripts>8.1.3.5 Killing scripts</a><li><a href=#runtime-script-errors>8.1.3.6 Runtime script errors</a><ol><li><a href=#runtime-script-errors-in-documents>8.1.3.6.1 Runtime script errors in documents</a><li><a href=#the-errorevent-interface>8.1.3.6.2 The <code>ErrorEvent</code> interface</a></ol></ol><li><a href=#event-loops>8.1.4 Event loops</a><ol><li><a href=#definitions-3>8.1.4.1 Definitions</a><li><a href=#processing-model-9>8.1.4.2 Processing model</a><li><a href=#generic
-task-sources>8.1.4.3 Generic task sources</a></ol><li><a href=#events>8.1.5 Events</a><ol><li><a href=#event-handler-attributes>8.1.5.1 Event handlers</a><li><a href=#event-handlers-on-elements,-document-objects,-and-window-objects>8.1.5.2 Event handlers on elements, <code>Document</code> objects, and <code>Window</code> objects</a><ol><li><a href=#idl-definitions>8.1.5.2.1 IDL definitions</a></ol><li><a href=#event-firing>8.1.5.3 Event firing</a><li><a href=#events-and-the-window-object>8.1.5.4 Events and the <code>Window</code> object</a></ol></ol><li><a href=#atob>8.2 Base64 utility methods</a><li><a href=#dynamic-markup-insertion>8.3 Dynamic markup insertion</a><ol><li><a href=#opening-the-input-stream>8.3.1 Opening the input stream</a><li><a href=#closing-the-input-stream>8.3.2 Closing the input stream</a><li><a href=#document.write()>8.3.3 <code>document.write()</code></a><li><a href=#document.writeln()>8.3.4 <code>document.writeln()</code></a></ol><li><a href=#timers
>8.4 Timers</a><li><a href=#user-prompts>8.5 User prompts</a><ol><li><a href=#simple-dialogs>8.5.1 Simple dialogs</a><li><a href=#printing>8.5.2 Printing</a><li><a href=#dialogs-implemented-using-separate-documents>8.5.3 Dialogs implemented using separate documents</a></ol><li><a href=#system-state-and-capabilities>8.6 System state and capabilities</a><ol><li><a href=#the-navigator-object>8.6.1 The <code>Navigator</code> object</a><ol><li><a href=#client-identification>8.6.1.1 Client identification</a><li><a href=#language-preferences>8.6.1.2 Language preferences</a><li><a href=#custom-handlers>8.6.1.3 Custom scheme and content handlers</a><ol><li><a href=#security-and-privacy>8.6.1.3.1 Security and privacy</a><li><a href=#sample-handler-impl>8.6.1.3.2 Sample user interface</a></ol><li><a href=#manually-releasing-the-storage-mutex>8.6.1.4 Manually releasing the storage mutex</a><li><a href=#plugins-2>8.6.1.5 Plugins</a></ol><li><a href=#the-external-interface>8.6.2 The <code
>External</code> interface</a></ol><li><a href=#images>8.7 Images</a></ol><li><a href=#comms>9 Communication</a><ol><li><a href=#the-messageevent-interfaces>9.1 The <code>MessageEvent</code> interfaces</a><li><a href=#server-sent-events>9.2 Server-sent events</a><ol><li><a href=#server-sent-events-intro>9.2.1 Introduction</a><li><a href=#the-eventsource-interface>9.2.2 The <code>EventSource</code> interface</a><li><a href=#processing-model-10>9.2.3 Processing model</a><li><a href=#parsing-an-event-stream>9.2.4 Parsing an event stream</a><li><a href=#event-stream-interpretation>9.2.5 Interpreting an event stream</a><li><a href=#authoring-notes>9.2.6 Authoring notes</a><li><a href=#eventsource-push>9.2.7 Connectionless push and other features</a><li><a href=#garbage-collection-2>9.2.8 Garbage collection</a><li><a href=#implementation-advice>9.2.9 Implementation advice</a><li><a href=#iana-considerations>9.2.10 IANA considerations</a><ol><li><a href=#text/event-stream>9.2.10.1
<code>text/event-stream</code></a><li><a href=#last-event-id>9.2.10.2 <code>Last-Event-ID</code></a></ol></ol><li><a href=#network>9.3 Web sockets</a><ol><li><a href=#network-intro>9.3.1 Introduction</a><li><a href=#the-websocket-interface>9.3.2 The <code>WebSocket</code> interface</a><li><a href=#feedback-from-the-protocol>9.3.3 Feedback from the protocol</a><li><a href=#ping-and-pong-frames>9.3.4 Ping and Pong frames</a><li><a href=#parsing-websocket-urls>9.3.5 Parsing WebSocket URLs</a><li><a href=#the-closeevent-interfaces>9.3.6 The <code>CloseEvent</code> interfaces</a><li><a href=#garbage-collection-3>9.3.7 Garbage collection</a></ol><li><a href=#web-messaging>9.4 Cross-document messaging</a><ol><li><a href=#introduction-13>9.4.1 Introduction</a><li><a href=#security-postmsg>9.4.2 Security</a><ol><li><a href=#authors>9.4.2.1 Authors</a><li><a href=#user-agents>9.4.2.2 User agents</a></ol><li><a href=#posting-messages>9.4.3 Posting messages</a></ol><li><a href=#channel-
messaging>9.5 Channel messaging</a><ol><li><a href=#introduction-14>9.5.1 Introduction</a><ol><li><a href=#examples-5>9.5.1.1 Examples</a><li><a href=#ports-as-the-basis-of-an-object-capability-model-on-the-web>9.5.1.2 Ports as the basis of an object-capability model on the Web</a><li><a href=#ports-as-the-basis-of-abstracting-out-service-implementations>9.5.1.3 Ports as the basis of abstracting out service implementations</a></ol><li><a href=#message-channels>9.5.2 Message channels</a><li><a href=#message-ports>9.5.3 Message ports</a><li><a href=#broadcasting-to-many-ports>9.5.4 Broadcasting to many ports</a><li><a href=#ports-and-garbage-collection>9.5.5 Ports and garbage collection</a></ol><li><a href=#broadcasting-to-other-browsing-contexts>9.6 Broadcasting to other browsing contexts</a></ol><li><a href=#workers>10 Web workers</a><ol><li><a href=#introduction-15>10.1 Introduction</a><ol><li><a href=#scope-2>10.1.1 Scope</a><li><a href=#examples-6>10.1.2 Examples</a><ol><
li><a href=#a-background-number-crunching-worker>10.1.2.1 A background number-crunching worker</a><li><a href=#worker-used-for-background-i/o>10.1.2.2 Worker used for background I/O</a><li><a href=#shared-workers-introduction>10.1.2.3 Shared workers introduction</a><li><a href=#shared-state-using-a-shared-worker>10.1.2.4 Shared state using a shared worker</a><li><a href=#delegation>10.1.2.5 Delegation</a></ol><li><a href=#tutorials>10.1.3 Tutorials</a><ol><li><a href=#creating-a-dedicated-worker>10.1.3.1 Creating a dedicated worker</a><li><a href=#communicating-with-a-dedicated-worker>10.1.3.2 Communicating with a dedicated worker</a><li><a href=#shared-workers>10.1.3.3 Shared workers</a></ol></ol><li><a href=#infrastructure-2>10.2 Infrastructure</a><ol><li><a href=#the-global-scope>10.2.1 The global scope</a><ol><li><a href=#the-workerglobalscope-common-interface>10.2.1.1 The <code>WorkerGlobalScope</code> common interface</a><li><a href=#dedicated-workers-and-the-dedicated
workerglobalscope-interface>10.2.1.2 Dedicated workers and the <code>DedicatedWorkerGlobalScope</code> interface</a><li><a href=#shared-workers-and-the-sharedworkerglobalscope-interface>10.2.1.3 Shared workers and the <code>SharedWorkerGlobalScope</code> interface</a></ol><li><a href=#worker-event-loop>10.2.2 The event loop</a><li><a href="#the-worker's-lifetime">10.2.3 The worker's lifetime</a><li><a href=#processing-model-11>10.2.4 Processing model</a><li><a href=#runtime-script-errors-2>10.2.5 Runtime script errors</a><li><a href=#creating-workers>10.2.6 Creating workers</a><ol><li><a href=#the-abstractworker-abstract-interface>10.2.6.1 The <code>AbstractWorker</code> abstract interface</a><li><a href=#script-settings-for-workers>10.2.6.2 Script settings for workers</a><li><a href=#dedicated-workers-and-the-worker-interface>10.2.6.3 Dedicated workers and the <code>Worker</code> interface</a><li><a href=#shared-workers-and-the-sharedworker-interface>10.2.6.4 Shared workers
and the <code>SharedWorker</code> interface</a></ol></ol><li><a href=#apis-available-to-workers>10.3 APIs available to workers</a><ol><li><a href=#importing-scripts-and-libraries>10.3.1 Importing scripts and libraries</a><li><a href=#the-workernavigator-object>10.3.2 The <code>WorkerNavigator</code> object</a><li><a href=#worker-locations>10.3.3 Worker locations</a></ol></ol><li><a href=#webstorage>11 Web storage</a><ol><li><a href=#introduction-16>11.1 Introduction</a><li><a href=#storage>11.2 The API</a><ol><li><a href=#the-storage-interface>11.2.1 The <code>Storage</code> interface</a><li><a href=#the-sessionstorage-attribute>11.2.2 The <code>sessionStorage</code> attribute</a><li><a href=#the-localstorage-attribute>11.2.3 The <code>localStorage</code> attribute</a><li><a href=#the-storage-event>11.2.4 The <code>storage</code> event</a><ol><li><a href=#the-storageevent-interface>11.2.4.1 The <code>StorageEvent</code> interface</a></ol><li><a href=#threads>11.2.5 Threads<
/a></ol><li><a href=#disk-space-2>11.3 Disk space</a><li><a href=#privacy>11.4 Privacy</a><ol><li><a href=#user-tracking>11.4.1 User tracking</a><li><a href=#sensitivity-of-data>11.4.2 Sensitivity of data</a></ol><li><a href=#security-storage>11.5 Security</a><ol><li><a href=#dns-spoofing-attacks>11.5.1 DNS spoofing attacks</a><li><a href=#cross-directory-attacks>11.5.2 Cross-directory attacks</a><li><a href=#implementation-risks>11.5.3 Implementation risks</a></ol></ol><li><a href=#syntax>12 The HTML syntax</a><ol><li><a href=#writing>12.1 Writing HTML documents</a><ol><li><a href=#the-doctype>12.1.1 The DOCTYPE</a><li><a href=#elements-2>12.1.2 Elements</a><ol><li><a href=#start-tags>12.1.2.1 Start tags</a><li><a href=#end-tags>12.1.2.2 End tags</a><li><a href=#attributes-2>12.1.2.3 Attributes</a><li><a href=#optional-tags>12.1.2.4 Optional tags</a><li><a href=#element-restrictions>12.1.2.5 Restrictions on content models</a><li><a href=#cdata-rcdata-restrictions>12.1.2.6 R
estrictions on the contents of raw text and escapable raw text elements</a></ol><li><a href=#text-2>12.1.3 Text</a><ol><li><a href=#newlines>12.1.3.1 Newlines</a></ol><li><a href=#character-references>12.1.4 Character references</a><li><a href=#cdata-sections>12.1.5 CDATA sections</a><li><a href=#comments>12.1.6 Comments</a></ol><li><a href=#parsing>12.2 Parsing HTML documents</a><ol><li><a href=#overview-of-the-parsing-model>12.2.1 Overview of the parsing model</a><li><a href=#the-input-byte-stream>12.2.2 The input byte stream</a><ol><li><a href=#parsing-with-a-known-character-encoding>12.2.2.1 Parsing with a known character encoding</a><li><a href=#determining-the-character-encoding>12.2.2.2 Determining the character encoding</a><li><a href=#character-encodings>12.2.2.3 Character encodings</a><li><a href=#changing-the-encoding-while-parsing>12.2.2.4 Changing the encoding while parsing</a><li><a href=#preprocessing-the-input-stream>12.2.2.5 Preprocessing the input stream</a
></ol><li><a href=#parse-state>12.2.3 Parse state</a><ol><li><a href=#the-insertion-mode>12.2.3.1 The insertion mode</a><li><a href=#the-stack-of-open-elements>12.2.3.2 The stack of open elements</a><li><a href=#the-list-of-active-formatting-elements>12.2.3.3 The list of active formatting elements</a><li><a href=#the-element-pointers>12.2.3.4 The element pointers</a><li><a href=#other-parsing-state-flags>12.2.3.5 Other parsing state flags</a></ol><li><a href=#tokenization>12.2.4 Tokenization</a><ol><li><a href=#data-state>12.2.4.1 Data state</a><li><a href=#character-reference-in-data-state>12.2.4.2 Character reference in data state</a><li><a href=#rcdata-state>12.2.4.3 RCDATA state</a><li><a href=#character-reference-in-rcdata-state>12.2.4.4 Character reference in RCDATA state</a><li><a href=#rawtext-state>12.2.4.5 RAWTEXT state</a><li><a href=#script-data-state>12.2.4.6 Script data state</a><li><a href=#plaintext-state>12.2.4.7 PLAINTEXT state</a><li><a href=#tag-open-stat
e>12.2.4.8 Tag open state</a><li><a href=#end-tag-open-state>12.2.4.9 End tag open state</a><li><a href=#tag-name-state>12.2.4.10 Tag name state</a><li><a href=#rcdata-less-than-sign-state>12.2.4.11 RCDATA less-than sign state</a><li><a href=#rcdata-end-tag-open-state>12.2.4.12 RCDATA end tag open state</a><li><a href=#rcdata-end-tag-name-state>12.2.4.13 RCDATA end tag name state</a><li><a href=#rawtext-less-than-sign-state>12.2.4.14 RAWTEXT less-than sign state</a><li><a href=#rawtext-end-tag-open-state>12.2.4.15 RAWTEXT end tag open state</a><li><a href=#rawtext-end-tag-name-state>12.2.4.16 RAWTEXT end tag name state</a><li><a href=#script-data-less-than-sign-state>12.2.4.17 Script data less-than sign state</a><li><a href=#script-data-end-tag-open-state>12.2.4.18 Script data end tag open state</a><li><a href=#script-data-end-tag-name-state>12.2.4.19 Script data end tag name state</a><li><a href=#script-data-escape-start-state>12.2.4.20 Script data escape start state</a><li
><a href=#script-data-escape-start-dash-state>12.2.4.21 Script data escape start dash state</a><li><a href=#script-data-escaped-state>12.2.4.22 Script data escaped state</a><li><a href=#script-data-escaped-dash-state>12.2.4.23 Script data escaped dash state</a><li><a href=#script-data-escaped-dash-dash-state>12.2.4.24 Script data escaped dash dash state</a><li><a href=#script-data-escaped-less-than-sign-state>12.2.4.25 Script data escaped less-than sign state</a><li><a href=#script-data-escaped-end-tag-open-state>12.2.4.26 Script data escaped end tag open state</a><li><a href=#script-data-escaped-end-tag-name-state>12.2.4.27 Script data escaped end tag name state</a><li><a href=#script-data-double-escape-start-state>12.2.4.28 Script data double escape start state</a><li><a href=#script-data-double-escaped-state>12.2.4.29 Script data double escaped state</a><li><a href=#script-data-double-escaped-dash-state>12.2.4.30 Script data double escaped dash state</a><li><a href=#scrip
t-data-double-escaped-dash-dash-state>12.2.4.31 Script data double escaped dash dash state</a><li><a href=#script-data-double-escaped-less-than-sign-state>12.2.4.32 Script data double escaped less-than sign state</a><li><a href=#script-data-double-escape-end-state>12.2.4.33 Script data double escape end state</a><li><a href=#before-attribute-name-state>12.2.4.34 Before attribute name state</a><li><a href=#attribute-name-state>12.2.4.35 Attribute name state</a><li><a href=#after-attribute-name-state>12.2.4.36 After attribute name state</a><li><a href=#before-attribute-value-state>12.2.4.37 Before attribute value state</a><li><a href=#attribute-value-(double-quoted)-state>12.2.4.38 Attribute value (double-quoted) state</a><li><a href=#attribute-value-(single-quoted)-state>12.2.4.39 Attribute value (single-quoted) state</a><li><a href=#attribute-value-(unquoted)-state>12.2.4.40 Attribute value (unquoted) state</a><li><a href=#character-reference-in-attribute-value-state>12.2.4.
