Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[giow] (2) Revamp how <object> type handling works, as the previous m…
…odel was getting impenetrable and didn't match _any_ browsers. This one should more or less match Gecko and avoids known security problems with the previous model. Please let me know if you're a browser vendor and cannot implement this for whatever reason.

git-svn-id: http://svn.whatwg.org/webapps@4985 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Apr 8, 2010
1 parent b88da0b commit 81c737d
Show file tree
Hide file tree
Showing 3 changed files with 558 additions and 178 deletions.
234 changes: 177 additions & 57 deletions complete.html
Expand Up @@ -186,7 +186,7 @@

<header class=head id=head><p><a class=logo href=http://www.whatwg.org/ rel=home><img alt=WHATWG src=/images/logo></a></p>
<hgroup><h1>Web Applications 1.0</h1>
<h2 class="no-num no-toc">Draft Standard &mdash; 7 April 2010</h2>
<h2 class="no-num no-toc">Draft Standard &mdash; 8 April 2010</h2>
</hgroup><p>You can take part in this work. <a href=http://www.whatwg.org/mailing-list>Join the working group's discussion list.</a></p>
<p><strong>Web designers!</strong> We have a <a href=http://blog.whatwg.org/faq/>FAQ</a>, a <a href=http://forums.whatwg.org/>forum</a>, and a <a href=http://www.whatwg.org/mailing-list#help>help mailing list</a> for you!</p>
<!--<p class="impl"><strong>Implementors!</strong> We have a <a href="http://www.whatwg.org/mailing-list#implementors">mailing list</a> for you too!</p>-->
Expand Down Expand Up @@ -2750,6 +2750,12 @@ <h4 id=plugins><span class=secno>2.1.5 </span>Plugins</h4>
<code><a href=#document>Document</a></code> nor introduces any <code><a href=#node>Node</a></code> objects
to the <code><a href=#document>Document</a></code>'s DOM.</p>

<p>A user agent must not consider the types <code>text/plain</code>
and <code>application/octet-stream</code> as having a registered
<a href=#plugin>plugin</a>.</p> <!-- because of the way <object> handles
those types, if nothing else (it also doesn't make any sense to have
a plugin registered for those types, of course) -->

<p>Typically such content handlers are provided by third parties,
though a user agent can designate content handlers to be
plugins.</p>
Expand Down Expand Up @@ -21053,7 +21059,7 @@ <h4 id=the-iframe-element><span class=secno>4.8.2 </span>The <dfn><code>iframe</
context</a> to the resulting <a href=#absolute-url>absolute
URL</a>.</li>

</ol><p><i>Empty:</i> When the steps above require the user agent to
</ol><p><i>Empty</i>: When the steps above require the user agent to
jump to the <i title="">empty</i> step, if the user agent is
processing this <code><a href=#the-iframe-element>iframe</a></code>'s attributes for the first
time, then the user agent must <a href=#queue-a-task>queue a task</a> to
Expand Down Expand Up @@ -22206,17 +22212,65 @@ <h4 id=the-object-element><span class=secno>4.8.4 </span>The <dfn><code>object</
<code title=event-error>error</code> at the element, then jump
to the last step in the overall set of steps (fallback).</li>

<li><p>Determine the <var title="">resource type</var>, as follows:</p>
<li id=object-type-detection>

<ol><li>
<p>Determine the <var title="">resource type</var>, as follows:</p>

<p>Let the <var title="">resource type</var> be unknown.</p>
<!-- Hopefully this step is exactly equivalent to the following:

</li>
START
|
V
Is there a Content-Type and is the UA going to obey it blindly?
| |
| YES | NO
| V YES
| Is there a type="" attribute whose value is a plugin type? ============================================-.
| | |
| | NO |
| V NO YES V
| Is there a Content type? ========-> Is there a type="" attribute? ====================================>-+
| | | |
| | YES | NO |
V NO V | |
+-<============== Is it text/plain or application/octet-stream? `============> Sniff ==-. |
| | | | |
| | text/plain | octet-stream V |
| V YES V Is the sniffed-type |
| Does the page sniff as binary? ======> Is there a type="" attribute? application/octet-stream? |
| | | | | | |
| | NO | YES | NO | YES | NO |
| | | V V | |
| | | Extension that is plugin type? | |
| | | | | | |
| | | | NO | YES | |
| | V | | | |
| | Type attribute is XML or YES V | | |
| | doesn't start with image/* ======> FALLBACK | | |
| | and is not a plugin type? | | |
| | | | | |
| | | NO | V V
V V V V Use Use
Use Use Use it (will be Use sniffed type=""
Content-Type text/plain bitmap or plugin) extension type attribute
| | | | | |
| V V V V |
`================->-+========================================>-+==============>-+-<============-+-<==============+-<======'
|
V
Continue following rules in the spec, which might
result in a plugin, a browsing context, an image,
or using fallback, depending on the UA and the type.


