Short URL: http://html5.org/r/5111
Index: source
===================================================================
--- source (revision 5110)
+++ source (revision 5111)
@@ -5727,17 +5727,24 @@
<p>When a user agent is to <dfn>fetch</dfn> a resource or
<span>URL</span>, optionally from an origin <i title="">origin</i>,
- and optionally with a <i>synchronous flag</i> and/or a <i>manual
- redirect flag</i>, the following steps must be run. (When a
- <em>URL</em> is to be fetched, the URL identifies a resource to be
- obtained.)</p>
+ and optionally with a <i>synchronous flag</i>, a <i>manual redirect
+ flag</i>, and/or a <i>force same-origin flag</i>, the following
+ steps must be run. (When a <em>URL</em> is to be fetched, the URL
+ identifies a resource to be obtained.)</p>
<!-- if invoked with the synchronous flag, make sure to release the
storage mutex first -->
- <!-- synchronous flag is only used by sync-XHR, for legacy reasons;
- don't use it in new features! -->
+ <!-- synchronous flag is only to be used in algorithms that are
+ themselves asynchronous! Only sync-XHR is allowed to make the
+ mistake of screwing that up. :-P -->
+ <!-- the force same-origin flag is for use in places where we'll be
+ moving to CORS one day; when used, the algorithm must be invoked
+ with a URL (not something else, like a POST request) whose origin is
+ the same as the /origin/, which must also be present, and the
+ algorithm must not be invoked with the manual redirect flag. -->
+
<ol>
<li>
@@ -5857,6 +5864,18 @@
<dl class="switch">
+ <dt>If the <i>force same-origin flag</i> is set and the
+ <span>URL</span> of the target of the redirect does not have the
+ <span>same origin</span> as the <span>URL</span> for which the
+ <span>fetch</span> algorithm was invoked</dt>
+
+ <dd>
+
+ <p>Abort these steps and return failure from this algorithm, as
+ if the remote host could not be contacted.</p>
+
+ </dd>
+
<dt>If the <i>manual redirect flag</i> is set</dt>
<dd>
@@ -21062,7 +21081,7 @@
<p>If the image was not fetched (e.g. because the UA's image support
is disabled, or because the <code title="attr-img-src">src</code>
attribute's value is the empty string, or if the conditions in the
- previous paragraph are not met, then the image is <em>not</em> <i
+ previous paragraph are not met), then the image is <em>not</em> <i
title="img-available">available</i>.</p>
<p>Whether the image is fetched successfully or not (e.g. whether
@@ -26352,8 +26371,9 @@
<p>Begin to <span>fetch</span> the <var title="">current media
resource</var>, from the <span>media element</span>'s
- <code>Document</code>'s <span>origin</span>.</p> <!-- not
- http-origin privacy sensitive (looking forward to CORS here) -->
+ <code>Document</code>'s <span>origin</span>, with the <i>force
+ same-origin flag</i> set.</p> <!-- not http-origin privacy
+ sensitive (looking forward to CORS here) -->
<p>Every 350ms (±200ms) or for every byte received, whichever
is <em>least</em> frequent, <span>queue a task</span> to
@@ -28632,36 +28652,38 @@
<li>
- <p><i>Download</i>: <span>Fetch</span> <var title="">URL</var>, if
- it isn't the empty string.</p><!-- http-origin privacy sensitive
- --> <!-- XXX this should be _not_ http-origin privacy sensitive,
- like <video src>, for consistency with that one, so that we can
- extend it to CORS -->
+ <p><i>Download</i>: If <var title="">URL</var> is not the empty
+ string, and its <span>origin</span> is the same as the <span>media
+ element</span>'s <code>Document</code>'s <span>origin</span>, then
+ <span>fetch</span> <var title="">URL</var>, from the <span>media
+ element</span>'s <code>Document</code>'s <span>origin</span>, with
+ the <i>force same-origin flag</i> set.</p> <!-- not http-origin
+ privacy sensitive (looking forward to CORS here) -->
<p>The <span title="concept-task">tasks</span> <span title="queue
a task">queued</span> by the <span title="fetch">fetching
algorithm</span> on the <span>networking task source</span> to
- process the data as it is being fetched must run the following
- steps:</p>
+ process the data as it is being fetched must examine the
+ resource's <span title="Content-Type">Content Type
+ metadata</span>, once it is available, if it ever is. If no <span
+ title="Content-Type">Content Type metadata</span> is ever
+ available, or if the type is not recognised as a timed track
+ format, then the resource's format must be assumed to be
+ unsupported (this causes the load to fail, as described below). If