41 Character reference in attribute value state</a><li><a href=#after-attribute-value-(quoted)-state>12.2.4.42 After attribute value (quoted) state</a><li><a href=#self-closing-start-tag-state>12.2.4.43 Self-closing start tag state</a><li><a href=#bogus-comment-state>12.2.4.44 Bogus comment state</a><li><a href=#markup-declaration-open-state>12.2.4.45 Markup declaration open state</a><li><a href=#comment-start-state>12.2.4.46 Comment start state</a><li><a href=#comment-start-dash-state>12.2.4.47 Comment start dash state</a><li><a href=#comment-state>12.2.4.48 Comment state</a><li><a href=#comment-end-dash-state>12.2.4.49 Comment end dash state</a><li><a href=#comment-end-state>12.2.4.50 Comment end state</a><li><a href=#comment-end-bang-state>12.2.4.51 Comment end bang state</a><li><a href=#doctype-state>12.2.4.52 DOCTYPE state</a><li><a href=#before-doctype-name-state>12.2.4.53 Before DOCTYPE name state</a><li><a href=#doctype-name-state>12.2.4.54 DOCTYPE name state</a><li>
<a href=#after-doctype-name-state>12.2.4.55 After DOCTYPE name state</a><li><a href=#after-doctype-public-keyword-state>12.2.4.56 After DOCTYPE public keyword state</a><li><a href=#before-doctype-public-identifier-state>12.2.4.57 Before DOCTYPE public identifier state</a><li><a href=#doctype-public-identifier-(double-quoted)-state>12.2.4.58 DOCTYPE public identifier (double-quoted) state</a><li><a href=#doctype-public-identifier-(single-quoted)-state>12.2.4.59 DOCTYPE public identifier (single-quoted) state</a><li><a href=#after-doctype-public-identifier-state>12.2.4.60 After DOCTYPE public identifier state</a><li><a href=#between-doctype-public-and-system-identifiers-state>12.2.4.61 Between DOCTYPE public and system identifiers state</a><li><a href=#after-doctype-system-keyword-state>12.2.4.62 After DOCTYPE system keyword state</a><li><a href=#before-doctype-system-identifier-state>12.2.4.63 Before DOCTYPE system identifier state</a><li><a href=#doctype-system-identifier-(d
ouble-quoted)-state>12.2.4.64 DOCTYPE system identifier (double-quoted) state</a><li><a href=#doctype-system-identifier-(single-quoted)-state>12.2.4.65 DOCTYPE system identifier (single-quoted) state</a><li><a href=#after-doctype-system-identifier-state>12.2.4.66 After DOCTYPE system identifier state</a><li><a href=#bogus-doctype-state>12.2.4.67 Bogus DOCTYPE state</a><li><a href=#cdata-section-state>12.2.4.68 CDATA section state</a><li><a href=#tokenizing-character-references>12.2.4.69 Tokenizing character references</a></ol><li><a href=#tree-construction>12.2.5 Tree construction</a><ol><li><a href=#creating-and-inserting-nodes>12.2.5.1 Creating and inserting nodes</a><li><a href=#parsing-elements-that-contain-only-text>12.2.5.2 Parsing elements that contain only text</a><li><a href=#closing-elements-that-have-implied-end-tags>12.2.5.3 Closing elements that have implied end tags</a><li><a href=#parsing-main-inhtml>12.2.5.4 The rules for parsing tokens in HTML content</a><ol
><li><a href=#the-initial-insertion-mode>12.2.5.4.1 The "initial" insertion mode</a><li><a href=#the-before-html-insertion-mode>12.2.5.4.2 The "before html" insertion mode</a><li><a href=#the-before-head-insertion-mode>12.2.5.4.3 The "before head" insertion mode</a><li><a href=#parsing-main-inhead>12.2.5.4.4 The "in head" insertion mode</a><li><a href=#parsing-main-inheadnoscript>12.2.5.4.5 The "in head noscript" insertion mode</a><li><a href=#the-after-head-insertion-mode>12.2.5.4.6 The "after head" insertion mode</a><li><a href=#parsing-main-inbody>12.2.5.4.7 The "in body" insertion mode</a><li><a href=#parsing-main-incdata>12.2.5.4.8 The "text" insertion mode</a><li><a href=#parsing-main-intable>12.2.5.4.9 The "in table" insertion mode</a><li><a href=#parsing-main-intabletext>12.2.5.4.10 The "in table text" insertion mode</a><li><a href=#parsing-main-incaption>12.2.5.4.11 The "in caption" insertion mode</a><li><a href=#parsing-main-incolgroup>12.2.5.4.12 The "in column gr
oup" insertion mode</a><li><a href=#parsing-main-intbody>12.2.5.4.13 The "in table body" insertion mode</a><li><a href=#parsing-main-intr>12.2.5.4.14 The "in row" insertion mode</a><li><a href=#parsing-main-intd>12.2.5.4.15 The "in cell" insertion mode</a><li><a href=#parsing-main-inselect>12.2.5.4.16 The "in select" insertion mode</a><li><a href=#parsing-main-inselectintable>12.2.5.4.17 The "in select in table" insertion mode</a><li><a href=#parsing-main-intemplate>12.2.5.4.18 The "in template" insertion mode</a><li><a href=#parsing-main-afterbody>12.2.5.4.19 The "after body" insertion mode</a><li><a href=#parsing-main-inframeset>12.2.5.4.20 The "in frameset" insertion mode</a><li><a href=#parsing-main-afterframeset>12.2.5.4.21 The "after frameset" insertion mode</a><li><a href=#the-after-after-body-insertion-mode>12.2.5.4.22 The "after after body" insertion mode</a><li><a href=#the-after-after-frameset-insertion-mode>12.2.5.4.23 The "after after frameset" insertion mode</a
></ol><li><a href=#parsing-main-inforeign>12.2.5.5 The rules for parsing tokens in foreign content</a></ol><li><a href=#the-end>12.2.6 The end</a><li><a href=#coercing-an-html-dom-into-an-infoset>12.2.7 Coercing an HTML DOM into an infoset</a><li><a href=#an-introduction-to-error-handling-and-strange-cases-in-the-parser>12.2.8 An introduction to error handling and strange cases in the parser</a><ol><li><a href=#misnested-tags:-b-i-/b-/i>12.2.8.1 Misnested tags: <b><i></b></i></a><li><a href=#misnested-tags:-b-p-/b-/p>12.2.8.2 Misnested tags: <b><p></b></p></a><li><a href=#unexpected-markup-in-tables>12.2.8.3 Unexpected markup in tables</a><li><a href=#scripts-that-modify-the-page-as-it-is-being-parsed>12.2.8.4 Scripts that modify the page as it is being parsed</a><li><a href=#the-execution-of-scripts-that-are-moving-across-multiple-documents>12.2.8.5 The execution of scripts that are moving across multiple documents</a><li><a href=#unclosed-formatting
-elements>12.2.8.6 Unclosed formatting elements</a></ol></ol><li><a href=#serialising-html-fragments>12.3 Serialising HTML fragments</a><li><a href=#parsing-html-fragments>12.4 Parsing HTML fragments</a><li><a href=#named-character-references>12.5 Named character references</a></ol><li><a href=#the-xhtml-syntax>13 The XHTML syntax</a><ol><li><a href=#writing-xhtml-documents>13.1 Writing XHTML documents</a><li><a href=#parsing-xhtml-documents>13.2 Parsing XHTML documents</a><li><a href=#serialising-xhtml-fragments>13.3 Serialising XHTML fragments</a><li><a href=#parsing-xhtml-fragments>13.4 Parsing XHTML fragments</a></ol><li><a href=#rendering>14 Rendering</a><ol><li><a href=#introduction-17>14.1 Introduction</a><li><a href=#the-css-user-agent-style-sheet-and-presentational-hints>14.2 The CSS user agent style sheet and presentational hints</a><li><a href=#non-replaced-elements>14.3 Non-replaced elements</a><ol><li><a href=#hidden-elements>14.3.1 Hidden elements</a><li><a hre
f=#the-page>14.3.2 The page</a><li><a href=#flow-content-3>14.3.3 Flow content</a><li><a href=#phrasing-content-3>14.3.4 Phrasing content</a><li><a href=#bidi-rendering>14.3.5 Bidirectional text</a><li><a href=#quotes>14.3.6 Quotes</a><li><a href=#sections-and-headings>14.3.7 Sections and headings</a><li><a href=#lists>14.3.8 Lists</a><li><a href=#tables-2>14.3.9 Tables</a><li><a href=#margin-collapsing-quirks>14.3.10 Margin collapsing quirks</a><li><a href=#form-controls>14.3.11 Form controls</a><li><a href=#the-hr-element-2>14.3.12 The <code>hr</code> element</a><li><a href=#the-fieldset-and-legend-elements>14.3.13 The <code>fieldset</code> and <code>legend</code> elements</a></ol><li><a href=#replaced-elements>14.4 Replaced elements</a><ol><li><a href=#embedded-content-rendering-rules>14.4.1 Embedded content</a><li><a href=#images-2>14.4.2 Images</a><li><a href=#attributes-for-embedded-content-and-images>14.4.3 Attributes for embedded content and images</a><li><a href=#im
age-maps-2>14.4.4 Image maps</a></ol><li><a href=#bindings>14.5 Bindings</a><ol><li><a href=#introduction-18>14.5.1 Introduction</a><li><a href=#the-button-element-2>14.5.2 The <code>button</code> element</a><li><a href=#the-details-element-2>14.5.3 The <code>details</code> element</a><li><a href=#the-input-element-as-a-text-entry-widget>14.5.4 The <code>input</code> element as a text entry widget</a><li><a href=#the-input-element-as-domain-specific-widgets>14.5.5 The <code>input</code> element as domain-specific widgets</a><li><a href=#the-input-element-as-a-range-control>14.5.6 The <code>input</code> element as a range control</a><li><a href=#the-input-element-as-a-colour-well>14.5.7 The <code>input</code> element as a colour well</a><li><a href=#the-input-element-as-a-checkbox-and-radio-button-widgets>14.5.8 The <code>input</code> element as a checkbox and radio button widgets</a><li><a href=#the-input-element-as-a-file-upload-control>14.5.9 The <code>input</code> element
as a file upload control</a><li><a href=#the-input-element-as-a-button>14.5.10 The <code>input</code> element as a button</a><li><a href=#the-marquee-element>14.5.11 The <code>marquee</code> element</a><li><a href=#the-meter-element-2>14.5.12 The <code>meter</code> element</a><li><a href=#the-progress-element-2>14.5.13 The <code>progress</code> element</a><li><a href=#the-select-element-2>14.5.14 The <code>select</code> element</a><li><a href=#the-textarea-element-2>14.5.15 The <code>textarea</code> element</a><li><a href=#the-keygen-element-2>14.5.16 The <code>keygen</code> element</a></ol><li><a href=#frames-and-framesets>14.6 Frames and framesets</a><li><a href=#interactive-media>14.7 Interactive media</a><ol><li><a href=#links,-forms,-and-navigation>14.7.1 Links, forms, and navigation</a><li><a href=#the-title-attribute-2>14.7.2 The <code>title</code> attribute</a><li><a href=#editing-hosts>14.7.3 Editing hosts</a><li><a href=#text-rendered-in-native-user-interfaces>14.
7.4 Text rendered in native user interfaces</a></ol><li><a href=#print-media>14.8 Print media</a><li><a href=#unstyled-xml-documents>14.9 Unstyled XML documents</a></ol><li><a href=#obsolete>15 Obsolete features</a><ol><li><a href=#obsolete-but-conforming-features>15.1 Obsolete but conforming features</a><ol><li><a href=#warnings-for-obsolete-but-conforming-features>15.1.1 Warnings for obsolete but conforming features</a></ol><li><a href=#non-conforming-features>15.2 Non-conforming features</a><li><a href=#requirements-for-implementations>15.3 Requirements for implementations</a><ol><li><a href=#the-applet-element>15.3.1 The <code>applet</code> element</a><li><a href=#the-marquee-element-2>15.3.2 The <code>marquee</code> element</a><li><a href=#frames>15.3.3 Frames</a><li><a href=#other-elements,-attributes-and-apis>15.3.4 Other elements, attributes and APIs</a></ol></ol><li><a href=#iana>16 IANA considerations</a><ol><li><a href=#text/html>16.1 <code>text/html</code></a><li
><a href=#multipart/x-mixed-replace>16.2 <code>multipart/x-mixed-replace</code></a><li><a href=#application/xhtml+xml>16.3 <code>application/xhtml+xml</code></a><li><a href=#application/x-www-form-urlencoded>16.4 <code>application/x-www-form-urlencoded</code></a><li><a href=#text/cache-manifest>16.5 <code>text/cache-manifest</code></a><li><a href=#text/ping>16.6 <code>text/ping</code></a><li><a href=#application/microdata+json>16.7 <code>application/microdata+json</code></a><li><a href=#ping-from>16.8 <code>Ping-From</code></a><li><a href=#ping-to>16.9 <code>Ping-To</code></a><li><a href=#web+-scheme-prefix>16.10 <code>web+</code> scheme prefix</a></ol><li><a href=#index>Index</a><ol><li><a href=#elements-3>Elements</a><li><a href=#element-content-categories>Element content categories</a><li><a href=#attributes-3>Attributes</a><li><a href=#element-interfaces>Element Interfaces</a><li><a href=#all-interfaces>All Interfaces</a><li><a href=#events-2>Events</a><li><a href=#mime-
types-2>MIME Types</a></ol><li><a href=#references>References</a><li><a href=#acknowledgements>Acknowledgements</a></ol>
+ content that doesn't have a DOM</a><li><a href=#scroll-to-fragid>7.6.9 Navigating to a fragment identifier</a><li><a href=#history-traversal>7.6.10 History traversal</a><ol><li><a href=#the-popstateevent-interface>7.6.10.1 The <code>PopStateEvent</code> interface</a><li><a href=#the-hashchangeevent-interface>7.6.10.2 The <code>HashChangeEvent</code> interface</a><li><a href=#the-pagetransitionevent-interface>7.6.10.3 The <code>PageTransitionEvent</code> interface</a></ol><li><a href=#unloading-documents>7.6.11 Unloading documents</a><ol><li><a href=#the-beforeunloadevent-interface>7.6.11.1 The <code>BeforeUnloadEvent</code> interface</a></ol><li><a href=#aborting-a-document-load>7.6.12 Aborting a document load</a></ol><li><a href=#offline>7.7 Offline Web applications</a><ol><li><a href=#introduction-11>7.7.1 Introduction</a><ol><li><a href=#supporting-offline-caching-for-legacy-applications>7.7.1.1 Supporting offline caching for legacy applications</a><li><a href=#appcache
events>7.7.1.2 Event summary</a></ol><li><a href=#appcache>7.7.2 Application caches</a><li><a href=#manifests>7.7.3 The cache manifest syntax</a><ol><li><a href=#some-sample-manifests>7.7.3.1 Some sample manifests</a><li><a href=#writing-cache-manifests>7.7.3.2 Writing cache manifests</a><li><a href=#parsing-cache-manifests>7.7.3.3 Parsing cache manifests</a></ol><li><a href=#downloading-or-updating-an-application-cache>7.7.4 Downloading or updating an application cache</a><li><a href=#the-application-cache-selection-algorithm>7.7.5 The application cache selection algorithm</a><li><a href=#changesToNetworkingModel>7.7.6 Changes to the networking model</a><li><a href=#expiring-application-caches>7.7.7 Expiring application caches</a><li><a href=#disk-space>7.7.8 Disk space</a><li><a href=#security-concerns-with-offline-applications-caches>7.7.9 Security concerns with offline applications caches</a><li><a href=#application-cache-api>7.7.10 Application cache API</a><li><a href=#
browser-state>7.7.11 Browser state</a></ol></ol><li><a href=#webappapis>8 Web application APIs</a><ol><li><a href=#scripting>8.1 Scripting</a><ol><li><a href=#introduction-12>8.1.1 Introduction</a><li><a href=#enabling-and-disabling-scripting>8.1.2 Enabling and disabling scripting</a><li><a href=#processing-model-8>8.1.3 Processing model</a><ol><li><a href=#definitions-2>8.1.3.1 Definitions</a><li><a href=#script-settings-for-browsing-contexts>8.1.3.2 Script settings for browsing contexts</a><li><a href=#calling-scripts>8.1.3.3 Calling scripts</a><li><a href=#creating-scripts>8.1.3.4 Creating scripts</a><li><a href=#killing-scripts>8.1.3.5 Killing scripts</a><li><a href=#runtime-script-errors>8.1.3.6 Runtime script errors</a><ol><li><a href=#runtime-script-errors-in-documents>8.1.3.6.1 Runtime script errors in documents</a><li><a href=#the-errorevent-interface>8.1.3.6.2 The <code>ErrorEvent</code> interface</a></ol></ol><li><a href=#event-loops>8.1.4 Event loops</a><ol><li><
a href=#definitions-3>8.1.4.1 Definitions</a><li><a href=#processing-model-9>8.1.4.2 Processing model</a><li><a href=#generic-task-sources>8.1.4.3 Generic task sources</a></ol><li><a href=#events>8.1.5 Events</a><ol><li><a href=#event-handler-attributes>8.1.5.1 Event handlers</a><li><a href=#event-handlers-on-elements,-document-objects,-and-window-objects>8.1.5.2 Event handlers on elements, <code>Document</code> objects, and <code>Window</code> objects</a><ol><li><a href=#idl-definitions>8.1.5.2.1 IDL definitions</a></ol><li><a href=#event-firing>8.1.5.3 Event firing</a><li><a href=#events-and-the-window-object>8.1.5.4 Events and the <code>Window</code> object</a></ol></ol><li><a href=#atob>8.2 Base64 utility methods</a><li><a href=#dynamic-markup-insertion>8.3 Dynamic markup insertion</a><ol><li><a href=#opening-the-input-stream>8.3.1 Opening the input stream</a><li><a href=#closing-the-input-stream>8.3.2 Closing the input stream</a><li><a href=#document.write()>8.3.3 <code
>document.write()</code></a><li><a href=#document.writeln()>8.3.4 <code>document.writeln()</code></a></ol><li><a href=#timers>8.4 Timers</a><li><a href=#user-prompts>8.5 User prompts</a><ol><li><a href=#simple-dialogs>8.5.1 Simple dialogs</a><li><a href=#printing>8.5.2 Printing</a><li><a href=#dialogs-implemented-using-separate-documents>8.5.3 Dialogs implemented using separate documents</a></ol><li><a href=#system-state-and-capabilities>8.6 System state and capabilities</a><ol><li><a href=#the-navigator-object>8.6.1 The <code>Navigator</code> object</a><ol><li><a href=#client-identification>8.6.1.1 Client identification</a><li><a href=#language-preferences>8.6.1.2 Language preferences</a><li><a href=#custom-handlers>8.6.1.3 Custom scheme and content handlers</a><ol><li><a href=#security-and-privacy>8.6.1.3.1 Security and privacy</a><li><a href=#sample-handler-impl>8.6.1.3.2 Sample user interface</a></ol><li><a href=#manually-releasing-the-storage-mutex>8.6.1.4 Manually rele
asing the storage mutex</a><li><a href=#plugins-2>8.6.1.5 Plugins</a></ol><li><a href=#the-external-interface>8.6.2 The <code>External</code> interface</a></ol><li><a href=#images>8.7 Images</a></ol><li><a href=#comms>9 Communication</a><ol><li><a href=#the-messageevent-interfaces>9.1 The <code>MessageEvent</code> interfaces</a><li><a href=#server-sent-events>9.2 Server-sent events</a><ol><li><a href=#server-sent-events-intro>9.2.1 Introduction</a><li><a href=#the-eventsource-interface>9.2.2 The <code>EventSource</code> interface</a><li><a href=#processing-model-10>9.2.3 Processing model</a><li><a href=#parsing-an-event-stream>9.2.4 Parsing an event stream</a><li><a href=#event-stream-interpretation>9.2.5 Interpreting an event stream</a><li><a href=#authoring-notes>9.2.6 Authoring notes</a><li><a href=#eventsource-push>9.2.7 Connectionless push and other features</a><li><a href=#garbage-collection-2>9.2.8 Garbage collection</a><li><a href=#implementation-advice>9.2.9 Impleme
ntation advice</a><li><a href=#iana-considerations>9.2.10 IANA considerations</a><ol><li><a href=#text/event-stream>9.2.10.1 <code>text/event-stream</code></a><li><a href=#last-event-id>9.2.10.2 <code>Last-Event-ID</code></a></ol></ol><li><a href=#network>9.3 Web sockets</a><ol><li><a href=#network-intro>9.3.1 Introduction</a><li><a href=#the-websocket-interface>9.3.2 The <code>WebSocket</code> interface</a><li><a href=#feedback-from-the-protocol>9.3.3 Feedback from the protocol</a><li><a href=#ping-and-pong-frames>9.3.4 Ping and Pong frames</a><li><a href=#parsing-websocket-urls>9.3.5 Parsing WebSocket URLs</a><li><a href=#the-closeevent-interfaces>9.3.6 The <code>CloseEvent</code> interfaces</a><li><a href=#garbage-collection-3>9.3.7 Garbage collection</a></ol><li><a href=#web-messaging>9.4 Cross-document messaging</a><ol><li><a href=#introduction-13>9.4.1 Introduction</a><li><a href=#security-postmsg>9.4.2 Security</a><ol><li><a href=#authors>9.4.2.1 Authors</a><li><a hre