"Extension that is plugin type?" means "Is there an extension that matches one that a plugin supports?".
Plugins are not allowed to register text/plain or application/octet-stream.

<li>
-->

<p>Let the <var title="">sniffed</var> flag be false.</p>
<ol><li>

<p>Let the <var title="">resource type</var> be unknown.</p>

</li>

Expand All @@ -22229,7 +22283,8 @@ <h4 id=the-object-element><span class=secno>4.8.4 </span>The <dfn><code>object</
<a href=#content-type title=Content-Type>associated Content-Type
metadata</a>, then let the <var title="">resource
type</var> be the type specified in <a href=#content-type title=Content-Type>the resource's Content-Type
metadata</a>, and abort these substeps.</p>
metadata</a>, and jump to the step below labeled
<i>handler</i>.</p>

</li>

Expand All @@ -22241,84 +22296,146 @@ <h4 id=the-object-element><span class=secno>4.8.4 </span>The <dfn><code>object</
but it <em>is</em> a type that a <a href=#plugin>plugin</a> supports,
then let the <var title="">resource type</var> be the type
specified in that <code title=attr-object-type><a href=#attr-object-type>type</a></code>
attribute.</p>
attribute, and jump to the step below labeled
<i>handler</i>.</p>

</li>

<li>

<p>Otherwise, if the <var title="">resource type</var> is
unknown, and the resource has <a href=#content-type title=Content-Type>associated Content-Type metadata</a>,
then let the <var title="">resource type</var> be the type
specified in <a href=#content-type title=Content-Type>the resource's
Content-Type metadata</a>.</p>
<p>Run the approprate set of steps from the following
list:</p>

<p>If this results in the <var title="">resource type</var>
being "<code title="">text/plain</code>", then let the <var title="">resource type</var> be the result of applying the
<a href=#content-type-sniffing:-text-or-binary title="Content-Type sniffing: text or binary">rules for
distingushing if a resource is text or binary</a> to the
resource instead, and then set the <var title="">sniffed</var>
flag to true.</p>
<dl class=switch><dt>The resource has <a href=#content-type title=Content-Type>associated
Content-Type metadata</a></dt>

</li>
<dd>

<li>
<ol><li>

<p>If the <var title="">resource type</var> is unknown or
"<code title="">application/octet-stream</code>" at this point
and there is a <code title=attr-object-type><a href=#attr-object-type>type</a></code>
attribute present on the <code><a href=#the-object-element>object</a></code> element, then
change the <var title="">resource type</var> to instead be the
type specified in that <code title=attr-object-type><a href=#attr-object-type>type</a></code> attribute.</p>
<p>Let <var title="">binary</var> be false.</p>

<p>Otherwise, if the <var title="">resource type</var> is
"<code title="">application/octet-stream</code>" but there is
no <code title=attr-object-type><a href=#attr-object-type>type</a></code> attribute on the
<code><a href=#the-object-element>object</a></code> element, then change the <var title="">resource type</var> to be unknown, so that the
sniffing rules in the following steps are invoked.</p>
</li>

</li>
<li>

<p>If the type specified in <a href=#content-type title=Content-Type>the
resource's Content-Type metadata</a> is
"<code>text/plain</code>", and the result of applying the
<a href=#content-type-sniffing:-text-or-binary title="Content-Type sniffing: text or binary">rules
for distingushing if a resource is text or binary</a>
to the resource is that the resource is not
<code>text/plain</code>, then set <var title="">binary</var> to true.</p>

</li>

<li>

<p>If the type specified in <a href=#content-type title=Content-Type>the
resource's Content-Type metadata</a> is
"<code>application/octet-stream</code>", then set <var title="">binary</var> to true.</p>

</li>

<li>

<p>If <var title="">binary</var> is false, then let the
<var title="">resource type</var> be the type specified in
<a href=#content-type title=Content-Type>the resource's Content-Type
metadata</a>, and jump to the step below labeled
<i>handler</i>.</p>

</li>

<li>

<p>If there is a <code title=attr-object-type><a href=#attr-object-type>type</a></code> attribute present on
the <code><a href=#the-object-element>object</a></code> element, then run the
following steps:</p>

<ol><li>

<p>If the attribute's value is a type that a <a href=#plugin>plugin</a> supports, or
the attribute's value is a type that starts with "<code>image/</code>" that is not also an <a href=#xml-mime-type>XML MIME type</a>,
then let the <var title="">resource type</var> be the type specified in that <code title=attr-object-type><a href=#attr-object-type>type</a></code> attribute.</p>

