Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[] (0) Cleanup around <img> requirements. Disallow scripts to run in …
…<img> images.

git-svn-id: http://svn.whatwg.org/webapps@1956 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Jul 30, 2008
1 parent 51c0579 commit 0796a55
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 28 deletions.
34 changes: 20 additions & 14 deletions index
Expand Up @@ -15436,16 +15436,17 @@ interface <dfn id=htmlimageelement>HTMLImageElement</dfn> : <a href="#htmlelemen
href="#img">img</a></code> element's <a href="#fallback">fallback
content</a>.

<p><strong>Authoring requirements</strong>: The <code title=attr-img-src><a
href="#src">src</a></code> attribute must be present, and must contain a
<a href="#valid">valid URL</a>. The requirements on the <code
title=attr-img-alt><a href="#alt0">alt</a></code> attribute's value are
described <a href="#alt">in the next section</a>.
<p>The <code title=attr-img-src><a href="#src">src</a></code> attribute
must be present, and must contain a <a href="#valid">valid URL</a>.

<p class=big-issue>Should we restrict the URL to pointing to an image?
What's an image? Is PDF an image? (Safari supports PDFs in &lt;img>
elements.) How about SVG? (Opera supports those). WMFs? XPMs? HTML?

<p>The requirements on the <code title=attr-img-alt><a
href="#alt0">alt</a></code> attribute's value are described <a
href="#alt">in the next section</a>.

<p class=big-issue>There has been some suggestion that the <code
title="">longdesc</code> attribute from HTML4, or some other mechanism
that is more powerful than <code title="">alt=""</code>, should be
Expand All @@ -15458,11 +15459,10 @@ interface <dfn id=htmlimageelement>HTMLImageElement</dfn> : <a href="#htmlelemen

<hr>

<p><strong>User agent requirements</strong>: When the <code
title=attr-img-alt><a href="#alt0">alt</a></code> attribute is present and
its value is the empty string, the image supplements the surrounding
content. In such cases, the image may be omitted without affecting the
meaning of the document.
<p>When the <code title=attr-img-alt><a href="#alt0">alt</a></code>
attribute is present and its value is the empty string, the image
supplements the surrounding content. In such cases, the image may be
omitted in the rendering without affecting the meaning of the document.

<p>When the <code title=attr-img-alt><a href="#alt0">alt</a></code>
attribute is present and its value is not the empty string, the image is a
Expand All @@ -15487,6 +15487,13 @@ interface <dfn id=htmlimageelement>HTMLImageElement</dfn> : <a href="#htmlelemen
<code title=attr-img-alt><a href="#alt0">alt</a></code> attribute, if any,
or nothing, if that attribute is empty or absent.

<p>When the <code title=attr-img-src><a href="#src">src</a></code>
attribute is present, the element represents the image given by that
attribute.

<p>The contents of <code><a href="#img">img</a></code> elements, if any,
are ignored for the purposes of rendering.

<hr>

<p>When an <code><a href="#img">img</a></code> is created with a <code
Expand Down Expand Up @@ -15526,7 +15533,8 @@ interface <dfn id=htmlimageelement>HTMLImageElement</dfn> : <a href="#htmlelemen
<p class=note>This allows servers to return images with error responses.

<p>User agents must not support non-image resources with the <code><a
href="#img">img</a></code> element.
href="#img">img</a></code> element. User agents must not run executable
code (e.g. scripts) embedded in the image resource.

<hr>

Expand All @@ -15549,9 +15557,7 @@ interface <dfn id=htmlimageelement>HTMLImageElement</dfn> : <a href="#htmlelemen
title=attr-hyperlink-href><a href="#href6">href</a></code> attribute.

<p>The <code><a href="#img">img</a></code> element supports <a
href="#dimension0">dimension attributes</a>.</p>
<!-- XXX contents of <img> should be ignored for rendering but not
for semantics, e.g. <script>, <input>, etc. -->
href="#dimension0">dimension attributes</a>.

<p>The DOM attributes <dfn id=alt1
title=dom-img-alt><code>alt</code></dfn>, <dfn id=src0
Expand Down
33 changes: 19 additions & 14 deletions source
Expand Up @@ -12982,17 +12982,18 @@ interface <dfn>HTMLImageElement</dfn> : <span>HTMLElement</span> {
title="attr-img-alt"><code>alt</code></dfn> attribute is the
<code>img</code> element's <span>fallback content</span>.</p>

<p><strong>Authoring requirements</strong>: The <code
title="attr-img-src">src</code> attribute must be present, and must
contain a <span>valid URL</span>. The requirements on the <code
title="attr-img-alt">alt</code> attribute's value are described <a
href="#alt">in the next section</a>.</p>
<p>The <code title="attr-img-src">src</code> attribute must be
present, and must contain a <span>valid URL</span>.</p>

<p class="big-issue">Should we restrict the URL to pointing to an
image? What's an image? Is PDF an image? (Safari supports PDFs in
&lt;img> elements.) How about SVG? (Opera supports those). WMFs?
XPMs? HTML?</p>

<p>The requirements on the <code title="attr-img-alt">alt</code>
attribute's value are described <a href="#alt">in the next
section</a>.</p>

<p class="big-issue">There has been some suggestion that the <code
title="">longdesc</code> attribute from HTML4, or some other
mechanism that is more powerful than <code title="">alt=""</code>,
Expand All @@ -13005,11 +13006,10 @@ interface <dfn>HTMLImageElement</dfn> : <span>HTMLElement</span> {

<hr>

<p><strong>User agent requirements</strong>: When the <code
title="attr-img-alt">alt</code> attribute is present and its value
is the empty string, the image supplements the surrounding
content. In such cases, the image may be omitted without affecting
the meaning of the document.</p>
<p>When the <code title="attr-img-alt">alt</code> attribute is
present and its value is the empty string, the image supplements the
surrounding content. In such cases, the image may be omitted in the
rendering without affecting the meaning of the document.</p>

<p>When the <code title="attr-img-alt">alt</code> attribute is
present and its value is not the empty string, the image is a
Expand All @@ -13035,6 +13035,13 @@ interface <dfn>HTMLImageElement</dfn> : <span>HTMLElement</span> {
element's <code title="attr-img-alt">alt</code> attribute, if any,
or nothing, if that attribute is empty or absent.</p>

<p>When the <code title="attr-img-src">src</code> attribute is
present, the element represents the image given by that
attribute.</p>

<p>The contents of <code>img</code> elements, if any, are ignored
for the purposes of rendering.</p>

<hr>

<p>When an <code>img</code> is created with a <code
Expand Down Expand Up @@ -13075,7 +13082,8 @@ interface <dfn>HTMLImageElement</dfn> : <span>HTMLElement</span> {
responses.</p>

<p>User agents must not support non-image resources with the
<code>img</code> element.</p>
<code>img</code> element. User agents must not run executable code
(e.g. scripts) embedded in the image resource.</p>

<hr>

Expand All @@ -13099,9 +13107,6 @@ interface <dfn>HTMLImageElement</dfn> : <span>HTMLElement</span> {
<p>The <code>img</code> element supports <span>dimension
attributes</span>.</p>

<!-- XXX contents of <img> should be ignored for rendering but not
for semantics, e.g. <script>, <input>, etc. -->

<p>The DOM attributes <dfn
title="dom-img-alt"><code>alt</code></dfn>, <dfn
title="dom-img-src"><code>src</code></dfn>, <dfn
Expand Down

0 comments on commit 0796a55

Please sign in to comment.