f=#user-agents>9.4.2.2 User agents</a></ol><li><a href=#posting-messages>9.4.3 Posting messages</a></ol><li><a href=#channel-messaging>9.5 Channel messaging</a><ol><li><a href=#introduction-14>9.5.1 Introduction</a><ol><li><a href=#examples-5>9.5.1.1 Examples</a><li><a href=#ports-as-the-basis-of-an-object-capability-model-on-the-web>9.5.1.2 Ports as the basis of an object-capability model on the Web</a><li><a href=#ports-as-the-basis-of-abstracting-out-service-implementations>9.5.1.3 Ports as the basis of abstracting out service implementations</a></ol><li><a href=#message-channels>9.5.2 Message channels</a><li><a href=#message-ports>9.5.3 Message ports</a><li><a href=#broadcasting-to-many-ports>9.5.4 Broadcasting to many ports</a><li><a href=#ports-and-garbage-collection>9.5.5 Ports and garbage collection</a></ol><li><a href=#broadcasting-to-other-browsing-contexts>9.6 Broadcasting to other browsing contexts</a></ol><li><a href=#workers>10 Web workers</a><ol><li><a href=#i
ntroduction-15>10.1 Introduction</a><ol><li><a href=#scope-2>10.1.1 Scope</a><li><a href=#examples-6>10.1.2 Examples</a><ol><li><a href=#a-background-number-crunching-worker>10.1.2.1 A background number-crunching worker</a><li><a href=#worker-used-for-background-i/o>10.1.2.2 Worker used for background I/O</a><li><a href=#shared-workers-introduction>10.1.2.3 Shared workers introduction</a><li><a href=#shared-state-using-a-shared-worker>10.1.2.4 Shared state using a shared worker</a><li><a href=#delegation>10.1.2.5 Delegation</a></ol><li><a href=#tutorials>10.1.3 Tutorials</a><ol><li><a href=#creating-a-dedicated-worker>10.1.3.1 Creating a dedicated worker</a><li><a href=#communicating-with-a-dedicated-worker>10.1.3.2 Communicating with a dedicated worker</a><li><a href=#shared-workers>10.1.3.3 Shared workers</a></ol></ol><li><a href=#infrastructure-2>10.2 Infrastructure</a><ol><li><a href=#the-global-scope>10.2.1 The global scope</a><ol><li><a href=#the-workerglobalscope-comm
on-interface>10.2.1.1 The <code>WorkerGlobalScope</code> common interface</a><li><a href=#dedicated-workers-and-the-dedicatedworkerglobalscope-interface>10.2.1.2 Dedicated workers and the <code>DedicatedWorkerGlobalScope</code> interface</a><li><a href=#shared-workers-and-the-sharedworkerglobalscope-interface>10.2.1.3 Shared workers and the <code>SharedWorkerGlobalScope</code> interface</a></ol><li><a href=#worker-event-loop>10.2.2 The event loop</a><li><a href="#the-worker's-lifetime">10.2.3 The worker's lifetime</a><li><a href=#processing-model-11>10.2.4 Processing model</a><li><a href=#runtime-script-errors-2>10.2.5 Runtime script errors</a><li><a href=#creating-workers>10.2.6 Creating workers</a><ol><li><a href=#the-abstractworker-abstract-interface>10.2.6.1 The <code>AbstractWorker</code> abstract interface</a><li><a href=#script-settings-for-workers>10.2.6.2 Script settings for workers</a><li><a href=#dedicated-workers-and-the-worker-interface>10.2.6.3 Dedicated worker
s and the <code>Worker</code> interface</a><li><a href=#shared-workers-and-the-sharedworker-interface>10.2.6.4 Shared workers and the <code>SharedWorker</code> interface</a></ol></ol><li><a href=#apis-available-to-workers>10.3 APIs available to workers</a><ol><li><a href=#importing-scripts-and-libraries>10.3.1 Importing scripts and libraries</a><li><a href=#the-workernavigator-object>10.3.2 The <code>WorkerNavigator</code> object</a><li><a href=#worker-locations>10.3.3 Worker locations</a></ol></ol><li><a href=#webstorage>11 Web storage</a><ol><li><a href=#introduction-16>11.1 Introduction</a><li><a href=#storage>11.2 The API</a><ol><li><a href=#the-storage-interface>11.2.1 The <code>Storage</code> interface</a><li><a href=#the-sessionstorage-attribute>11.2.2 The <code>sessionStorage</code> attribute</a><li><a href=#the-localstorage-attribute>11.2.3 The <code>localStorage</code> attribute</a><li><a href=#the-storage-event>11.2.4 The <code>storage</code> event</a><ol><li><a h
ref=#the-storageevent-interface>11.2.4.1 The <code>StorageEvent</code> interface</a></ol><li><a href=#threads>11.2.5 Threads</a></ol><li><a href=#disk-space-2>11.3 Disk space</a><li><a href=#privacy>11.4 Privacy</a><ol><li><a href=#user-tracking>11.4.1 User tracking</a><li><a href=#sensitivity-of-data>11.4.2 Sensitivity of data</a></ol><li><a href=#security-storage>11.5 Security</a><ol><li><a href=#dns-spoofing-attacks>11.5.1 DNS spoofing attacks</a><li><a href=#cross-directory-attacks>11.5.2 Cross-directory attacks</a><li><a href=#implementation-risks>11.5.3 Implementation risks</a></ol></ol><li><a href=#syntax>12 The HTML syntax</a><ol><li><a href=#writing>12.1 Writing HTML documents</a><ol><li><a href=#the-doctype>12.1.1 The DOCTYPE</a><li><a href=#elements-2>12.1.2 Elements</a><ol><li><a href=#start-tags>12.1.2.1 Start tags</a><li><a href=#end-tags>12.1.2.2 End tags</a><li><a href=#attributes-2>12.1.2.3 Attributes</a><li><a href=#optional-tags>12.1.2.4 Optional tags</a><
li><a href=#element-restrictions>12.1.2.5 Restrictions on content models</a><li><a href=#cdata-rcdata-restrictions>12.1.2.6 Restrictions on the contents of raw text and escapable raw text elements</a></ol><li><a href=#text-2>12.1.3 Text</a><ol><li><a href=#newlines>12.1.3.1 Newlines</a></ol><li><a href=#character-references>12.1.4 Character references</a><li><a href=#cdata-sections>12.1.5 CDATA sections</a><li><a href=#comments>12.1.6 Comments</a></ol><li><a href=#parsing>12.2 Parsing HTML documents</a><ol><li><a href=#overview-of-the-parsing-model>12.2.1 Overview of the parsing model</a><li><a href=#the-input-byte-stream>12.2.2 The input byte stream</a><ol><li><a href=#parsing-with-a-known-character-encoding>12.2.2.1 Parsing with a known character encoding</a><li><a href=#determining-the-character-encoding>12.2.2.2 Determining the character encoding</a><li><a href=#character-encodings>12.2.2.3 Character encodings</a><li><a href=#changing-the-encoding-while-parsing>12.2.2.4
Changing the encoding while parsing</a><li><a href=#preprocessing-the-input-stream>12.2.2.5 Preprocessing the input stream</a></ol><li><a href=#parse-state>12.2.3 Parse state</a><ol><li><a href=#the-insertion-mode>12.2.3.1 The insertion mode</a><li><a href=#the-stack-of-open-elements>12.2.3.2 The stack of open elements</a><li><a href=#the-list-of-active-formatting-elements>12.2.3.3 The list of active formatting elements</a><li><a href=#the-element-pointers>12.2.3.4 The element pointers</a><li><a href=#other-parsing-state-flags>12.2.3.5 Other parsing state flags</a></ol><li><a href=#tokenization>12.2.4 Tokenization</a><ol><li><a href=#data-state>12.2.4.1 Data state</a><li><a href=#character-reference-in-data-state>12.2.4.2 Character reference in data state</a><li><a href=#rcdata-state>12.2.4.3 RCDATA state</a><li><a href=#character-reference-in-rcdata-state>12.2.4.4 Character reference in RCDATA state</a><li><a href=#rawtext-state>12.2.4.5 RAWTEXT state</a><li><a href=#script
-data-state>12.2.4.6 Script data state</a><li><a href=#plaintext-state>12.2.4.7 PLAINTEXT state</a><li><a href=#tag-open-state>12.2.4.8 Tag open state</a><li><a href=#end-tag-open-state>12.2.4.9 End tag open state</a><li><a href=#tag-name-state>12.2.4.10 Tag name state</a><li><a href=#rcdata-less-than-sign-state>12.2.4.11 RCDATA less-than sign state</a><li><a href=#rcdata-end-tag-open-state>12.2.4.12 RCDATA end tag open state</a><li><a href=#rcdata-end-tag-name-state>12.2.4.13 RCDATA end tag name state</a><li><a href=#rawtext-less-than-sign-state>12.2.4.14 RAWTEXT less-than sign state</a><li><a href=#rawtext-end-tag-open-state>12.2.4.15 RAWTEXT end tag open state</a><li><a href=#rawtext-end-tag-name-state>12.2.4.16 RAWTEXT end tag name state</a><li><a href=#script-data-less-than-sign-state>12.2.4.17 Script data less-than sign state</a><li><a href=#script-data-end-tag-open-state>12.2.4.18 Script data end tag open state</a><li><a href=#script-data-end-tag-name-state>12.2.4.19
Script data end tag name state</a><li><a href=#script-data-escape-start-state>12.2.4.20 Script data escape start state</a><li><a href=#script-data-escape-start-dash-state>12.2.4.21 Script data escape start dash state</a><li><a href=#script-data-escaped-state>12.2.4.22 Script data escaped state</a><li><a href=#script-data-escaped-dash-state>12.2.4.23 Script data escaped dash state</a><li><a href=#script-data-escaped-dash-dash-state>12.2.4.24 Script data escaped dash dash state</a><li><a href=#script-data-escaped-less-than-sign-state>12.2.4.25 Script data escaped less-than sign state</a><li><a href=#script-data-escaped-end-tag-open-state>12.2.4.26 Script data escaped end tag open state</a><li><a href=#script-data-escaped-end-tag-name-state>12.2.4.27 Script data escaped end tag name state</a><li><a href=#script-data-double-escape-start-state>12.2.4.28 Script data double escape start state</a><li><a href=#script-data-double-escaped-state>12.2.4.29 Script data double escaped stat
e</a><li><a href=#script-data-double-escaped-dash-state>12.2.4.30 Script data double escaped dash state</a><li><a href=#script-data-double-escaped-dash-dash-state>12.2.4.31 Script data double escaped dash dash state</a><li><a href=#script-data-double-escaped-less-than-sign-state>12.2.4.32 Script data double escaped less-than sign state</a><li><a href=#script-data-double-escape-end-state>12.2.4.33 Script data double escape end state</a><li><a href=#before-attribute-name-state>12.2.4.34 Before attribute name state</a><li><a href=#attribute-name-state>12.2.4.35 Attribute name state</a><li><a href=#after-attribute-name-state>12.2.4.36 After attribute name state</a><li><a href=#before-attribute-value-state>12.2.4.37 Before attribute value state</a><li><a href=#attribute-value-(double-quoted)-state>12.2.4.38 Attribute value (double-quoted) state</a><li><a href=#attribute-value-(single-quoted)-state>12.2.4.39 Attribute value (single-quoted) state</a><li><a href=#attribute-value-(un
quoted)-state>12.2.4.40 Attribute value (unquoted) state</a><li><a href=#character-reference-in-attribute-value-state>12.2.4.41 Character reference in attribute value state</a><li><a href=#after-attribute-value-(quoted)-state>12.2.4.42 After attribute value (quoted) state</a><li><a href=#self-closing-start-tag-state>12.2.4.43 Self-closing start tag state</a><li><a href=#bogus-comment-state>12.2.4.44 Bogus comment state</a><li><a href=#markup-declaration-open-state>12.2.4.45 Markup declaration open state</a><li><a href=#comment-start-state>12.2.4.46 Comment start state</a><li><a href=#comment-start-dash-state>12.2.4.47 Comment start dash state</a><li><a href=#comment-state>12.2.4.48 Comment state</a><li><a href=#comment-end-dash-state>12.2.4.49 Comment end dash state</a><li><a href=#comment-end-state>12.2.4.50 Comment end state</a><li><a href=#comment-end-bang-state>12.2.4.51 Comment end bang state</a><li><a href=#doctype-state>12.2.4.52 DOCTYPE state</a><li><a href=#before-d
octype-name-state>12.2.4.53 Before DOCTYPE name state</a><li><a href=#doctype-name-state>12.2.4.54 DOCTYPE name state</a><li><a href=#after-doctype-name-state>12.2.4.55 After DOCTYPE name state</a><li><a href=#after-doctype-public-keyword-state>12.2.4.56 After DOCTYPE public keyword state</a><li><a href=#before-doctype-public-identifier-state>12.2.4.57 Before DOCTYPE public identifier state</a><li><a href=#doctype-public-identifier-(double-quoted)-state>12.2.4.58 DOCTYPE public identifier (double-quoted) state</a><li><a href=#doctype-public-identifier-(single-quoted)-state>12.2.4.59 DOCTYPE public identifier (single-quoted) state</a><li><a href=#after-doctype-public-identifier-state>12.2.4.60 After DOCTYPE public identifier state</a><li><a href=#between-doctype-public-and-system-identifiers-state>12.2.4.61 Between DOCTYPE public and system identifiers state</a><li><a href=#after-doctype-system-keyword-state>12.2.4.62 After DOCTYPE system keyword state</a><li><a href=#before-
doctype-system-identifier-state>12.2.4.63 Before DOCTYPE system identifier state</a><li><a href=#doctype-system-identifier-(double-quoted)-state>12.2.4.64 DOCTYPE system identifier (double-quoted) state</a><li><a href=#doctype-system-identifier-(single-quoted)-state>12.2.4.65 DOCTYPE system identifier (single-quoted) state</a><li><a href=#after-doctype-system-identifier-state>12.2.4.66 After DOCTYPE system identifier state</a><li><a href=#bogus-doctype-state>12.2.4.67 Bogus DOCTYPE state</a><li><a href=#cdata-section-state>12.2.4.68 CDATA section state</a><li><a href=#tokenizing-character-references>12.2.4.69 Tokenizing character references</a></ol><li><a href=#tree-construction>12.2.5 Tree construction</a><ol><li><a href=#creating-and-inserting-nodes>12.2.5.1 Creating and inserting nodes</a><li><a href=#parsing-elements-that-contain-only-text>12.2.5.2 Parsing elements that contain only text</a><li><a href=#closing-elements-that-have-implied-end-tags>12.2.5.3 Closing element
s that have implied end tags</a><li><a href=#parsing-main-inhtml>12.2.5.4 The rules for parsing tokens in HTML content</a><ol><li><a href=#the-initial-insertion-mode>12.2.5.4.1 The "initial" insertion mode</a><li><a href=#the-before-html-insertion-mode>12.2.5.4.2 The "before html" insertion mode</a><li><a href=#the-before-head-insertion-mode>12.2.5.4.3 The "before head" insertion mode</a><li><a href=#parsing-main-inhead>12.2.5.4.4 The "in head" insertion mode</a><li><a href=#parsing-main-inheadnoscript>12.2.5.4.5 The "in head noscript" insertion mode</a><li><a href=#the-after-head-insertion-mode>12.2.5.4.6 The "after head" insertion mode</a><li><a href=#parsing-main-inbody>12.2.5.4.7 The "in body" insertion mode</a><li><a href=#parsing-main-incdata>12.2.5.4.8 The "text" insertion mode</a><li><a href=#parsing-main-intable>12.2.5.4.9 The "in table" insertion mode</a><li><a href=#parsing-main-intabletext>12.2.5.4.10 The "in table text" insertion mode</a><li><a href=#parsing-mai
n-incaption>12.2.5.4.11 The "in caption" insertion mode</a><li><a href=#parsing-main-incolgroup>12.2.5.4.12 The "in column group" insertion mode</a><li><a href=#parsing-main-intbody>12.2.5.4.13 The "in table body" insertion mode</a><li><a href=#parsing-main-intr>12.2.5.4.14 The "in row" insertion mode</a><li><a href=#parsing-main-intd>12.2.5.4.15 The "in cell" insertion mode</a><li><a href=#parsing-main-inselect>12.2.5.4.16 The "in select" insertion mode</a><li><a href=#parsing-main-inselectintable>12.2.5.4.17 The "in select in table" insertion mode</a><li><a href=#parsing-main-intemplate>12.2.5.4.18 The "in template" insertion mode</a><li><a href=#parsing-main-afterbody>12.2.5.4.19 The "after body" insertion mode</a><li><a href=#parsing-main-inframeset>12.2.5.4.20 The "in frameset" insertion mode</a><li><a href=#parsing-main-afterframeset>12.2.5.4.21 The "after frameset" insertion mode</a><li><a href=#the-after-after-body-insertion-mode>12.2.5.4.22 The "after after body" in
sertion mode</a><li><a href=#the-after-after-frameset-insertion-mode>12.2.5.4.23 The "after after frameset" insertion mode</a></ol><li><a href=#parsing-main-inforeign>12.2.5.5 The rules for parsing tokens in foreign content</a></ol><li><a href=#the-end>12.2.6 The end</a><li><a href=#coercing-an-html-dom-into-an-infoset>12.2.7 Coercing an HTML DOM into an infoset</a><li><a href=#an-introduction-to-error-handling-and-strange-cases-in-the-parser>12.2.8 An introduction to error handling and strange cases in the parser</a><ol><li><a href=#misnested-tags:-b-i-/b-/i>12.2.8.1 Misnested tags: <b><i></b></i></a><li><a href=#misnested-tags:-b-p-/b-/p>12.2.8.2 Misnested tags: <b><p></b></p></a><li><a href=#unexpected-markup-in-tables>12.2.8.3 Unexpected markup in tables</a><li><a href=#scripts-that-modify-the-page-as-it-is-being-parsed>12.2.8.4 Scripts that modify the page as it is being parsed</a><li><a href=#the-execution-of-scripts-that-are-moving-across-multi
ple-documents>12.2.8.5 The execution of scripts that are moving across multiple documents</a><li><a href=#unclosed-formatting-elements>12.2.8.6 Unclosed formatting elements</a></ol></ol><li><a href=#serialising-html-fragments>12.3 Serialising HTML fragments</a><li><a href=#parsing-html-fragments>12.4 Parsing HTML fragments</a><li><a href=#named-character-references>12.5 Named character references</a></ol><li><a href=#the-xhtml-syntax>13 The XHTML syntax</a><ol><li><a href=#writing-xhtml-documents>13.1 Writing XHTML documents</a><li><a href=#parsing-xhtml-documents>13.2 Parsing XHTML documents</a><li><a href=#serialising-xhtml-fragments>13.3 Serialising XHTML fragments</a><li><a href=#parsing-xhtml-fragments>13.4 Parsing XHTML fragments</a></ol><li><a href=#rendering>14 Rendering</a><ol><li><a href=#introduction-17>14.1 Introduction</a><li><a href=#the-css-user-agent-style-sheet-and-presentational-hints>14.2 The CSS user agent style sheet and presentational hints</a><li><a hr
ef=#non-replaced-elements>14.3 Non-replaced elements</a><ol><li><a href=#hidden-elements>14.3.1 Hidden elements</a><li><a href=#the-page>14.3.2 The page</a><li><a href=#flow-content-3>14.3.3 Flow content</a><li><a href=#phrasing-content-3>14.3.4 Phrasing content</a><li><a href=#bidi-rendering>14.3.5 Bidirectional text</a><li><a href=#quotes>14.3.6 Quotes</a><li><a href=#sections-and-headings>14.3.7 Sections and headings</a><li><a href=#lists>14.3.8 Lists</a><li><a href=#tables-2>14.3.9 Tables</a><li><a href=#margin-collapsing-quirks>14.3.10 Margin collapsing quirks</a><li><a href=#form-controls>14.3.11 Form controls</a><li><a href=#the-hr-element-2>14.3.12 The <code>hr</code> element</a><li><a href=#the-fieldset-and-legend-elements>14.3.13 The <code>fieldset</code> and <code>legend</code> elements</a></ol><li><a href=#replaced-elements>14.4 Replaced elements</a><ol><li><a href=#embedded-content-rendering-rules>14.4.1 Embedded content</a><li><a href=#images-2>14.4.2 Images</a
><li><a href=#attributes-for-embedded-content-and-images>14.4.3 Attributes for embedded content and images</a><li><a href=#image-maps-2>14.4.4 Image maps</a></ol><li><a href=#bindings>14.5 Bindings</a><ol><li><a href=#introduction-18>14.5.1 Introduction</a><li><a href=#the-button-element-2>14.5.2 The <code>button</code> element</a><li><a href=#the-details-element-2>14.5.3 The <code>details</code> element</a><li><a href=#the-input-element-as-a-text-entry-widget>14.5.4 The <code>input</code> element as a text entry widget</a><li><a href=#the-input-element-as-domain-specific-widgets>14.5.5 The <code>input</code> element as domain-specific widgets</a><li><a href=#the-input-element-as-a-range-control>14.5.6 The <code>input</code> element as a range control</a><li><a href=#the-input-element-as-a-colour-well>14.5.7 The <code>input</code> element as a colour well</a><li><a href=#the-input-element-as-a-checkbox-and-radio-button-widgets>14.5.8 The <code>input</code> element as a check
box and radio button widgets</a><li><a href=#the-input-element-as-a-file-upload-control>14.5.9 The <code>input</code> element as a file upload control</a><li><a href=#the-input-element-as-a-button>14.5.10 The <code>input</code> element as a button</a><li><a href=#the-marquee-element>14.5.11 The <code>marquee</code> element</a><li><a href=#the-meter-element-2>14.5.12 The <code>meter</code> element</a><li><a href=#the-progress-element-2>14.5.13 The <code>progress</code> element</a><li><a href=#the-select-element-2>14.5.14 The <code>select</code> element</a><li><a href=#the-textarea-element-2>14.5.15 The <code>textarea</code> element</a><li><a href=#the-keygen-element-2>14.5.16 The <code>keygen</code> element</a></ol><li><a href=#frames-and-framesets>14.6 Frames and framesets</a><li><a href=#interactive-media>14.7 Interactive media</a><ol><li><a href=#links,-forms,-and-navigation>14.7.1 Links, forms, and navigation</a><li><a href=#the-title-attribute-2>14.7.2 The <code>title</c