</li>

<li>

<p>Jump to the step below labeled <i>handler</i>.</p>

</li>

</ol></li>

</ol></dd>

<dt>The resource does not have <a href=#content-type title=Content-Type>associated Content-Type
metadata</a></dt>

<dd>

<ol><li>

<p>If there is a <code title=attr-object-type><a href=#attr-object-type>type</a></code> attribute present on
the <code><a href=#the-object-element>object</a></code> element, then let the <var title="">resource type</var> be the type specified in that
<code title=attr-object-type><a href=#attr-object-type>type</a></code> attribute, and
jump to the step below labeled <i>handler</i>.</p>

</li>

<li>

<!-- no content-type and no attribute -->

<p>Let <var title="">sniffed type</var> be the <a href=#content-type-sniffing-0 title="content-type sniffing">sniffed type of the
resource</a>.</p>

</li>

<li>

<p>If <var title="">sniffed type</var> is <em>not</em>
<code>application/octet-stream</code>, then let <var title="">resource type</var> be <var title="">sniffed
type</var> and jump to the step below labeled
<i>handler</i>.</p>

</li>

</ol></dd>

</dl></li>

<li>

<!-- if we get to this point we know we can successfully
parsed the URL, since this algorithm is only used after
fetching the resource in the steps above -->

<p>If the <var title="">resource type</var> is still unknown
at this point, but the <a href=#url-path title=url-path>&lt;path&gt;</a> component of the
<a href=#url>URL</a> of the specified resource (after any
<p>If the <a href=#url-path title=url-path>&lt;path&gt;</a> component
of the <a href=#url>URL</a> of the specified resource (after any
redirects) matches a pattern that a <a href=#plugin>plugin</a>
supports, then let <var title="">resource type</var> be the
type that that plugin can handle.</p>

<p class=example>For example, a plugin might say that it can
handle resources with <a href=#url-path title=url-path>&lt;path&gt;</a>
components that end with the four character string "<code title="">.swf</code>".</p>
handle resources with <a href=#url-path title=url-path>&lt;path&gt;</a> components that end with
the four character string "<code title="">.swf</code>".</p>

<!-- it's sad that we have to do extension sniffing. sigh. -->
<!-- see also <embed> which has a similar step -->

</li>

<li>

<p>If the <var title="">resource type</var> is still unknown,
and the <var title="">sniffed</var> flag is false, then change
the <var title="">resource type</var> to instead be the <a href=#content-type-sniffing-0 title="content-type sniffing">sniffed type of the
resource</a>.</p>
</ol><p class=note>It is possible for this step to finish with <var title="">resource type</var> still being unknown, or for one of
the substeps above to jump straight to the next step. In both
cases, the next step will trigger fallback.</p>

<p>Otherwise, if the <var title="">resource type</var> is
still unknown, and the <var title="">sniffed</var> flag is
<em>true</em>, then change the <var title="">resource
type</var> back to <code title="">text/plain</code>.</p>

</li>

</ol></li>
</li>

<li><p>Handle the content as given by the first of the following
cases that matches:</p>
<li><p><i>Handler</i>: Handle the content as given by the first
of the following cases that matches:</p>

<dl class=switch><dt>If the <var title="">resource type</var> is not a type that
the user agent supports, but it <em>is</em> a type that a
Expand Down Expand Up @@ -22415,6 +22532,9 @@ <h4 id=the-object-element><span class=secno>4.8.4 </span>The <dfn><code>object</
supported. Jump to the last step in the overall set of steps
(fallback).</p>

<p class=note>If the previous step ended with the <var title="">resource type</var> being unknown, this is the case
that is triggered.</p>

</dd>

</dl></li>
Expand Down Expand Up @@ -74072,7 +74192,7 @@ <h5 id=determining-the-character-encoding><span class=secno>12.2.2.1 </span>Dete
<li><p>Advance <var title="">position</var> past the 0x3D (ASCII
=) byte.</li>

<li><p><i>Value:</i> If the byte at <var title="">position</var> is one of 0x09 (ASCII TAB), 0x0A (ASCII
<li><p><i>Value</i>: If the byte at <var title="">position</var> is one of 0x09 (ASCII TAB), 0x0A (ASCII
LF), 0x0C (ASCII FF), 0x0D (ASCII CR), or 0x20 (ASCII space) then
advance <var title="">position</var> to the next byte, then,
repeat this step.</li>
Expand Down

0 comments on commit 81c737d

Please sign in to comment.