ode> attribute</a><li><a href=#editing-hosts>14.7.3 Editing hosts</a><li><a href=#text-rendered-in-native-user-interfaces>14.7.4 Text rendered in native user interfaces</a></ol><li><a href=#print-media>14.8 Print media</a><li><a href=#unstyled-xml-documents>14.9 Unstyled XML documents</a></ol><li><a href=#obsolete>15 Obsolete features</a><ol><li><a href=#obsolete-but-conforming-features>15.1 Obsolete but conforming features</a><ol><li><a href=#warnings-for-obsolete-but-conforming-features>15.1.1 Warnings for obsolete but conforming features</a></ol><li><a href=#non-conforming-features>15.2 Non-conforming features</a><li><a href=#requirements-for-implementations>15.3 Requirements for implementations</a><ol><li><a href=#the-applet-element>15.3.1 The <code>applet</code> element</a><li><a href=#the-marquee-element-2>15.3.2 The <code>marquee</code> element</a><li><a href=#frames>15.3.3 Frames</a><li><a href=#other-elements,-attributes-and-apis>15.3.4 Other elements, attributes an
d APIs</a></ol></ol><li><a href=#iana>16 IANA considerations</a><ol><li><a href=#text/html>16.1 <code>text/html</code></a><li><a href=#multipart/x-mixed-replace>16.2 <code>multipart/x-mixed-replace</code></a><li><a href=#application/xhtml+xml>16.3 <code>application/xhtml+xml</code></a><li><a href=#application/x-www-form-urlencoded>16.4 <code>application/x-www-form-urlencoded</code></a><li><a href=#text/cache-manifest>16.5 <code>text/cache-manifest</code></a><li><a href=#text/ping>16.6 <code>text/ping</code></a><li><a href=#application/microdata+json>16.7 <code>application/microdata+json</code></a><li><a href=#ping-from>16.8 <code>Ping-From</code></a><li><a href=#ping-to>16.9 <code>Ping-To</code></a><li><a href=#web+-scheme-prefix>16.10 <code>web+</code> scheme prefix</a></ol><li><a href=#index>Index</a><ol><li><a href=#elements-3>Elements</a><li><a href=#element-content-categories>Element content categories</a><li><a href=#attributes-3>Attributes</a><li><a href=#element-inte
rfaces>Element Interfaces</a><li><a href=#all-interfaces>All Interfaces</a><li><a href=#events-2>Events</a><li><a href=#mime-types-2>MIME Types</a></ol><li><a href=#references>References</a><li><a href=#acknowledgements>Acknowledgements</a></ol>
@@ -60708,6 +60708,7 @@
</div>
+
<h5 id=writing-cache-manifests>7.7.3.2 Writing cache manifests</h5>
<p>Manifests must be served using the <code id=writing-cache-manifests:text/cache-manifest><a href=#text/cache-manifest>text/cache-manifest</a></code> <a href=#mime-type id=writing-cache-manifests:mime-type>MIME type</a>. All
@@ -60819,9 +60820,10 @@
second URL. All the other pages to be cached must be listed in <a href=#concept-appcache-manifest-explicit id=writing-cache-manifests:concept-appcache-manifest-explicit-3>explicit sections</a>.</p>
<p><a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-2>Fallback namespaces</a> and <a href=#concept-appcache-fallback id=writing-cache-manifests:concept-appcache-fallback>fallback entries</a> must have the <a href=#same-origin id=writing-cache-manifests:same-origin>same origin</a>
- as the manifest itself.</p>
+ as the manifest itself. <a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-3>Fallback namespaces</a>
+ must also be <span>in the same path</span> as the manifest's URL.</p>
- <p>A <a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-3>fallback namespace</a> must not be listed more
+ <p>A <a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-4>fallback namespace</a> must not be listed more
than once.</p>
<p>Namespaces that the user agent is to put into the <a href=#concept-appcache-onlinewhitelist id=writing-cache-manifests:concept-appcache-onlinewhitelist>online whitelist</a> must all be specified in <a href=#concept-appcache-manifest-network id=writing-cache-manifests:concept-appcache-manifest-network-2>online whitelist sections</a>. (This is needed for
@@ -60840,7 +60842,7 @@
<p>URLs in manifests must not have fragment identifiers (i.e. the U+0023 NUMBER SIGN character
isn't allowed in URLs in manifests).</p>
- <p><a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-4>Fallback namespaces</a> and namespaces in the
+ <p><a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-5>Fallback namespaces</a> and namespaces in the
<a href=#concept-appcache-onlinewhitelist id=writing-cache-manifests:concept-appcache-onlinewhitelist-4>online whitelist</a> are matched by <a href=#prefix-match id=writing-cache-manifests:prefix-match-2>prefix
match</a>.</p>
@@ -60861,7 +60863,10 @@
<li><p>Let <var>base URL</var> be the <a href=#absolute-url id=parsing-cache-manifests:absolute-url>absolute URL</a> representing the
- manifest.<li><p>Apply the <a href=#url-parser id=parsing-cache-manifests:url-parser>URL parser</a> steps to the <var>base URL</var>, so that the
+ manifest.<li><p>Apply the <a href=#url-parser id=parsing-cache-manifests:url-parser>URL parser</a> to <var>base URL</var>, and let <var>manifest path</var>
+ be the <a href=#concept-url-path id=parsing-cache-manifests:concept-url-path>path</a> component thus obtained.<li><p>Remove all the characters in <var>manifest path</var> after the last U+002F SOLIDUS
+ character (/), if any. (The first character and the last character in <var>manifest path</var>
+ after this step will both be slashes, the URL path separator character.)<li><p>Apply the <a href=#url-parser id=parsing-cache-manifests:url-parser-2>URL parser</a> steps to the <var>base URL</var>, so that the
components from its <a href=#parsed-url id=parsing-cache-manifests:parsed-url>parsed URL</a> can be used by the subseqent steps of this
algorithm.<li><p>Let <var>explicit URLs</var> be an initially empty list of <a href=#absolute-url id=parsing-cache-manifests:absolute-url-2>absolute URLs</a> for <a href=#concept-appcache-explicit id=parsing-cache-manifests:concept-appcache-explicit>explicit
entries</a>.<li><p>Let <var>fallback URLs</var> be an initially empty mapping of <a href=#concept-appcache-fallback-ns id=parsing-cache-manifests:concept-appcache-fallback-ns>fallback namespaces</a> to <a href=#absolute-url id=parsing-cache-manifests:absolute-url-3>absolute URLs</a> for <a href=#concept-appcache-fallback id=parsing-cache-manifests:concept-appcache-fallback>fallback
@@ -60934,7 +60939,13 @@
<var>part two</var> does not have the <a href=#same-origin id=parsing-cache-manifests:same-origin>same origin</a> as the manifest's URL,
then jump back to the step labeled <i>start of line</i>.</p>
+ <p>Let <var>part one path</var> be the <a href=#concept-url-path id=parsing-cache-manifests:concept-url-path-2>path</a> component
+ of the <a href=#resulting-parsed-url id=parsing-cache-manifests:resulting-parsed-url>resulting parsed URL</a> for <var>part one</var>.</p>
+ <p>If <var>manifest path</var> is not a <a href=#prefix-match id=parsing-cache-manifests:prefix-match>prefix match</a> for <var>part one
+ path</var>, then jump back to the step labeled <i>start of line</i>.</p>
+
+
<p>Let <var>part one</var> be the result of applying the <a href=#concept-url-serialiser id=parsing-cache-manifests:concept-url-serialiser-2>URL serialiser</a> algorithm to the first resulting
<a href=#parsed-url id=parsing-cache-manifests:parsed-url-4>parsed URL</a>, with the <i>exclude fragment flag</i> set.</p>
@@ -61625,8 +61636,40 @@
- <h4 id=application-cache-api>7.7.9 Application cache API</h4>
+ <h4 id=security-concerns-with-offline-applications-caches>7.7.9 Security concerns with offline applications caches</h4>
+ <p><i>This section is non-normative.</i></p>
+
+ <p>The main risk introduced by offline application caches is that an injection attack can be
+ elevated into persistent site-wide page replacement. This attack involves using an injection
+ vulnerability to upload two files to the victim site. The first file is an application cache
+ manifest consisting of just a fallback entry pointing to the second file, which is an HTML page
+ whose manifest is declared as that first file. Once the user has been directed to that second
+ file, all subsequent accesses to any file covered by the given fallback namespace while either the
+ user or the site is offline will instead show that second file. Targetted denial-of-service
+ attacks can be used to ensure that the site appears offline.</p>
+
+ <p>To mitigate this, manifests can only specify fallbacks that are in the same path as the
+ manifest itself. This means that a content injection upload vulnerability in a particular
+ directory on a server can only be escalated to a take-over of that directory and its
+ subdirectories. If there is no way to inject a file into the root directory, the entire site
+ cannot be taken over.</p>
+
+ <p>If a site has been attacked in this way, simply removing the offending manifest will eventually
+ clear the problem, since the next time the manifest is updated, a 404 error will be seen, and the
+ user agent will clear the cache. "Eventually" is the key word here, however; while the attack on
+ the user or server is ongoing, such that connections from an affected user to the affected site
+ are blocked, the user agent will simply assume that the user is offline and will continue to use
+ the hostile manifest.</p>
+
+ <p>TLS does not inherently protect a site from this attack, since the attack relies on content
+ being served from the server itself. Not using application caches also does not prevent this
+ attack, since the attack relies on an attacker-provided manifest.</p>
+
+
+
+ <h4 id=application-cache-api>7.7.10 Application cache API</h4>
+
<pre class=idl>[Exposed=Window,SharedWorker]
interface <dfn id=applicationcache>ApplicationCache</dfn> : <a href=#eventtarget id=application-cache-api:eventtarget>EventTarget</a> {
@@ -61799,7 +61842,7 @@
- <h4 id=browser-state>7.7.10 Browser state</h4>
+ <h4 id=browser-state>7.7.11 Browser state</h4>
<pre class=idl>[NoInterfaceObject, Exposed=Window,Worker]
interface <dfn id=navigatoronline>NavigatorOnLine</dfn> {
Modified: index
===================================================================
--- index 2014-09-02 22:34:58 UTC (rev 8738)
+++ index 2014-09-03 21:39:34 UTC (rev 8739)
@@ -291,7 +291,7 @@
</style><link rel=stylesheet href=status.css><body onload=init()>
<header id=head class="head with-buttons">
<p><a href=//www.whatwg.org/ class=logo><img src=/images/logo width=101 alt=WHATWG height=101></a></p>
- <hgroup><h1 class=allcaps>HTML</h1><h2 id=living-standard-—-last-updated-[date:-01-jan-1901] class="no-num no-toc">Living Standard — Last Updated <span class=pubdate>2 September 2014</span></h2></hgroup>
+ <hgroup><h1 class=allcaps>HTML</h1><h2 id=living-standard-—-last-updated-[date:-01-jan-1901] class="no-num no-toc">Living Standard — Last Updated <span class=pubdate>3 September 2014</span></h2></hgroup>
<nav>
<div>
@@ -334,7 +334,7 @@
on a <code>label</code> element to define a command</a><li><a href=#using-the-accesskey-attribute-on-a-legend-element-to-define-a-command>4.11.6.9 Using the <code>accesskey</code> attribute
on a <code>legend</code> element to define a command</a><li><a href=#using-the-accesskey-attribute-to-define-a-command-on-other-elements>4.11.6.10 Using the <code>accesskey</code>
attribute to define a command on other elements</a></ol><li><a href=#the-dialog-element>4.11.7 The <code>dialog</code> element</a><ol><li><a href=#anchor-points>4.11.7.1 Anchor points</a></ol></ol><li><a href=#scripting-3>4.12 Scripting</a><ol><li><a href=#the-script-element>4.12.1 The <code>script</code> element</a><ol><li><a href=#scriptingLanguages>4.12.1.1 Scripting languages</a><li><a href=#restrictions-for-contents-of-script-elements>4.12.1.2 Restrictions for contents of <code>script</code> elements</a><li><a href=#inline-documentation-for-external-scripts>4.12.1.3 Inline documentation for external scripts</a><li><a href=#scriptTagXSLT>4.12.1.4 Interaction of <code>script</code> elements and XSLT</a></ol><li><a href=#the-noscript-element>4.12.2 The <code>noscript</code> element</a><li><a href=#the-template-element>4.12.3 The <code>template</code> element</a><ol><li><a href=#template-XSLT-XPath>4.12.3.1 Interaction of <code>template</code> elements with XSLT and XPath
</a></ol><li><a href=#the-canvas-element>4.12.4 The <code>canvas</code> element</a><ol><li><a href=#proxying-canvases-to-workers>4.12.4.1 Proxying canvases to workers</a><li><a href=#2dcontext>4.12.4.2 The 2D rendering context</a><ol><li><a href=#implementation-notes>4.12.4.2.1 Implementation notes</a><li><a href=#the-canvas-state>4.12.4.2.2 The canvas state</a><li><a href=#drawingstyle-objects>4.12.4.2.3 <code>DrawingStyle</code> objects</a><li><a href=#line-styles>4.12.4.2.4 Line styles</a><li><a href=#text-styles>4.12.4.2.5 Text styles</a><li><a href=#building-paths>4.12.4.2.6 Building paths</a><li><a href=#path2d-objects>4.12.4.2.7 <code>Path2D</code> objects</a><li><a href=#transformations>4.12.4.2.8 Transformations</a><li><a href=#image-sources-for-2d-rendering-contexts>4.12.4.2.9 Image sources for 2D rendering contexts</a><li><a href=#fill-and-stroke-styles>4.12.4.2.10 Fill and stroke styles</a><li><a href=#drawing-rectangles-to-the-bitmap>4.12.4.2.11 Drawing rectangl
es to the bitmap</a><li><a href=#drawing-text-to-the-bitmap>4.12.4.2.12 Drawing text to the bitmap</a><li><a href=#drawing-paths-to-the-canvas>4.12.4.2.13 Drawing paths to the canvas</a><li><a href=#drawing-images>4.12.4.2.14 Drawing images</a><li><a href=#hit-regions>4.12.4.2.15 Hit regions</a><li><a href=#pixel-manipulation>4.12.4.2.16 Pixel manipulation</a><li><a href=#compositing>4.12.4.2.17 Compositing</a><li><a href=#image-smoothing>4.12.4.2.18 Image smoothing</a><li><a href=#shadows>4.12.4.2.19 Shadows</a><li><a href=#drawing-model>4.12.4.2.20 Drawing model</a><li><a href=#best-practices>4.12.4.2.21 Best practices</a><li><a href=#examples>4.12.4.2.22 Examples</a></ol><li><a href=#colour-spaces-and-colour-correction>4.12.4.3 Colour spaces and colour correction</a><li><a href=#serialising-bitmaps-to-a-file>4.12.4.4 Serialising bitmaps to a file</a><li><a href=#security-with-canvas-elements>4.12.4.5 Security with <code>canvas</code> elements</a></ol></ol><li><a href=#com
mon-idioms>4.13 Common idioms without dedicated elements</a><ol><li><a href=#the-main-part-of-the-content>4.13.1 The main part of the content</a><li><a href=#rel-up>4.13.2 Bread crumb navigation</a><li><a href=#tag-clouds>4.13.3 Tag clouds</a><li><a href=#conversations>4.13.4 Conversations</a><li><a href=#footnotes>4.13.5 Footnotes</a></ol><li><a href=#disabled-elements>4.14 Disabled elements</a><li><a href=#selectors>4.15 Matching HTML elements using selectors</a><ol><li><a href=#case-sensitivity>4.15.1 Case-sensitivity</a><li><a href=#pseudo-classes>4.15.2 Pseudo-classes</a></ol></ol><li><a href=#microdata>5 Microdata</a><ol><li><a href=#introduction-7>5.1 Introduction</a><ol><li><a href=#overview>5.1.1 Overview</a><li><a href=#the-basic-syntax>5.1.2 The basic syntax</a><li><a href=#typed-items>5.1.3 Typed items</a><li><a href=#global-identifiers-for-items>5.1.4 Global identifiers for items</a><li><a href=#selecting-names-when-defining-vocabularies>5.1.5 Selecting names wh
en defining vocabularies</a><li><a href=#using-the-microdata-dom-api>5.1.6 Using the microdata DOM API</a></ol><li><a href=#encoding-microdata>5.2 Encoding microdata</a><ol><li><a href=#the-microdata-model>5.2.1 The microdata model</a><li><a href=#items>5.2.2 Items</a><li><a href=#names:-the-itemprop-attribute>5.2.3 Names: the <code>itemprop</code> attribute</a><li><a href=#values>5.2.4 Values</a><li><a href=#associating-names-with-items>5.2.5 Associating names with items</a><li><a href=#microdata-and-other-namespaces>5.2.6 Microdata and other namespaces</a></ol><li><a href=#microdata-dom-api>5.3 Microdata DOM API</a><li><a href=#mdvocabs>5.4 Sample microdata vocabularies</a><ol><li><a href=#vcard>5.4.1 vCard</a><ol><li><a href=#conversion-to-vcard>5.4.1.1 Conversion to vCard</a><li><a href=#examples-2>5.4.1.2 Examples</a></ol><li><a href=#vevent>5.4.2 vEvent</a><ol><li><a href=#conversion-to-icalendar>5.4.2.1 Conversion to iCalendar</a><li><a href=#examples-3>5.4.2.2 Exampl
es</a></ol><li><a href=#licensing-works>5.4.3 Licensing works</a><ol><li><a href=#examples-4>5.4.3.1 Examples</a></ol></ol><li><a href=#converting-html-to-other-formats>5.5 Converting HTML to other formats</a><ol><li><a href=#json>5.5.1 JSON</a></ol></ol><li><a href=#editing>6 User interaction</a><ol><li><a href=#the-hidden-attribute>6.1 The <code>hidden</code> attribute</a><li><a href=#inert-subtrees>6.2 Inert subtrees</a><li><a href=#activation>6.3 Activation</a><li><a href=#focus>6.4 Focus</a><ol><li><a href=#introduction-8>6.4.1 Introduction</a><li><a href=#data-model>6.4.2 Data model</a><li><a href=#the-tabindex-attribute>6.4.3 The <code>tabindex</code> attribute</a><li><a href=#processing-model-6>6.4.4 Processing model</a><li><a href=#sequential-focus-navigation>6.4.5 Sequential focus navigation</a><li><a href=#focus-management-apis>6.4.6 Focus management APIs</a></ol><li><a href=#assigning-keyboard-shortcuts>6.5 Assigning keyboard shortcuts</a><ol><li><a href=#introdu
ction-9>6.5.1 Introduction</a><li><a href=#the-accesskey-attribute>6.5.2 The <code>accesskey</code> attribute</a><li><a href=#processing-model-7>6.5.3 Processing model</a></ol><li><a href=#editing-2>6.6 Editing</a><ol><li><a href=#contenteditable>6.6.1 Making document regions editable: The <code>contenteditable</code> content attribute</a><li><a href=#making-entire-documents-editable:-the-designmode-idl-attribute>6.6.2 Making entire documents editable: The <code>designMode</code> IDL attribute</a><li><a href=#best-practices-for-in-page-editors>6.6.3 Best practices for in-page editors</a><li><a href=#editing-apis>6.6.4 Editing APIs</a><li><a href=#spelling-and-grammar-checking>6.6.5 Spelling and grammar checking</a></ol><li><a href=#dnd>6.7 Drag and drop</a><ol><li><a href=#introduction-10>6.7.1 Introduction</a><li><a href=#the-drag-data-store>6.7.2 The drag data store</a><li><a href=#the-datatransfer-interface>6.7.3 The <code>DataTransfer</code> interface</a><ol><li><a href=
#the-datatransferitemlist-interface>6.7.3.1 The <code>DataTransferItemList</code> interface</a><li><a href=#the-datatransferitem-interface>6.7.3.2 The <code>DataTransferItem</code> interface</a></ol><li><a href=#the-dragevent-interface>6.7.4 The <code>DragEvent</code> interface</a><li><a href=#drag-and-drop-processing-model>6.7.5 Drag-and-drop processing model</a><li><a href=#dndevents>6.7.6 Events summary</a><li><a href=#the-draggable-attribute>6.7.7 The <code>draggable</code> attribute</a><li><a href=#the-dropzone-attribute>6.7.8 The <code>dropzone</code> attribute</a><li><a href=#security-risks-in-the-drag-and-drop-model>6.7.9 Security risks in the drag-and-drop model</a></ol></ol><li><a href=#browsers>7 Loading Web pages</a><ol><li><a href=#windows>7.1 Browsing contexts</a><ol><li><a href=#nested-browsing-contexts>7.1.1 Nested browsing contexts</a><ol><li><a href=#navigating-nested-browsing-contexts-in-the-dom>7.1.1.1 Navigating nested browsing contexts in the DOM</a></o
l><li><a href=#auxiliary-browsing-contexts>7.1.2 Auxiliary browsing contexts</a><ol><li><a href=#navigating-auxiliary-browsing-contexts-in-the-dom>7.1.2.1 Navigating auxiliary browsing contexts in the DOM</a></ol><li><a href=#secondary-browsing-contexts>7.1.3 Secondary browsing contexts</a><li><a href=#security-nav>7.1.4 Security</a><li><a href=#groupings-of-browsing-contexts>7.1.5 Groupings of browsing contexts</a><li><a href=#browsing-context-names>7.1.6 Browsing context names</a></ol><li><a href=#the-window-object>7.2 The <code>Window</code> object</a><ol><li><a href=#security-window>7.2.1 Security</a><li><a href=#apis-for-creating-and-navigating-browsing-contexts-by-name>7.2.2 APIs for creating and navigating browsing contexts by name</a><li><a href=#accessing-other-browsing-contexts>7.2.3 Accessing other browsing contexts</a><li><a href=#named-access-on-the-window-object>7.2.4 Named access on the <code>Window</code> object</a><li><a href=#garbage-collection-and-browsing
-contexts>7.2.5 Garbage collection and browsing contexts</a><li><a href=#closing-browsing-contexts>7.2.6 Closing browsing contexts</a><li><a href=#browser-interface-elements>7.2.7 Browser interface elements</a><li><a href=#the-windowproxy-object>7.2.8 The <code>WindowProxy</code> object</a></ol><li><a href=#origin>7.3 Origin</a><ol><li><a href=#relaxing-the-same-origin-restriction>7.3.1 Relaxing the same-origin restriction</a></ol><li><a href=#sandboxing>7.4 Sandboxing</a><li><a href=#history>7.5 Session history and navigation</a><ol><li><a href=#the-session-history-of-browsing-contexts>7.5.1 The session history of browsing contexts</a><li><a href=#the-history-interface>7.5.2 The <code>History</code> interface</a><li><a href=#the-location-interface>7.5.3 The <code>Location</code> interface</a><ol><li><a href=#security-location>7.5.3.1 Security</a></ol><li><a href=#history-notes>7.5.4 Implementation notes for session history</a></ol><li><a href=#browsing-the-web>7.6 Browsing
the Web</a><ol><li><a href=#navigating-across-documents>7.6.1 Navigating across documents</a><li><a href=#read-html>7.6.2 Page load processing model for HTML files</a><li><a href=#read-xml>7.6.3 Page load processing model for XML files</a><li><a href=#read-text>7.6.4 Page load processing model for text files</a><li><a href=#read-multipart-x-mixed-replace>7.6.5 Page load processing model for <code>multipart/x-mixed-replace</code> resources</a><li><a href=#read-media>7.6.6 Page load processing model for media</a><li><a href=#read-plugin>7.6.7 Page load processing model for content that uses plugins</a><li><a href=#read-ua-inline>7.6.8 Page load processing model for inline
- content that doesn't have a DOM</a><li><a href=#scroll-to-fragid>7.6.9 Navigating to a fragment identifier</a><li><a href=#history-traversal>7.6.10 History traversal</a><ol><li><a href=#the-popstateevent-interface>7.6.10.1 The <code>PopStateEvent</code> interface</a><li><a href=#the-hashchangeevent-interface>7.6.10.2 The <code>HashChangeEvent</code> interface</a><li><a href=#the-pagetransitionevent-interface>7.6.10.3 The <code>PageTransitionEvent</code> interface</a></ol><li><a href=#unloading-documents>7.6.11 Unloading documents</a><ol><li><a href=#the-beforeunloadevent-interface>7.6.11.1 The <code>BeforeUnloadEvent</code> interface</a></ol><li><a href=#aborting-a-document-load>7.6.12 Aborting a document load</a></ol><li><a href=#offline>7.7 Offline Web applications</a><ol><li><a href=#introduction-11>7.7.1 Introduction</a><ol><li><a href=#supporting-offline-caching-for-legacy-applications>7.7.1.1 Supporting offline caching for legacy applications</a><li><a href=#appcache
events>7.7.1.2 Event summary</a></ol><li><a href=#appcache>7.7.2 Application caches</a><li><a href=#manifests>7.7.3 The cache manifest syntax</a><ol><li><a href=#some-sample-manifests>7.7.3.1 Some sample manifests</a><li><a href=#writing-cache-manifests>7.7.3.2 Writing cache manifests</a><li><a href=#parsing-cache-manifests>7.7.3.3 Parsing cache manifests</a></ol><li><a href=#downloading-or-updating-an-application-cache>7.7.4 Downloading or updating an application cache</a><li><a href=#the-application-cache-selection-algorithm>7.7.5 The application cache selection algorithm</a><li><a href=#changesToNetworkingModel>7.7.6 Changes to the networking model</a><li><a href=#expiring-application-caches>7.7.7 Expiring application caches</a><li><a href=#disk-space>7.7.8 Disk space</a><li><a href=#application-cache-api>7.7.9 Application cache API</a><li><a href=#browser-state>7.7.10 Browser state</a></ol></ol><li><a href=#webappapis>8 Web application APIs</a><ol><li><a href=#scripting>
8.1 Scripting</a><ol><li><a href=#introduction-12>8.1.1 Introduction</a><li><a href=#enabling-and-disabling-scripting>8.1.2 Enabling and disabling scripting</a><li><a href=#processing-model-8>8.1.3 Processing model</a><ol><li><a href=#definitions-2>8.1.3.1 Definitions</a><li><a href=#script-settings-for-browsing-contexts>8.1.3.2 Script settings for browsing contexts</a><li><a href=#calling-scripts>8.1.3.3 Calling scripts</a><li><a href=#creating-scripts>8.1.3.4 Creating scripts</a><li><a href=#killing-scripts>8.1.3.5 Killing scripts</a><li><a href=#runtime-script-errors>8.1.3.6 Runtime script errors</a><ol><li><a href=#runtime-script-errors-in-documents>8.1.3.6.1 Runtime script errors in documents</a><li><a href=#the-errorevent-interface>8.1.3.6.2 The <code>ErrorEvent</code> interface</a></ol></ol><li><a href=#event-loops>8.1.4 Event loops</a><ol><li><a href=#definitions-3>8.1.4.1 Definitions</a><li><a href=#processing-model-9>8.1.4.2 Processing model</a><li><a href=#generic
-task-sources>8.1.4.3 Generic task sources</a></ol><li><a href=#events>8.1.5 Events</a><ol><li><a href=#event-handler-attributes>8.1.5.1 Event handlers</a><li><a href=#event-handlers-on-elements,-document-objects,-and-window-objects>8.1.5.2 Event handlers on elements, <code>Document</code> objects, and <code>Window</code> objects</a><ol><li><a href=#idl-definitions>8.1.5.2.1 IDL definitions</a></ol><li><a href=#event-firing>8.1.5.3 Event firing</a><li><a href=#events-and-the-window-object>8.1.5.4 Events and the <code>Window</code> object</a></ol></ol><li><a href=#atob>8.2 Base64 utility methods</a><li><a href=#dynamic-markup-insertion>8.3 Dynamic markup insertion</a><ol><li><a href=#opening-the-input-stream>8.3.1 Opening the input stream</a><li><a href=#closing-the-input-stream>8.3.2 Closing the input stream</a><li><a href=#document.write()>8.3.3 <code>document.write()</code></a><li><a href=#document.writeln()>8.3.4 <code>document.writeln()</code></a></ol><li><a href=#timers
>8.4 Timers</a><li><a href=#user-prompts>8.5 User prompts</a><ol><li><a href=#simple-dialogs>8.5.1 Simple dialogs</a><li><a href=#printing>8.5.2 Printing</a><li><a href=#dialogs-implemented-using-separate-documents>8.5.3 Dialogs implemented using separate documents</a></ol><li><a href=#system-state-and-capabilities>8.6 System state and capabilities</a><ol><li><a href=#the-navigator-object>8.6.1 The <code>Navigator</code> object</a><ol><li><a href=#client-identification>8.6.1.1 Client identification</a><li><a href=#language-preferences>8.6.1.2 Language preferences</a><li><a href=#custom-handlers>8.6.1.3 Custom scheme and content handlers</a><ol><li><a href=#security-and-privacy>8.6.1.3.1 Security and privacy</a><li><a href=#sample-handler-impl>8.6.1.3.2 Sample user interface</a></ol><li><a href=#manually-releasing-the-storage-mutex>8.6.1.4 Manually releasing the storage mutex</a><li><a href=#plugins-2>8.6.1.5 Plugins</a></ol><li><a href=#the-external-interface>8.6.2 The <code
>External</code> interface</a></ol><li><a href=#images>8.7 Images</a></ol><li><a href=#comms>9 Communication</a><ol><li><a href=#the-messageevent-interfaces>9.1 The <code>MessageEvent</code> interfaces</a><li><a href=#server-sent-events>9.2 Server-sent events</a><ol><li><a href=#server-sent-events-intro>9.2.1 Introduction</a><li><a href=#the-eventsource-interface>9.2.2 The <code>EventSource</code> interface</a><li><a href=#processing-model-10>9.2.3 Processing model</a><li><a href=#parsing-an-event-stream>9.2.4 Parsing an event stream</a><li><a href=#event-stream-interpretation>9.2.5 Interpreting an event stream</a><li><a href=#authoring-notes>9.2.6 Authoring notes</a><li><a href=#eventsource-push>9.2.7 Connectionless push and other features</a><li><a href=#garbage-collection-2>9.2.8 Garbage collection</a><li><a href=#implementation-advice>9.2.9 Implementation advice</a><li><a href=#iana-considerations>9.2.10 IANA considerations</a><ol><li><a href=#text/event-stream>9.2.10.1
<code>text/event-stream</code></a><li><a href=#last-event-id>9.2.10.2 <code>Last-Event-ID</code></a></ol></ol><li><a href=#network>9.3 Web sockets</a><ol><li><a href=#network-intro>9.3.1 Introduction</a><li><a href=#the-websocket-interface>9.3.2 The <code>WebSocket</code> interface</a><li><a href=#feedback-from-the-protocol>9.3.3 Feedback from the protocol</a><li><a href=#ping-and-pong-frames>9.3.4 Ping and Pong frames</a><li><a href=#parsing-websocket-urls>9.3.5 Parsing WebSocket URLs</a><li><a href=#the-closeevent-interfaces>9.3.6 The <code>CloseEvent</code> interfaces</a><li><a href=#garbage-collection-3>9.3.7 Garbage collection</a></ol><li><a href=#web-messaging>9.4 Cross-document messaging</a><ol><li><a href=#introduction-13>9.4.1 Introduction</a><li><a href=#security-postmsg>9.4.2 Security</a><ol><li><a href=#authors>9.4.2.1 Authors</a><li><a href=#user-agents>9.4.2.2 User agents</a></ol><li><a href=#posting-messages>9.4.3 Posting messages</a></ol><li><a href=#channel-
messaging>9.5 Channel messaging</a><ol><li><a href=#introduction-14>9.5.1 Introduction</a><ol><li><a href=#examples-5>9.5.1.1 Examples</a><li><a href=#ports-as-the-basis-of-an-object-capability-model-on-the-web>9.5.1.2 Ports as the basis of an object-capability model on the Web</a><li><a href=#ports-as-the-basis-of-abstracting-out-service-implementations>9.5.1.3 Ports as the basis of abstracting out service implementations</a></ol><li><a href=#message-channels>9.5.2 Message channels</a><li><a href=#message-ports>9.5.3 Message ports</a><li><a href=#broadcasting-to-many-ports>9.5.4 Broadcasting to many ports</a><li><a href=#ports-and-garbage-collection>9.5.5 Ports and garbage collection</a></ol><li><a href=#broadcasting-to-other-browsing-contexts>9.6 Broadcasting to other browsing contexts</a></ol><li><a href=#workers>10 Web workers</a><ol><li><a href=#introduction-15>10.1 Introduction</a><ol><li><a href=#scope-2>10.1.1 Scope</a><li><a href=#examples-6>10.1.2 Examples</a><ol><
li><a href=#a-background-number-crunching-worker>10.1.2.1 A background number-crunching worker</a><li><a href=#worker-used-for-background-i/o>10.1.2.2 Worker used for background I/O</a><li><a href=#shared-workers-introduction>10.1.2.3 Shared workers introduction</a><li><a href=#shared-state-using-a-shared-worker>10.1.2.4 Shared state using a shared worker</a><li><a href=#delegation>10.1.2.5 Delegation</a></ol><li><a href=#tutorials>10.1.3 Tutorials</a><ol><li><a href=#creating-a-dedicated-worker>10.1.3.1 Creating a dedicated worker</a><li><a href=#communicating-with-a-dedicated-worker>10.1.3.2 Communicating with a dedicated worker</a><li><a href=#shared-workers>10.1.3.3 Shared workers</a></ol></ol><li><a href=#infrastructure-2>10.2 Infrastructure</a><ol><li><a href=#the-global-scope>10.2.1 The global scope</a><ol><li><a href=#the-workerglobalscope-common-interface>10.2.1.1 The <code>WorkerGlobalScope</code> common interface</a><li><a href=#dedicated-workers-and-the-dedicated
workerglobalscope-interface>10.2.1.2 Dedicated workers and the <code>DedicatedWorkerGlobalScope</code> interface</a><li><a href=#shared-workers-and-the-sharedworkerglobalscope-interface>10.2.1.3 Shared workers and the <code>SharedWorkerGlobalScope</code> interface</a></ol><li><a href=#worker-event-loop>10.2.2 The event loop</a><li><a href="#the-worker's-lifetime">10.2.3 The worker's lifetime</a><li><a href=#processing-model-11>10.2.4 Processing model</a><li><a href=#runtime-script-errors-2>10.2.5 Runtime script errors</a><li><a href=#creating-workers>10.2.6 Creating workers</a><ol><li><a href=#the-abstractworker-abstract-interface>10.2.6.1 The <code>AbstractWorker</code> abstract interface</a><li><a href=#script-settings-for-workers>10.2.6.2 Script settings for workers</a><li><a href=#dedicated-workers-and-the-worker-interface>10.2.6.3 Dedicated workers and the <code>Worker</code> interface</a><li><a href=#shared-workers-and-the-sharedworker-interface>10.2.6.4 Shared workers
and the <code>SharedWorker</code> interface</a></ol></ol><li><a href=#apis-available-to-workers>10.3 APIs available to workers</a><ol><li><a href=#importing-scripts-and-libraries>10.3.1 Importing scripts and libraries</a><li><a href=#the-workernavigator-object>10.3.2 The <code>WorkerNavigator</code> object</a><li><a href=#worker-locations>10.3.3 Worker locations</a></ol></ol><li><a href=#webstorage>11 Web storage</a><ol><li><a href=#introduction-16>11.1 Introduction</a><li><a href=#storage>11.2 The API</a><ol><li><a href=#the-storage-interface>11.2.1 The <code>Storage</code> interface</a><li><a href=#the-sessionstorage-attribute>11.2.2 The <code>sessionStorage</code> attribute</a><li><a href=#the-localstorage-attribute>11.2.3 The <code>localStorage</code> attribute</a><li><a href=#the-storage-event>11.2.4 The <code>storage</code> event</a><ol><li><a href=#the-storageevent-interface>11.2.4.1 The <code>StorageEvent</code> interface</a></ol><li><a href=#threads>11.2.5 Threads<
/a></ol><li><a href=#disk-space-2>11.3 Disk space</a><li><a href=#privacy>11.4 Privacy</a><ol><li><a href=#user-tracking>11.4.1 User tracking</a><li><a href=#sensitivity-of-data>11.4.2 Sensitivity of data</a></ol><li><a href=#security-storage>11.5 Security</a><ol><li><a href=#dns-spoofing-attacks>11.5.1 DNS spoofing attacks</a><li><a href=#cross-directory-attacks>11.5.2 Cross-directory attacks</a><li><a href=#implementation-risks>11.5.3 Implementation risks</a></ol></ol><li><a href=#syntax>12 The HTML syntax</a><ol><li><a href=#writing>12.1 Writing HTML documents</a><ol><li><a href=#the-doctype>12.1.1 The DOCTYPE</a><li><a href=#elements-2>12.1.2 Elements</a><ol><li><a href=#start-tags>12.1.2.1 Start tags</a><li><a href=#end-tags>12.1.2.2 End tags</a><li><a href=#attributes-2>12.1.2.3 Attributes</a><li><a href=#optional-tags>12.1.2.4 Optional tags</a><li><a href=#element-restrictions>12.1.2.5 Restrictions on content models</a><li><a href=#cdata-rcdata-restrictions>12.1.2.6 R
estrictions on the contents of raw text and escapable raw text elements</a></ol><li><a href=#text-2>12.1.3 Text</a><ol><li><a href=#newlines>12.1.3.1 Newlines</a></ol><li><a href=#character-references>12.1.4 Character references</a><li><a href=#cdata-sections>12.1.5 CDATA sections</a><li><a href=#comments>12.1.6 Comments</a></ol><li><a href=#parsing>12.2 Parsing HTML documents</a><ol><li><a href=#overview-of-the-parsing-model>12.2.1 Overview of the parsing model</a><li><a href=#the-input-byte-stream>12.2.2 The input byte stream</a><ol><li><a href=#parsing-with-a-known-character-encoding>12.2.2.1 Parsing with a known character encoding</a><li><a href=#determining-the-character-encoding>12.2.2.2 Determining the character encoding</a><li><a href=#character-encodings>12.2.2.3 Character encodings</a><li><a href=#changing-the-encoding-while-parsing>12.2.2.4 Changing the encoding while parsing</a><li><a href=#preprocessing-the-input-stream>12.2.2.5 Preprocessing the input stream</a
></ol><li><a href=#parse-state>12.2.3 Parse state</a><ol><li><a href=#the-insertion-mode>12.2.3.1 The insertion mode</a><li><a href=#the-stack-of-open-elements>12.2.3.2 The stack of open elements</a><li><a href=#the-list-of-active-formatting-elements>12.2.3.3 The list of active formatting elements</a><li><a href=#the-element-pointers>12.2.3.4 The element pointers</a><li><a href=#other-parsing-state-flags>12.2.3.5 Other parsing state flags</a></ol><li><a href=#tokenization>12.2.4 Tokenization</a><ol><li><a href=#data-state>12.2.4.1 Data state</a><li><a href=#character-reference-in-data-state>12.2.4.2 Character reference in data state</a><li><a href=#rcdata-state>12.2.4.3 RCDATA state</a><li><a href=#character-reference-in-rcdata-state>12.2.4.4 Character reference in RCDATA state</a><li><a href=#rawtext-state>12.2.4.5 RAWTEXT state</a><li><a href=#script-data-state>12.2.4.6 Script data state</a><li><a href=#plaintext-state>12.2.4.7 PLAINTEXT state</a><li><a href=#tag-open-stat
e>12.2.4.8 Tag open state</a><li><a href=#end-tag-open-state>12.2.4.9 End tag open state</a><li><a href=#tag-name-state>12.2.4.10 Tag name state</a><li><a href=#rcdata-less-than-sign-state>12.2.4.11 RCDATA less-than sign state</a><li><a href=#rcdata-end-tag-open-state>12.2.4.12 RCDATA end tag open state</a><li><a href=#rcdata-end-tag-name-state>12.2.4.13 RCDATA end tag name state</a><li><a href=#rawtext-less-than-sign-state>12.2.4.14 RAWTEXT less-than sign state</a><li><a href=#rawtext-end-tag-open-state>12.2.4.15 RAWTEXT end tag open state</a><li><a href=#rawtext-end-tag-name-state>12.2.4.16 RAWTEXT end tag name state</a><li><a href=#script-data-less-than-sign-state>12.2.4.17 Script data less-than sign state</a><li><a href=#script-data-end-tag-open-state>12.2.4.18 Script data end tag open state</a><li><a href=#script-data-end-tag-name-state>12.2.4.19 Script data end tag name state</a><li><a href=#script-data-escape-start-state>12.2.4.20 Script data escape start state</a><li
><a href=#script-data-escape-start-dash-state>12.2.4.21 Script data escape start dash state</a><li><a href=#script-data-escaped-state>12.2.4.22 Script data escaped state</a><li><a href=#script-data-escaped-dash-state>12.2.4.23 Script data escaped dash state</a><li><a href=#script-data-escaped-dash-dash-state>12.2.4.24 Script data escaped dash dash state</a><li><a href=#script-data-escaped-less-than-sign-state>12.2.4.25 Script data escaped less-than sign state</a><li><a href=#script-data-escaped-end-tag-open-state>12.2.4.26 Script data escaped end tag open state</a><li><a href=#script-data-escaped-end-tag-name-state>12.2.4.27 Script data escaped end tag name state</a><li><a href=#script-data-double-escape-start-state>12.2.4.28 Script data double escape start state</a><li><a href=#script-data-double-escaped-state>12.2.4.29 Script data double escaped state</a><li><a href=#script-data-double-escaped-dash-state>12.2.4.30 Script data double escaped dash state</a><li><a href=#scrip
t-data-double-escaped-dash-dash-state>12.2.4.31 Script data double escaped dash dash state</a><li><a href=#script-data-double-escaped-less-than-sign-state>12.2.4.32 Script data double escaped less-than sign state</a><li><a href=#script-data-double-escape-end-state>12.2.4.33 Script data double escape end state</a><li><a href=#before-attribute-name-state>12.2.4.34 Before attribute name state</a><li><a href=#attribute-name-state>12.2.4.35 Attribute name state</a><li><a href=#after-attribute-name-state>12.2.4.36 After attribute name state</a><li><a href=#before-attribute-value-state>12.2.4.37 Before attribute value state</a><li><a href=#attribute-value-(double-quoted)-state>12.2.4.38 Attribute value (double-quoted) state</a><li><a href=#attribute-value-(single-quoted)-state>12.2.4.39 Attribute value (single-quoted) state</a><li><a href=#attribute-value-(unquoted)-state>12.2.4.40 Attribute value (unquoted) state</a><li><a href=#character-reference-in-attribute-value-state>12.2.4.
41 Character reference in attribute value state</a><li><a href=#after-attribute-value-(quoted)-state>12.2.4.42 After attribute value (quoted) state</a><li><a href=#self-closing-start-tag-state>12.2.4.43 Self-closing start tag state</a><li><a href=#bogus-comment-state>12.2.4.44 Bogus comment state</a><li><a href=#markup-declaration-open-state>12.2.4.45 Markup declaration open state</a><li><a href=#comment-start-state>12.2.4.46 Comment start state</a><li><a href=#comment-start-dash-state>12.2.4.47 Comment start dash state</a><li><a href=#comment-state>12.2.4.48 Comment state</a><li><a href=#comment-end-dash-state>12.2.4.49 Comment end dash state</a><li><a href=#comment-end-state>12.2.4.50 Comment end state</a><li><a href=#comment-end-bang-state>12.2.4.51 Comment end bang state</a><li><a href=#doctype-state>12.2.4.52 DOCTYPE state</a><li><a href=#before-doctype-name-state>12.2.4.53 Before DOCTYPE name state</a><li><a href=#doctype-name-state>12.2.4.54 DOCTYPE name state</a><li>
<a href=#after-doctype-name-state>12.2.4.55 After DOCTYPE name state</a><li><a href=#after-doctype-public-keyword-state>12.2.4.56 After DOCTYPE public keyword state</a><li><a href=#before-doctype-public-identifier-state>12.2.4.57 Before DOCTYPE public identifier state</a><li><a href=#doctype-public-identifier-(double-quoted)-state>12.2.4.58 DOCTYPE public identifier (double-quoted) state</a><li><a href=#doctype-public-identifier-(single-quoted)-state>12.2.4.59 DOCTYPE public identifier (single-quoted) state</a><li><a href=#after-doctype-public-identifier-state>12.2.4.60 After DOCTYPE public identifier state</a><li><a href=#between-doctype-public-and-system-identifiers-state>12.2.4.61 Between DOCTYPE public and system identifiers state</a><li><a href=#after-doctype-system-keyword-state>12.2.4.62 After DOCTYPE system keyword state</a><li><a href=#before-doctype-system-identifier-state>12.2.4.63 Before DOCTYPE system identifier state</a><li><a href=#doctype-system-identifier-(d
ouble-quoted)-state>12.2.4.64 DOCTYPE system identifier (double-quoted) state</a><li><a href=#doctype-system-identifier-(single-quoted)-state>12.2.4.65 DOCTYPE system identifier (single-quoted) state</a><li><a href=#after-doctype-system-identifier-state>12.2.4.66 After DOCTYPE system identifier state</a><li><a href=#bogus-doctype-state>12.2.4.67 Bogus DOCTYPE state</a><li><a href=#cdata-section-state>12.2.4.68 CDATA section state</a><li><a href=#tokenizing-character-references>12.2.4.69 Tokenizing character references</a></ol><li><a href=#tree-construction>12.2.5 Tree construction</a><ol><li><a href=#creating-and-inserting-nodes>12.2.5.1 Creating and inserting nodes</a><li><a href=#parsing-elements-that-contain-only-text>12.2.5.2 Parsing elements that contain only text</a><li><a href=#closing-elements-that-have-implied-end-tags>12.2.5.3 Closing elements that have implied end tags</a><li><a href=#parsing-main-inhtml>12.2.5.4 The rules for parsing tokens in HTML content</a><ol
><li><a href=#the-initial-insertion-mode>12.2.5.4.1 The "initial" insertion mode</a><li><a href=#the-before-html-insertion-mode>12.2.5.4.2 The "before html" insertion mode</a><li><a href=#the-before-head-insertion-mode>12.2.5.4.3 The "before head" insertion mode</a><li><a href=#parsing-main-inhead>12.2.5.4.4 The "in head" insertion mode</a><li><a href=#parsing-main-inheadnoscript>12.2.5.4.5 The "in head noscript" insertion mode</a><li><a href=#the-after-head-insertion-mode>12.2.5.4.6 The "after head" insertion mode</a><li><a href=#parsing-main-inbody>12.2.5.4.7 The "in body" insertion mode</a><li><a href=#parsing-main-incdata>12.2.5.4.8 The "text" insertion mode</a><li><a href=#parsing-main-intable>12.2.5.4.9 The "in table" insertion mode</a><li><a href=#parsing-main-intabletext>12.2.5.4.10 The "in table text" insertion mode</a><li><a href=#parsing-main-incaption>12.2.5.4.11 The "in caption" insertion mode</a><li><a href=#parsing-main-incolgroup>12.2.5.4.12 The "in column gr
oup" insertion mode</a><li><a href=#parsing-main-intbody>12.2.5.4.13 The "in table body" insertion mode</a><li><a href=#parsing-main-intr>12.2.5.4.14 The "in row" insertion mode</a><li><a href=#parsing-main-intd>12.2.5.4.15 The "in cell" insertion mode</a><li><a href=#parsing-main-inselect>12.2.5.4.16 The "in select" insertion mode</a><li><a href=#parsing-main-inselectintable>12.2.5.4.17 The "in select in table" insertion mode</a><li><a href=#parsing-main-intemplate>12.2.5.4.18 The "in template" insertion mode</a><li><a href=#parsing-main-afterbody>12.2.5.4.19 The "after body" insertion mode</a><li><a href=#parsing-main-inframeset>12.2.5.4.20 The "in frameset" insertion mode</a><li><a href=#parsing-main-afterframeset>12.2.5.4.21 The "after frameset" insertion mode</a><li><a href=#the-after-after-body-insertion-mode>12.2.5.4.22 The "after after body" insertion mode</a><li><a href=#the-after-after-frameset-insertion-mode>12.2.5.4.23 The "after after frameset" insertion mode</a
></ol><li><a href=#parsing-main-inforeign>12.2.5.5 The rules for parsing tokens in foreign content</a></ol><li><a href=#the-end>12.2.6 The end</a><li><a href=#coercing-an-html-dom-into-an-infoset>12.2.7 Coercing an HTML DOM into an infoset</a><li><a href=#an-introduction-to-error-handling-and-strange-cases-in-the-parser>12.2.8 An introduction to error handling and strange cases in the parser</a><ol><li><a href=#misnested-tags:-b-i-/b-/i>12.2.8.1 Misnested tags: <b><i></b></i></a><li><a href=#misnested-tags:-b-p-/b-/p>12.2.8.2 Misnested tags: <b><p></b></p></a><li><a href=#unexpected-markup-in-tables>12.2.8.3 Unexpected markup in tables</a><li><a href=#scripts-that-modify-the-page-as-it-is-being-parsed>12.2.8.4 Scripts that modify the page as it is being parsed</a><li><a href=#the-execution-of-scripts-that-are-moving-across-multiple-documents>12.2.8.5 The execution of scripts that are moving across multiple documents</a><li><a href=#unclosed-formatting
-elements>12.2.8.6 Unclosed formatting elements</a></ol></ol><li><a href=#serialising-html-fragments>12.3 Serialising HTML fragments</a><li><a href=#parsing-html-fragments>12.4 Parsing HTML fragments</a><li><a href=#named-character-references>12.5 Named character references</a></ol><li><a href=#the-xhtml-syntax>13 The XHTML syntax</a><ol><li><a href=#writing-xhtml-documents>13.1 Writing XHTML documents</a><li><a href=#parsing-xhtml-documents>13.2 Parsing XHTML documents</a><li><a href=#serialising-xhtml-fragments>13.3 Serialising XHTML fragments</a><li><a href=#parsing-xhtml-fragments>13.4 Parsing XHTML fragments</a></ol><li><a href=#rendering>14 Rendering</a><ol><li><a href=#introduction-17>14.1 Introduction</a><li><a href=#the-css-user-agent-style-sheet-and-presentational-hints>14.2 The CSS user agent style sheet and presentational hints</a><li><a href=#non-replaced-elements>14.3 Non-replaced elements</a><ol><li><a href=#hidden-elements>14.3.1 Hidden elements</a><li><a hre
f=#the-page>14.3.2 The page</a><li><a href=#flow-content-3>14.3.3 Flow content</a><li><a href=#phrasing-content-3>14.3.4 Phrasing content</a><li><a href=#bidi-rendering>14.3.5 Bidirectional text</a><li><a href=#quotes>14.3.6 Quotes</a><li><a href=#sections-and-headings>14.3.7 Sections and headings</a><li><a href=#lists>14.3.8 Lists</a><li><a href=#tables-2>14.3.9 Tables</a><li><a href=#margin-collapsing-quirks>14.3.10 Margin collapsing quirks</a><li><a href=#form-controls>14.3.11 Form controls</a><li><a href=#the-hr-element-2>14.3.12 The <code>hr</code> element</a><li><a href=#the-fieldset-and-legend-elements>14.3.13 The <code>fieldset</code> and <code>legend</code> elements</a></ol><li><a href=#replaced-elements>14.4 Replaced elements</a><ol><li><a href=#embedded-content-rendering-rules>14.4.1 Embedded content</a><li><a href=#images-2>14.4.2 Images</a><li><a href=#attributes-for-embedded-content-and-images>14.4.3 Attributes for embedded content and images</a><li><a href=#im
age-maps-2>14.4.4 Image maps</a></ol><li><a href=#bindings>14.5 Bindings</a><ol><li><a href=#introduction-18>14.5.1 Introduction</a><li><a href=#the-button-element-2>14.5.2 The <code>button</code> element</a><li><a href=#the-details-element-2>14.5.3 The <code>details</code> element</a><li><a href=#the-input-element-as-a-text-entry-widget>14.5.4 The <code>input</code> element as a text entry widget</a><li><a href=#the-input-element-as-domain-specific-widgets>14.5.5 The <code>input</code> element as domain-specific widgets</a><li><a href=#the-input-element-as-a-range-control>14.5.6 The <code>input</code> element as a range control</a><li><a href=#the-input-element-as-a-colour-well>14.5.7 The <code>input</code> element as a colour well</a><li><a href=#the-input-element-as-a-checkbox-and-radio-button-widgets>14.5.8 The <code>input</code> element as a checkbox and radio button widgets</a><li><a href=#the-input-element-as-a-file-upload-control>14.5.9 The <code>input</code> element
as a file upload control</a><li><a href=#the-input-element-as-a-button>14.5.10 The <code>input</code> element as a button</a><li><a href=#the-marquee-element>14.5.11 The <code>marquee</code> element</a><li><a href=#the-meter-element-2>14.5.12 The <code>meter</code> element</a><li><a href=#the-progress-element-2>14.5.13 The <code>progress</code> element</a><li><a href=#the-select-element-2>14.5.14 The <code>select</code> element</a><li><a href=#the-textarea-element-2>14.5.15 The <code>textarea</code> element</a><li><a href=#the-keygen-element-2>14.5.16 The <code>keygen</code> element</a></ol><li><a href=#frames-and-framesets>14.6 Frames and framesets</a><li><a href=#interactive-media>14.7 Interactive media</a><ol><li><a href=#links,-forms,-and-navigation>14.7.1 Links, forms, and navigation</a><li><a href=#the-title-attribute-2>14.7.2 The <code>title</code> attribute</a><li><a href=#editing-hosts>14.7.3 Editing hosts</a><li><a href=#text-rendered-in-native-user-interfaces>14.
7.4 Text rendered in native user interfaces</a></ol><li><a href=#print-media>14.8 Print media</a><li><a href=#unstyled-xml-documents>14.9 Unstyled XML documents</a></ol><li><a href=#obsolete>15 Obsolete features</a><ol><li><a href=#obsolete-but-conforming-features>15.1 Obsolete but conforming features</a><ol><li><a href=#warnings-for-obsolete-but-conforming-features>15.1.1 Warnings for obsolete but conforming features</a></ol><li><a href=#non-conforming-features>15.2 Non-conforming features</a><li><a href=#requirements-for-implementations>15.3 Requirements for implementations</a><ol><li><a href=#the-applet-element>15.3.1 The <code>applet</code> element</a><li><a href=#the-marquee-element-2>15.3.2 The <code>marquee</code> element</a><li><a href=#frames>15.3.3 Frames</a><li><a href=#other-elements,-attributes-and-apis>15.3.4 Other elements, attributes and APIs</a></ol></ol><li><a href=#iana>16 IANA considerations</a><ol><li><a href=#text/html>16.1 <code>text/html</code></a><li
><a href=#multipart/x-mixed-replace>16.2 <code>multipart/x-mixed-replace</code></a><li><a href=#application/xhtml+xml>16.3 <code>application/xhtml+xml</code></a><li><a href=#application/x-www-form-urlencoded>16.4 <code>application/x-www-form-urlencoded</code></a><li><a href=#text/cache-manifest>16.5 <code>text/cache-manifest</code></a><li><a href=#text/ping>16.6 <code>text/ping</code></a><li><a href=#application/microdata+json>16.7 <code>application/microdata+json</code></a><li><a href=#ping-from>16.8 <code>Ping-From</code></a><li><a href=#ping-to>16.9 <code>Ping-To</code></a><li><a href=#web+-scheme-prefix>16.10 <code>web+</code> scheme prefix</a></ol><li><a href=#index>Index</a><ol><li><a href=#elements-3>Elements</a><li><a href=#element-content-categories>Element content categories</a><li><a href=#attributes-3>Attributes</a><li><a href=#element-interfaces>Element Interfaces</a><li><a href=#all-interfaces>All Interfaces</a><li><a href=#events-2>Events</a><li><a href=#mime-
types-2>MIME Types</a></ol><li><a href=#references>References</a><li><a href=#acknowledgements>Acknowledgements</a></ol>
+ content that doesn't have a DOM</a><li><a href=#scroll-to-fragid>7.6.9 Navigating to a fragment identifier</a><li><a href=#history-traversal>7.6.10 History traversal</a><ol><li><a href=#the-popstateevent-interface>7.6.10.1 The <code>PopStateEvent</code> interface</a><li><a href=#the-hashchangeevent-interface>7.6.10.2 The <code>HashChangeEvent</code> interface</a><li><a href=#the-pagetransitionevent-interface>7.6.10.3 The <code>PageTransitionEvent</code> interface</a></ol><li><a href=#unloading-documents>7.6.11 Unloading documents</a><ol><li><a href=#the-beforeunloadevent-interface>7.6.11.1 The <code>BeforeUnloadEvent</code> interface</a></ol><li><a href=#aborting-a-document-load>7.6.12 Aborting a document load</a></ol><li><a href=#offline>7.7 Offline Web applications</a><ol><li><a href=#introduction-11>7.7.1 Introduction</a><ol><li><a href=#supporting-offline-caching-for-legacy-applications>7.7.1.1 Supporting offline caching for legacy applications</a><li><a href=#appcache
events>7.7.1.2 Event summary</a></ol><li><a href=#appcache>7.7.2 Application caches</a><li><a href=#manifests>7.7.3 The cache manifest syntax</a><ol><li><a href=#some-sample-manifests>7.7.3.1 Some sample manifests</a><li><a href=#writing-cache-manifests>7.7.3.2 Writing cache manifests</a><li><a href=#parsing-cache-manifests>7.7.3.3 Parsing cache manifests</a></ol><li><a href=#downloading-or-updating-an-application-cache>7.7.4 Downloading or updating an application cache</a><li><a href=#the-application-cache-selection-algorithm>7.7.5 The application cache selection algorithm</a><li><a href=#changesToNetworkingModel>7.7.6 Changes to the networking model</a><li><a href=#expiring-application-caches>7.7.7 Expiring application caches</a><li><a href=#disk-space>7.7.8 Disk space</a><li><a href=#security-concerns-with-offline-applications-caches>7.7.9 Security concerns with offline applications caches</a><li><a href=#application-cache-api>7.7.10 Application cache API</a><li><a href=#
browser-state>7.7.11 Browser state</a></ol></ol><li><a href=#webappapis>8 Web application APIs</a><ol><li><a href=#scripting>8.1 Scripting</a><ol><li><a href=#introduction-12>8.1.1 Introduction</a><li><a href=#enabling-and-disabling-scripting>8.1.2 Enabling and disabling scripting</a><li><a href=#processing-model-8>8.1.3 Processing model</a><ol><li><a href=#definitions-2>8.1.3.1 Definitions</a><li><a href=#script-settings-for-browsing-contexts>8.1.3.2 Script settings for browsing contexts</a><li><a href=#calling-scripts>8.1.3.3 Calling scripts</a><li><a href=#creating-scripts>8.1.3.4 Creating scripts</a><li><a href=#killing-scripts>8.1.3.5 Killing scripts</a><li><a href=#runtime-script-errors>8.1.3.6 Runtime script errors</a><ol><li><a href=#runtime-script-errors-in-documents>8.1.3.6.1 Runtime script errors in documents</a><li><a href=#the-errorevent-interface>8.1.3.6.2 The <code>ErrorEvent</code> interface</a></ol></ol><li><a href=#event-loops>8.1.4 Event loops</a><ol><li><
a href=#definitions-3>8.1.4.1 Definitions</a><li><a href=#processing-model-9>8.1.4.2 Processing model</a><li><a href=#generic-task-sources>8.1.4.3 Generic task sources</a></ol><li><a href=#events>8.1.5 Events</a><ol><li><a href=#event-handler-attributes>8.1.5.1 Event handlers</a><li><a href=#event-handlers-on-elements,-document-objects,-and-window-objects>8.1.5.2 Event handlers on elements, <code>Document</code> objects, and <code>Window</code> objects</a><ol><li><a href=#idl-definitions>8.1.5.2.1 IDL definitions</a></ol><li><a href=#event-firing>8.1.5.3 Event firing</a><li><a href=#events-and-the-window-object>8.1.5.4 Events and the <code>Window</code> object</a></ol></ol><li><a href=#atob>8.2 Base64 utility methods</a><li><a href=#dynamic-markup-insertion>8.3 Dynamic markup insertion</a><ol><li><a href=#opening-the-input-stream>8.3.1 Opening the input stream</a><li><a href=#closing-the-input-stream>8.3.2 Closing the input stream</a><li><a href=#document.write()>8.3.3 <code
>document.write()</code></a><li><a href=#document.writeln()>8.3.4 <code>document.writeln()</code></a></ol><li><a href=#timers>8.4 Timers</a><li><a href=#user-prompts>8.5 User prompts</a><ol><li><a href=#simple-dialogs>8.5.1 Simple dialogs</a><li><a href=#printing>8.5.2 Printing</a><li><a href=#dialogs-implemented-using-separate-documents>8.5.3 Dialogs implemented using separate documents</a></ol><li><a href=#system-state-and-capabilities>8.6 System state and capabilities</a><ol><li><a href=#the-navigator-object>8.6.1 The <code>Navigator</code> object</a><ol><li><a href=#client-identification>8.6.1.1 Client identification</a><li><a href=#language-preferences>8.6.1.2 Language preferences</a><li><a href=#custom-handlers>8.6.1.3 Custom scheme and content handlers</a><ol><li><a href=#security-and-privacy>8.6.1.3.1 Security and privacy</a><li><a href=#sample-handler-impl>8.6.1.3.2 Sample user interface</a></ol><li><a href=#manually-releasing-the-storage-mutex>8.6.1.4 Manually rele
asing the storage mutex</a><li><a href=#plugins-2>8.6.1.5 Plugins</a></ol><li><a href=#the-external-interface>8.6.2 The <code>External</code> interface</a></ol><li><a href=#images>8.7 Images</a></ol><li><a href=#comms>9 Communication</a><ol><li><a href=#the-messageevent-interfaces>9.1 The <code>MessageEvent</code> interfaces</a><li><a href=#server-sent-events>9.2 Server-sent events</a><ol><li><a href=#server-sent-events-intro>9.2.1 Introduction</a><li><a href=#the-eventsource-interface>9.2.2 The <code>EventSource</code> interface</a><li><a href=#processing-model-10>9.2.3 Processing model</a><li><a href=#parsing-an-event-stream>9.2.4 Parsing an event stream</a><li><a href=#event-stream-interpretation>9.2.5 Interpreting an event stream</a><li><a href=#authoring-notes>9.2.6 Authoring notes</a><li><a href=#eventsource-push>9.2.7 Connectionless push and other features</a><li><a href=#garbage-collection-2>9.2.8 Garbage collection</a><li><a href=#implementation-advice>9.2.9 Impleme
ntation advice</a><li><a href=#iana-considerations>9.2.10 IANA considerations</a><ol><li><a href=#text/event-stream>9.2.10.1 <code>text/event-stream</code></a><li><a href=#last-event-id>9.2.10.2 <code>Last-Event-ID</code></a></ol></ol><li><a href=#network>9.3 Web sockets</a><ol><li><a href=#network-intro>9.3.1 Introduction</a><li><a href=#the-websocket-interface>9.3.2 The <code>WebSocket</code> interface</a><li><a href=#feedback-from-the-protocol>9.3.3 Feedback from the protocol</a><li><a href=#ping-and-pong-frames>9.3.4 Ping and Pong frames</a><li><a href=#parsing-websocket-urls>9.3.5 Parsing WebSocket URLs</a><li><a href=#the-closeevent-interfaces>9.3.6 The <code>CloseEvent</code> interfaces</a><li><a href=#garbage-collection-3>9.3.7 Garbage collection</a></ol><li><a href=#web-messaging>9.4 Cross-document messaging</a><ol><li><a href=#introduction-13>9.4.1 Introduction</a><li><a href=#security-postmsg>9.4.2 Security</a><ol><li><a href=#authors>9.4.2.1 Authors</a><li><a hre
f=#user-agents>9.4.2.2 User agents</a></ol><li><a href=#posting-messages>9.4.3 Posting messages</a></ol><li><a href=#channel-messaging>9.5 Channel messaging</a><ol><li><a href=#introduction-14>9.5.1 Introduction</a><ol><li><a href=#examples-5>9.5.1.1 Examples</a><li><a href=#ports-as-the-basis-of-an-object-capability-model-on-the-web>9.5.1.2 Ports as the basis of an object-capability model on the Web</a><li><a href=#ports-as-the-basis-of-abstracting-out-service-implementations>9.5.1.3 Ports as the basis of abstracting out service implementations</a></ol><li><a href=#message-channels>9.5.2 Message channels</a><li><a href=#message-ports>9.5.3 Message ports</a><li><a href=#broadcasting-to-many-ports>9.5.4 Broadcasting to many ports</a><li><a href=#ports-and-garbage-collection>9.5.5 Ports and garbage collection</a></ol><li><a href=#broadcasting-to-other-browsing-contexts>9.6 Broadcasting to other browsing contexts</a></ol><li><a href=#workers>10 Web workers</a><ol><li><a href=#i
ntroduction-15>10.1 Introduction</a><ol><li><a href=#scope-2>10.1.1 Scope</a><li><a href=#examples-6>10.1.2 Examples</a><ol><li><a href=#a-background-number-crunching-worker>10.1.2.1 A background number-crunching worker</a><li><a href=#worker-used-for-background-i/o>10.1.2.2 Worker used for background I/O</a><li><a href=#shared-workers-introduction>10.1.2.3 Shared workers introduction</a><li><a href=#shared-state-using-a-shared-worker>10.1.2.4 Shared state using a shared worker</a><li><a href=#delegation>10.1.2.5 Delegation</a></ol><li><a href=#tutorials>10.1.3 Tutorials</a><ol><li><a href=#creating-a-dedicated-worker>10.1.3.1 Creating a dedicated worker</a><li><a href=#communicating-with-a-dedicated-worker>10.1.3.2 Communicating with a dedicated worker</a><li><a href=#shared-workers>10.1.3.3 Shared workers</a></ol></ol><li><a href=#infrastructure-2>10.2 Infrastructure</a><ol><li><a href=#the-global-scope>10.2.1 The global scope</a><ol><li><a href=#the-workerglobalscope-comm
on-interface>10.2.1.1 The <code>WorkerGlobalScope</code> common interface</a><li><a href=#dedicated-workers-and-the-dedicatedworkerglobalscope-interface>10.2.1.2 Dedicated workers and the <code>DedicatedWorkerGlobalScope</code> interface</a><li><a href=#shared-workers-and-the-sharedworkerglobalscope-interface>10.2.1.3 Shared workers and the <code>SharedWorkerGlobalScope</code> interface</a></ol><li><a href=#worker-event-loop>10.2.2 The event loop</a><li><a href="#the-worker's-lifetime">10.2.3 The worker's lifetime</a><li><a href=#processing-model-11>10.2.4 Processing model</a><li><a href=#runtime-script-errors-2>10.2.5 Runtime script errors</a><li><a href=#creating-workers>10.2.6 Creating workers</a><ol><li><a href=#the-abstractworker-abstract-interface>10.2.6.1 The <code>AbstractWorker</code> abstract interface</a><li><a href=#script-settings-for-workers>10.2.6.2 Script settings for workers</a><li><a href=#dedicated-workers-and-the-worker-interface>10.2.6.3 Dedicated worker
s and the <code>Worker</code> interface</a><li><a href=#shared-workers-and-the-sharedworker-interface>10.2.6.4 Shared workers and the <code>SharedWorker</code> interface</a></ol></ol><li><a href=#apis-available-to-workers>10.3 APIs available to workers</a><ol><li><a href=#importing-scripts-and-libraries>10.3.1 Importing scripts and libraries</a><li><a href=#the-workernavigator-object>10.3.2 The <code>WorkerNavigator</code> object</a><li><a href=#worker-locations>10.3.3 Worker locations</a></ol></ol><li><a href=#webstorage>11 Web storage</a><ol><li><a href=#introduction-16>11.1 Introduction</a><li><a href=#storage>11.2 The API</a><ol><li><a href=#the-storage-interface>11.2.1 The <code>Storage</code> interface</a><li><a href=#the-sessionstorage-attribute>11.2.2 The <code>sessionStorage</code> attribute</a><li><a href=#the-localstorage-attribute>11.2.3 The <code>localStorage</code> attribute</a><li><a href=#the-storage-event>11.2.4 The <code>storage</code> event</a><ol><li><a h
ref=#the-storageevent-interface>11.2.4.1 The <code>StorageEvent</code> interface</a></ol><li><a href=#threads>11.2.5 Threads</a></ol><li><a href=#disk-space-2>11.3 Disk space</a><li><a href=#privacy>11.4 Privacy</a><ol><li><a href=#user-tracking>11.4.1 User tracking</a><li><a href=#sensitivity-of-data>11.4.2 Sensitivity of data</a></ol><li><a href=#security-storage>11.5 Security</a><ol><li><a href=#dns-spoofing-attacks>11.5.1 DNS spoofing attacks</a><li><a href=#cross-directory-attacks>11.5.2 Cross-directory attacks</a><li><a href=#implementation-risks>11.5.3 Implementation risks</a></ol></ol><li><a href=#syntax>12 The HTML syntax</a><ol><li><a href=#writing>12.1 Writing HTML documents</a><ol><li><a href=#the-doctype>12.1.1 The DOCTYPE</a><li><a href=#elements-2>12.1.2 Elements</a><ol><li><a href=#start-tags>12.1.2.1 Start tags</a><li><a href=#end-tags>12.1.2.2 End tags</a><li><a href=#attributes-2>12.1.2.3 Attributes</a><li><a href=#optional-tags>12.1.2.4 Optional tags</a><
li><a href=#element-restrictions>12.1.2.5 Restrictions on content models</a><li><a href=#cdata-rcdata-restrictions>12.1.2.6 Restrictions on the contents of raw text and escapable raw text elements</a></ol><li><a href=#text-2>12.1.3 Text</a><ol><li><a href=#newlines>12.1.3.1 Newlines</a></ol><li><a href=#character-references>12.1.4 Character references</a><li><a href=#cdata-sections>12.1.5 CDATA sections</a><li><a href=#comments>12.1.6 Comments</a></ol><li><a href=#parsing>12.2 Parsing HTML documents</a><ol><li><a href=#overview-of-the-parsing-model>12.2.1 Overview of the parsing model</a><li><a href=#the-input-byte-stream>12.2.2 The input byte stream</a><ol><li><a href=#parsing-with-a-known-character-encoding>12.2.2.1 Parsing with a known character encoding</a><li><a href=#determining-the-character-encoding>12.2.2.2 Determining the character encoding</a><li><a href=#character-encodings>12.2.2.3 Character encodings</a><li><a href=#changing-the-encoding-while-parsing>12.2.2.4
Changing the encoding while parsing</a><li><a href=#preprocessing-the-input-stream>12.2.2.5 Preprocessing the input stream</a></ol><li><a href=#parse-state>12.2.3 Parse state</a><ol><li><a href=#the-insertion-mode>12.2.3.1 The insertion mode</a><li><a href=#the-stack-of-open-elements>12.2.3.2 The stack of open elements</a><li><a href=#the-list-of-active-formatting-elements>12.2.3.3 The list of active formatting elements</a><li><a href=#the-element-pointers>12.2.3.4 The element pointers</a><li><a href=#other-parsing-state-flags>12.2.3.5 Other parsing state flags</a></ol><li><a href=#tokenization>12.2.4 Tokenization</a><ol><li><a href=#data-state>12.2.4.1 Data state</a><li><a href=#character-reference-in-data-state>12.2.4.2 Character reference in data state</a><li><a href=#rcdata-state>12.2.4.3 RCDATA state</a><li><a href=#character-reference-in-rcdata-state>12.2.4.4 Character reference in RCDATA state</a><li><a href=#rawtext-state>12.2.4.5 RAWTEXT state</a><li><a href=#script
-data-state>12.2.4.6 Script data state</a><li><a href=#plaintext-state>12.2.4.7 PLAINTEXT state</a><li><a href=#tag-open-state>12.2.4.8 Tag open state</a><li><a href=#end-tag-open-state>12.2.4.9 End tag open state</a><li><a href=#tag-name-state>12.2.4.10 Tag name state</a><li><a href=#rcdata-less-than-sign-state>12.2.4.11 RCDATA less-than sign state</a><li><a href=#rcdata-end-tag-open-state>12.2.4.12 RCDATA end tag open state</a><li><a href=#rcdata-end-tag-name-state>12.2.4.13 RCDATA end tag name state</a><li><a href=#rawtext-less-than-sign-state>12.2.4.14 RAWTEXT less-than sign state</a><li><a href=#rawtext-end-tag-open-state>12.2.4.15 RAWTEXT end tag open state</a><li><a href=#rawtext-end-tag-name-state>12.2.4.16 RAWTEXT end tag name state</a><li><a href=#script-data-less-than-sign-state>12.2.4.17 Script data less-than sign state</a><li><a href=#script-data-end-tag-open-state>12.2.4.18 Script data end tag open state</a><li><a href=#script-data-end-tag-name-state>12.2.4.19
Script data end tag name state</a><li><a href=#script-data-escape-start-state>12.2.4.20 Script data escape start state</a><li><a href=#script-data-escape-start-dash-state>12.2.4.21 Script data escape start dash state</a><li><a href=#script-data-escaped-state>12.2.4.22 Script data escaped state</a><li><a href=#script-data-escaped-dash-state>12.2.4.23 Script data escaped dash state</a><li><a href=#script-data-escaped-dash-dash-state>12.2.4.24 Script data escaped dash dash state</a><li><a href=#script-data-escaped-less-than-sign-state>12.2.4.25 Script data escaped less-than sign state</a><li><a href=#script-data-escaped-end-tag-open-state>12.2.4.26 Script data escaped end tag open state</a><li><a href=#script-data-escaped-end-tag-name-state>12.2.4.27 Script data escaped end tag name state</a><li><a href=#script-data-double-escape-start-state>12.2.4.28 Script data double escape start state</a><li><a href=#script-data-double-escaped-state>12.2.4.29 Script data double escaped stat
e</a><li><a href=#script-data-double-escaped-dash-state>12.2.4.30 Script data double escaped dash state</a><li><a href=#script-data-double-escaped-dash-dash-state>12.2.4.31 Script data double escaped dash dash state</a><li><a href=#script-data-double-escaped-less-than-sign-state>12.2.4.32 Script data double escaped less-than sign state</a><li><a href=#script-data-double-escape-end-state>12.2.4.33 Script data double escape end state</a><li><a href=#before-attribute-name-state>12.2.4.34 Before attribute name state</a><li><a href=#attribute-name-state>12.2.4.35 Attribute name state</a><li><a href=#after-attribute-name-state>12.2.4.36 After attribute name state</a><li><a href=#before-attribute-value-state>12.2.4.37 Before attribute value state</a><li><a href=#attribute-value-(double-quoted)-state>12.2.4.38 Attribute value (double-quoted) state</a><li><a href=#attribute-value-(single-quoted)-state>12.2.4.39 Attribute value (single-quoted) state</a><li><a href=#attribute-value-(un
quoted)-state>12.2.4.40 Attribute value (unquoted) state</a><li><a href=#character-reference-in-attribute-value-state>12.2.4.41 Character reference in attribute value state</a><li><a href=#after-attribute-value-(quoted)-state>12.2.4.42 After attribute value (quoted) state</a><li><a href=#self-closing-start-tag-state>12.2.4.43 Self-closing start tag state</a><li><a href=#bogus-comment-state>12.2.4.44 Bogus comment state</a><li><a href=#markup-declaration-open-state>12.2.4.45 Markup declaration open state</a><li><a href=#comment-start-state>12.2.4.46 Comment start state</a><li><a href=#comment-start-dash-state>12.2.4.47 Comment start dash state</a><li><a href=#comment-state>12.2.4.48 Comment state</a><li><a href=#comment-end-dash-state>12.2.4.49 Comment end dash state</a><li><a href=#comment-end-state>12.2.4.50 Comment end state</a><li><a href=#comment-end-bang-state>12.2.4.51 Comment end bang state</a><li><a href=#doctype-state>12.2.4.52 DOCTYPE state</a><li><a href=#before-d
octype-name-state>12.2.4.53 Before DOCTYPE name state</a><li><a href=#doctype-name-state>12.2.4.54 DOCTYPE name state</a><li><a href=#after-doctype-name-state>12.2.4.55 After DOCTYPE name state</a><li><a href=#after-doctype-public-keyword-state>12.2.4.56 After DOCTYPE public keyword state</a><li><a href=#before-doctype-public-identifier-state>12.2.4.57 Before DOCTYPE public identifier state</a><li><a href=#doctype-public-identifier-(double-quoted)-state>12.2.4.58 DOCTYPE public identifier (double-quoted) state</a><li><a href=#doctype-public-identifier-(single-quoted)-state>12.2.4.59 DOCTYPE public identifier (single-quoted) state</a><li><a href=#after-doctype-public-identifier-state>12.2.4.60 After DOCTYPE public identifier state</a><li><a href=#between-doctype-public-and-system-identifiers-state>12.2.4.61 Between DOCTYPE public and system identifiers state</a><li><a href=#after-doctype-system-keyword-state>12.2.4.62 After DOCTYPE system keyword state</a><li><a href=#before-
doctype-system-identifier-state>12.2.4.63 Before DOCTYPE system identifier state</a><li><a href=#doctype-system-identifier-(double-quoted)-state>12.2.4.64 DOCTYPE system identifier (double-quoted) state</a><li><a href=#doctype-system-identifier-(single-quoted)-state>12.2.4.65 DOCTYPE system identifier (single-quoted) state</a><li><a href=#after-doctype-system-identifier-state>12.2.4.66 After DOCTYPE system identifier state</a><li><a href=#bogus-doctype-state>12.2.4.67 Bogus DOCTYPE state</a><li><a href=#cdata-section-state>12.2.4.68 CDATA section state</a><li><a href=#tokenizing-character-references>12.2.4.69 Tokenizing character references</a></ol><li><a href=#tree-construction>12.2.5 Tree construction</a><ol><li><a href=#creating-and-inserting-nodes>12.2.5.1 Creating and inserting nodes</a><li><a href=#parsing-elements-that-contain-only-text>12.2.5.2 Parsing elements that contain only text</a><li><a href=#closing-elements-that-have-implied-end-tags>12.2.5.3 Closing element
s that have implied end tags</a><li><a href=#parsing-main-inhtml>12.2.5.4 The rules for parsing tokens in HTML content</a><ol><li><a href=#the-initial-insertion-mode>12.2.5.4.1 The "initial" insertion mode</a><li><a href=#the-before-html-insertion-mode>12.2.5.4.2 The "before html" insertion mode</a><li><a href=#the-before-head-insertion-mode>12.2.5.4.3 The "before head" insertion mode</a><li><a href=#parsing-main-inhead>12.2.5.4.4 The "in head" insertion mode</a><li><a href=#parsing-main-inheadnoscript>12.2.5.4.5 The "in head noscript" insertion mode</a><li><a href=#the-after-head-insertion-mode>12.2.5.4.6 The "after head" insertion mode</a><li><a href=#parsing-main-inbody>12.2.5.4.7 The "in body" insertion mode</a><li><a href=#parsing-main-incdata>12.2.5.4.8 The "text" insertion mode</a><li><a href=#parsing-main-intable>12.2.5.4.9 The "in table" insertion mode</a><li><a href=#parsing-main-intabletext>12.2.5.4.10 The "in table text" insertion mode</a><li><a href=#parsing-mai
n-incaption>12.2.5.4.11 The "in caption" insertion mode</a><li><a href=#parsing-main-incolgroup>12.2.5.4.12 The "in column group" insertion mode</a><li><a href=#parsing-main-intbody>12.2.5.4.13 The "in table body" insertion mode</a><li><a href=#parsing-main-intr>12.2.5.4.14 The "in row" insertion mode</a><li><a href=#parsing-main-intd>12.2.5.4.15 The "in cell" insertion mode</a><li><a href=#parsing-main-inselect>12.2.5.4.16 The "in select" insertion mode</a><li><a href=#parsing-main-inselectintable>12.2.5.4.17 The "in select in table" insertion mode</a><li><a href=#parsing-main-intemplate>12.2.5.4.18 The "in template" insertion mode</a><li><a href=#parsing-main-afterbody>12.2.5.4.19 The "after body" insertion mode</a><li><a href=#parsing-main-inframeset>12.2.5.4.20 The "in frameset" insertion mode</a><li><a href=#parsing-main-afterframeset>12.2.5.4.21 The "after frameset" insertion mode</a><li><a href=#the-after-after-body-insertion-mode>12.2.5.4.22 The "after after body" in
sertion mode</a><li><a href=#the-after-after-frameset-insertion-mode>12.2.5.4.23 The "after after frameset" insertion mode</a></ol><li><a href=#parsing-main-inforeign>12.2.5.5 The rules for parsing tokens in foreign content</a></ol><li><a href=#the-end>12.2.6 The end</a><li><a href=#coercing-an-html-dom-into-an-infoset>12.2.7 Coercing an HTML DOM into an infoset</a><li><a href=#an-introduction-to-error-handling-and-strange-cases-in-the-parser>12.2.8 An introduction to error handling and strange cases in the parser</a><ol><li><a href=#misnested-tags:-b-i-/b-/i>12.2.8.1 Misnested tags: <b><i></b></i></a><li><a href=#misnested-tags:-b-p-/b-/p>12.2.8.2 Misnested tags: <b><p></b></p></a><li><a href=#unexpected-markup-in-tables>12.2.8.3 Unexpected markup in tables</a><li><a href=#scripts-that-modify-the-page-as-it-is-being-parsed>12.2.8.4 Scripts that modify the page as it is being parsed</a><li><a href=#the-execution-of-scripts-that-are-moving-across-multi
ple-documents>12.2.8.5 The execution of scripts that are moving across multiple documents</a><li><a href=#unclosed-formatting-elements>12.2.8.6 Unclosed formatting elements</a></ol></ol><li><a href=#serialising-html-fragments>12.3 Serialising HTML fragments</a><li><a href=#parsing-html-fragments>12.4 Parsing HTML fragments</a><li><a href=#named-character-references>12.5 Named character references</a></ol><li><a href=#the-xhtml-syntax>13 The XHTML syntax</a><ol><li><a href=#writing-xhtml-documents>13.1 Writing XHTML documents</a><li><a href=#parsing-xhtml-documents>13.2 Parsing XHTML documents</a><li><a href=#serialising-xhtml-fragments>13.3 Serialising XHTML fragments</a><li><a href=#parsing-xhtml-fragments>13.4 Parsing XHTML fragments</a></ol><li><a href=#rendering>14 Rendering</a><ol><li><a href=#introduction-17>14.1 Introduction</a><li><a href=#the-css-user-agent-style-sheet-and-presentational-hints>14.2 The CSS user agent style sheet and presentational hints</a><li><a hr
ef=#non-replaced-elements>14.3 Non-replaced elements</a><ol><li><a href=#hidden-elements>14.3.1 Hidden elements</a><li><a href=#the-page>14.3.2 The page</a><li><a href=#flow-content-3>14.3.3 Flow content</a><li><a href=#phrasing-content-3>14.3.4 Phrasing content</a><li><a href=#bidi-rendering>14.3.5 Bidirectional text</a><li><a href=#quotes>14.3.6 Quotes</a><li><a href=#sections-and-headings>14.3.7 Sections and headings</a><li><a href=#lists>14.3.8 Lists</a><li><a href=#tables-2>14.3.9 Tables</a><li><a href=#margin-collapsing-quirks>14.3.10 Margin collapsing quirks</a><li><a href=#form-controls>14.3.11 Form controls</a><li><a href=#the-hr-element-2>14.3.12 The <code>hr</code> element</a><li><a href=#the-fieldset-and-legend-elements>14.3.13 The <code>fieldset</code> and <code>legend</code> elements</a></ol><li><a href=#replaced-elements>14.4 Replaced elements</a><ol><li><a href=#embedded-content-rendering-rules>14.4.1 Embedded content</a><li><a href=#images-2>14.4.2 Images</a
><li><a href=#attributes-for-embedded-content-and-images>14.4.3 Attributes for embedded content and images</a><li><a href=#image-maps-2>14.4.4 Image maps</a></ol><li><a href=#bindings>14.5 Bindings</a><ol><li><a href=#introduction-18>14.5.1 Introduction</a><li><a href=#the-button-element-2>14.5.2 The <code>button</code> element</a><li><a href=#the-details-element-2>14.5.3 The <code>details</code> element</a><li><a href=#the-input-element-as-a-text-entry-widget>14.5.4 The <code>input</code> element as a text entry widget</a><li><a href=#the-input-element-as-domain-specific-widgets>14.5.5 The <code>input</code> element as domain-specific widgets</a><li><a href=#the-input-element-as-a-range-control>14.5.6 The <code>input</code> element as a range control</a><li><a href=#the-input-element-as-a-colour-well>14.5.7 The <code>input</code> element as a colour well</a><li><a href=#the-input-element-as-a-checkbox-and-radio-button-widgets>14.5.8 The <code>input</code> element as a check
box and radio button widgets</a><li><a href=#the-input-element-as-a-file-upload-control>14.5.9 The <code>input</code> element as a file upload control</a><li><a href=#the-input-element-as-a-button>14.5.10 The <code>input</code> element as a button</a><li><a href=#the-marquee-element>14.5.11 The <code>marquee</code> element</a><li><a href=#the-meter-element-2>14.5.12 The <code>meter</code> element</a><li><a href=#the-progress-element-2>14.5.13 The <code>progress</code> element</a><li><a href=#the-select-element-2>14.5.14 The <code>select</code> element</a><li><a href=#the-textarea-element-2>14.5.15 The <code>textarea</code> element</a><li><a href=#the-keygen-element-2>14.5.16 The <code>keygen</code> element</a></ol><li><a href=#frames-and-framesets>14.6 Frames and framesets</a><li><a href=#interactive-media>14.7 Interactive media</a><ol><li><a href=#links,-forms,-and-navigation>14.7.1 Links, forms, and navigation</a><li><a href=#the-title-attribute-2>14.7.2 The <code>title</c
ode> attribute</a><li><a href=#editing-hosts>14.7.3 Editing hosts</a><li><a href=#text-rendered-in-native-user-interfaces>14.7.4 Text rendered in native user interfaces</a></ol><li><a href=#print-media>14.8 Print media</a><li><a href=#unstyled-xml-documents>14.9 Unstyled XML documents</a></ol><li><a href=#obsolete>15 Obsolete features</a><ol><li><a href=#obsolete-but-conforming-features>15.1 Obsolete but conforming features</a><ol><li><a href=#warnings-for-obsolete-but-conforming-features>15.1.1 Warnings for obsolete but conforming features</a></ol><li><a href=#non-conforming-features>15.2 Non-conforming features</a><li><a href=#requirements-for-implementations>15.3 Requirements for implementations</a><ol><li><a href=#the-applet-element>15.3.1 The <code>applet</code> element</a><li><a href=#the-marquee-element-2>15.3.2 The <code>marquee</code> element</a><li><a href=#frames>15.3.3 Frames</a><li><a href=#other-elements,-attributes-and-apis>15.3.4 Other elements, attributes an
d APIs</a></ol></ol><li><a href=#iana>16 IANA considerations</a><ol><li><a href=#text/html>16.1 <code>text/html</code></a><li><a href=#multipart/x-mixed-replace>16.2 <code>multipart/x-mixed-replace</code></a><li><a href=#application/xhtml+xml>16.3 <code>application/xhtml+xml</code></a><li><a href=#application/x-www-form-urlencoded>16.4 <code>application/x-www-form-urlencoded</code></a><li><a href=#text/cache-manifest>16.5 <code>text/cache-manifest</code></a><li><a href=#text/ping>16.6 <code>text/ping</code></a><li><a href=#application/microdata+json>16.7 <code>application/microdata+json</code></a><li><a href=#ping-from>16.8 <code>Ping-From</code></a><li><a href=#ping-to>16.9 <code>Ping-To</code></a><li><a href=#web+-scheme-prefix>16.10 <code>web+</code> scheme prefix</a></ol><li><a href=#index>Index</a><ol><li><a href=#elements-3>Elements</a><li><a href=#element-content-categories>Element content categories</a><li><a href=#attributes-3>Attributes</a><li><a href=#element-inte
rfaces>Element Interfaces</a><li><a href=#all-interfaces>All Interfaces</a><li><a href=#events-2>Events</a><li><a href=#mime-types-2>MIME Types</a></ol><li><a href=#references>References</a><li><a href=#acknowledgements>Acknowledgements</a></ol>
@@ -60708,6 +60708,7 @@
</div>
+
<h5 id=writing-cache-manifests>7.7.3.2 Writing cache manifests</h5>
<p>Manifests must be served using the <code id=writing-cache-manifests:text/cache-manifest><a href=#text/cache-manifest>text/cache-manifest</a></code> <a href=#mime-type id=writing-cache-manifests:mime-type>MIME type</a>. All
@@ -60819,9 +60820,10 @@
second URL. All the other pages to be cached must be listed in <a href=#concept-appcache-manifest-explicit id=writing-cache-manifests:concept-appcache-manifest-explicit-3>explicit sections</a>.</p>
<p><a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-2>Fallback namespaces</a> and <a href=#concept-appcache-fallback id=writing-cache-manifests:concept-appcache-fallback>fallback entries</a> must have the <a href=#same-origin id=writing-cache-manifests:same-origin>same origin</a>
- as the manifest itself.</p>
+ as the manifest itself. <a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-3>Fallback namespaces</a>
+ must also be <span>in the same path</span> as the manifest's URL.</p>
- <p>A <a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-3>fallback namespace</a> must not be listed more
+ <p>A <a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-4>fallback namespace</a> must not be listed more
than once.</p>
<p>Namespaces that the user agent is to put into the <a href=#concept-appcache-onlinewhitelist id=writing-cache-manifests:concept-appcache-onlinewhitelist>online whitelist</a> must all be specified in <a href=#concept-appcache-manifest-network id=writing-cache-manifests:concept-appcache-manifest-network-2>online whitelist sections</a>. (This is needed for
@@ -60840,7 +60842,7 @@
<p>URLs in manifests must not have fragment identifiers (i.e. the U+0023 NUMBER SIGN character
isn't allowed in URLs in manifests).</p>
- <p><a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-4>Fallback namespaces</a> and namespaces in the
+ <p><a href=#concept-appcache-fallback-ns id=writing-cache-manifests:concept-appcache-fallback-ns-5>Fallback namespaces</a> and namespaces in the
<a href=#concept-appcache-onlinewhitelist id=writing-cache-manifests:concept-appcache-onlinewhitelist-4>online whitelist</a> are matched by <a href=#prefix-match id=writing-cache-manifests:prefix-match-2>prefix
match</a>.</p>
@@ -60861,7 +60863,10 @@
<li><p>Let <var>base URL</var> be the <a href=#absolute-url id=parsing-cache-manifests:absolute-url>absolute URL</a> representing the
- manifest.<li><p>Apply the <a href=#url-parser id=parsing-cache-manifests:url-parser>URL parser</a> steps to the <var>base URL</var>, so that the
+ manifest.<li><p>Apply the <a href=#url-parser id=parsing-cache-manifests:url-parser>URL parser</a> to <var>base URL</var>, and let <var>manifest path</var>
+ be the <a href=#concept-url-path id=parsing-cache-manifests:concept-url-path>path</a> component thus obtained.<li><p>Remove all the characters in <var>manifest path</var> after the last U+002F SOLIDUS
+ character (/), if any. (The first character and the last character in <var>manifest path</var>
+ after this step will both be slashes, the URL path separator character.)<li><p>Apply the <a href=#url-parser id=parsing-cache-manifests:url-parser-2>URL parser</a> steps to the <var>base URL</var>, so that the
components from its <a href=#parsed-url id=parsing-cache-manifests:parsed-url>parsed URL</a> can be used by the subseqent steps of this
algorithm.<li><p>Let <var>explicit URLs</var> be an initially empty list of <a href=#absolute-url id=parsing-cache-manifests:absolute-url-2>absolute URLs</a> for <a href=#concept-appcache-explicit id=parsing-cache-manifests:concept-appcache-explicit>explicit
entries</a>.<li><p>Let <var>fallback URLs</var> be an initially empty mapping of <a href=#concept-appcache-fallback-ns id=parsing-cache-manifests:concept-appcache-fallback-ns>fallback namespaces</a> to <a href=#absolute-url id=parsing-cache-manifests:absolute-url-3>absolute URLs</a> for <a href=#concept-appcache-fallback id=parsing-cache-manifests:concept-appcache-fallback>fallback
@@ -60934,7 +60939,13 @@
<var>part two</var> does not have the <a href=#same-origin id=parsing-cache-manifests:same-origin>same origin</a> as the manifest's URL,
then jump back to the step labeled <i>start of line</i>.</p>
+ <p>Let <var>part one path</var> be the <a href=#concept-url-path id=parsing-cache-manifests:concept-url-path-2>path</a> component
+ of the <a href=#resulting-parsed-url id=parsing-cache-manifests:resulting-parsed-url>resulting parsed URL</a> for <var>part one</var>.</p>
+ <p>If <var>manifest path</var> is not a <a href=#prefix-match id=parsing-cache-manifests:prefix-match>prefix match</a> for <var>part one
+ path</var>, then jump back to the step labeled <i>start of line</i>.</p>
+
+
<p>Let <var>part one</var> be the result of applying the <a href=#concept-url-serialiser id=parsing-cache-manifests:concept-url-serialiser-2>URL serialiser</a> algorithm to the first resulting
<a href=#parsed-url id=parsing-cache-manifests:parsed-url-4>parsed URL</a>, with the <i>exclude fragment flag</i> set.</p>
@@ -61625,8 +61636,40 @@
- <h4 id=application-cache-api>7.7.9 Application cache API</h4>
+ <h4 id=security-concerns-with-offline-applications-caches>7.7.9 Security concerns with offline applications caches</h4>
+ <p><i>This section is non-normative.</i></p>
+
+ <p>The main risk introduced by offline application caches is that an injection attack can be
+ elevated into persistent site-wide page replacement. This attack involves using an injection
+ vulnerability to upload two files to the victim site. The first file is an application cache
+ manifest consisting of just a fallback entry pointing to the second file, which is an HTML page
+ whose manifest is declared as that first file. Once the user has been directed to that second
+ file, all subsequent accesses to any file covered by the given fallback namespace while either the
+ user or the site is offline will instead show that second file. Targetted denial-of-service
+ attacks can be used to ensure that the site appears offline.</p>
+
+ <p>To mitigate this, manifests can only specify fallbacks that are in the same path as the
+ manifest itself. This means that a content injection upload vulnerability in a particular
+ directory on a server can only be escalated to a take-over of that directory and its
+ subdirectories. If there is no way to inject a file into the root directory, the entire site
+ cannot be taken over.</p>
+
+ <p>If a site has been attacked in this way, simply removing the offending manifest will eventually
+ clear the problem, since the next time the manifest is updated, a 404 error will be seen, and the
+ user agent will clear the cache. "Eventually" is the key word here, however; while the attack on
+ the user or server is ongoing, such that connections from an affected user to the affected site
+ are blocked, the user agent will simply assume that the user is offline and will continue to use
+ the hostile manifest.</p>
+
+ <p>TLS does not inherently protect a site from this attack, since the attack relies on content
+ being served from the server itself. Not using application caches also does not prevent this
+ attack, since the attack relies on an attacker-provided manifest.</p>
+
+
+
+ <h4 id=application-cache-api>7.7.10 Application cache API</h4>
+
<pre class=idl>[Exposed=Window,SharedWorker]
interface <dfn id=applicationcache>ApplicationCache</dfn> : <a href=#eventtarget id=application-cache-api:eventtarget>EventTarget</a> {
@@ -61799,7 +61842,7 @@
- <h4 id=browser-state>7.7.10 Browser state</h4>
+ <h4 id=browser-state>7.7.11 Browser state</h4>
<pre class=idl>[NoInterfaceObject, Exposed=Window,Worker]
interface <dfn id=navigatoronline>NavigatorOnLine</dfn> {
Modified: source
===================================================================
--- source 2014-09-02 22:34:58 UTC (rev 8738)
+++ source 2014-09-03 21:39:34 UTC (rev 8739)
@@ -81958,6 +81958,7 @@
</div>
+
<h5>Writing cache manifests</h5>
<p>Manifests must be served using the <code>text/cache-manifest</code> <span>MIME type</span>. All
@@ -82093,7 +82094,8 @@
<p><span data-x="concept-appcache-fallback-ns">Fallback namespaces</span> and <span
data-x="concept-appcache-fallback">fallback entries</span> must have the <span>same origin</span>
- as the manifest itself.</p>
+ as the manifest itself. <span data-x="concept-appcache-fallback-ns">Fallback namespaces</span>
+ must also be <span>in the same path</span> as the manifest's URL.</p>
<p>A <span data-x="concept-appcache-fallback-ns">fallback namespace</span> must not be listed more
than once.</p>
@@ -82147,6 +82149,13 @@
<li><p>Let <var>base URL</var> be the <span>absolute URL</span> representing the
manifest.</p></li>
+ <li><p>Apply the <span>URL parser</span> to <var>base URL</var>, and let <var>manifest path</var>
+ be the <span data-x="concept-url-path">path</span> component thus obtained.</p></li>
+
+ <li><p>Remove all the characters in <var>manifest path</var> after the last U+002F SOLIDUS
+ character (/), if any. (The first character and the last character in <var>manifest path</var>
+ after this step will both be slashes, the URL path separator character.)</p></li>
+
<li><p>Apply the <span>URL parser</span> steps to the <var>base URL</var>, so that the
components from its <span>parsed URL</span> can be used by the subseqent steps of this
algorithm.</p></li>
@@ -82301,6 +82310,13 @@
<p>If the <span>absolute URL</span> corresponding to either <var>part one</var> or
<var>part two</var> does not have the <span>same origin</span> as the manifest's URL,
then jump back to the step labeled <i>start of line</i>.</p> <!-- SECURITY -->
+
+ <p>Let <var>part one path</var> be the <span data-x="concept-url-path">path</span> component
+ of the <span>resulting parsed URL</span> for <var>part one</var>.</p>
+
+ <p>If <var>manifest path</var> is not a <span>prefix match</span> for <var>part one
+ path</var>, then jump back to the step labeled <i>start of line</i>.</p> <!-- SECURITY (in
+ depth) -->
<!--REMOVE-TOPIC:Security-->
<p>Let <var>part one</var> be the result of applying the <span
@@ -83336,7 +83352,39 @@
</div>
+<!--ADD-TOPIC:Security-->
+ <h4>Security concerns with offline applications caches</h4>
+ <!-- NON-NORMATIVE SECTION -->
+
+ <p>The main risk introduced by offline application caches is that an injection attack can be
+ elevated into persistent site-wide page replacement. This attack involves using an injection
+ vulnerability to upload two files to the victim site. The first file is an application cache
+ manifest consisting of just a fallback entry pointing to the second file, which is an HTML page
+ whose manifest is declared as that first file. Once the user has been directed to that second
+ file, all subsequent accesses to any file covered by the given fallback namespace while either the
+ user or the site is offline will instead show that second file. Targetted denial-of-service
+ attacks can be used to ensure that the site appears offline.</p>
+
+ <p>To mitigate this, manifests can only specify fallbacks that are in the same path as the
+ manifest itself. This means that a content injection upload vulnerability in a particular
+ directory on a server can only be escalated to a take-over of that directory and its
+ subdirectories. If there is no way to inject a file into the root directory, the entire site
+ cannot be taken over.</p>
+
+ <p>If a site has been attacked in this way, simply removing the offending manifest will eventually
+ clear the problem, since the next time the manifest is updated, a 404 error will be seen, and the
+ user agent will clear the cache. "Eventually" is the key word here, however; while the attack on
+ the user or server is ongoing, such that connections from an affected user to the affected site
+ are blocked, the user agent will simply assume that the user is offline and will continue to use
+ the hostile manifest.</p>
+
+ <p>TLS does not inherently protect a site from this attack, since the attack relies on content
+ being served from the server itself. Not using application caches also does not prevent this
+ attack, since the attack relies on an attacker-provided manifest.</p>
+<!--REMOVE-TOPIC:Security-->
+
+
<h4>Application cache API</h4>
<pre class="idl">[Exposed=Window,SharedWorker]
More information about the Commit-Watchers
mailing list