+ a type is obtained, and represents a supported timed track format,
+ then the resource's data must be passed to the appropriate parser
+ as it is received, with the <span>timed track list of cues</span>
+ being used for that parser's output.</p>
- <ol>
-
- <li><p><span class="XXX">...this is where cross-origin checks
- go...</span></p></li>
-
- <li><p class="XXX">determine format...</p></li>
-
- <li><p class="XXX">hand off to appropriate parser...</p></li>
-
- </ol>
-
<p>If the <span title="fetch">fetching algorithm</span> fails for
- any reason (network error, the server returns an error code, the
- cross-origin checks mentioned above fail, etc), or if <var
- title="">URL</var> is the empty string, then <span>queue a
- task</span> to first change the <span>timed track readiness state</span>
- to <span title="timed track failed to load">failed to load</span>
- and then <span>fire a simple event</span> named <code
+ any reason (network error, the server returns an error code, a
+ cross-origin check fails, etc), or if <var title="">URL</var> is
+ the empty string or has the wrong <span>origin</span> as
+ determined by the condition at the start of this step, or if the
+ fetched resource is not in a supported format, then <span>queue a
+ task</span> to first change the <span>timed track readiness
+ state</span> to <span title="timed track failed to load">failed to
+ load</span> and then <span>fire a simple event</span> named <code
title="event-error">error</code> at the <code>track</code>
element; and then, once that <span
title="concept-task">task</span> is <span title="queue a
@@ -28715,6 +28737,9 @@
</ol>
+ <p>Until one of the above circumstances occurs, the user agent
+ must remain on this step.</p>
+
</li>
<li><p><i>Monitoring</i>: Wait until the <span>track URL</span> is
@@ -28850,18 +28875,22 @@
<h5>WebSRT</h5>
- <p>The WebSRT format (Web Subtitle Resource Tracks) is a format
- intended for marking up external timed track resources.</p>
+ <p>The <dfn>WebSRT</dfn>s format (Web Subtitle Resource Tracks) is a
+ format intended for marking up external timed track resources.</p>
<h6>Syntax</h6>
<p>A <dfn>WebSRT file</dfn> must consist of a <span>WebSRT file
- body</span> encoded as UTF-8.</p>
+ body</span> encoded as UTF-8 and labeled with the <span>MIME
+ type</span> <code>text/srt</code>.</p>
<p>A <dfn>WebSRT file body</dfn> consists of zero or more <span
- title="WebSRT cue">WebSRT cues</span> separated from each other by
- two or more <span title="WebSRT line terminator">WebSRT line
+ title="WebSRT line terminator">WebSRT line terminators</span>,
+ followed by zero or more <span title="WebSRT cue">WebSRT cues</span>
+ separated from each other by two or more <span title="WebSRT line
+ terminator">WebSRT line terminators</span>, followed by zero or more
+ <span title="WebSRT line terminator">WebSRT line
terminators</span>.</p>
<p>A <dfn>WebSRT cue</dfn> consists of the following components, in
@@ -28874,7 +28903,6 @@
<li>A <span>WebSRT line terminator</span>.</li>
<li>Optionally, a <span>WebSRT voice declaration</span>.</li>
<li>One or more <span title="WebSRT cue text line">WebSRT cue text lines</span>, each separated from the next by a <span>WebSRT line terminator</span>.</li>
- <li>Zero or more <span title="WebSRT line terminator">WebSRT line terminators</span>.</li>
</ol>
<p>A <dfn>WebSRT line terminator</dfn> consists of one of the
@@ -28922,9 +28950,18 @@
</ol>
- <p class="XXX"><dfn>WebSRT voice declaration</dfn>; <dfn>WebSRT cue text line</dfn>; <dfn>WebSRT timestamp</dfn></p>
+ <p>A <dfn>WebSRT timestamp</dfn> consists of the following
+ components, in the given order:</p>
+ <ol>
+ <li class="XXX">...
+
+ </ol>
+
+ <p class="XXX"><dfn>WebSRT voice declaration</dfn>; <dfn>WebSRT cue text line</dfn></p>
+
+
<div class="impl">
<h6>Parsing</h6>
@@ -28933,13 +28970,26 @@
<span>timed track list of cues</span> <var title="">output</var>,
must convert the bytes into a string of Unicode characters by
interpreting them as UTF-8, and then must parse the resulting string
- according to the <span>WebSRT parser algorithm</span> below. A
- <span>WebSRT parser</span>, specifically its conversion and parsing
- steps, is typically run asynchronously, with the input byte stream
- being updated incrementally as the resource is downloaded; this is
- called an <dfn>incremental WebSRT parser</dfn>.</p>
+ according to the <span>WebSRT parser algorithm</span> below. This
+ results in <span title="timed track cue">timed track cues</span>
+ being added to <var title="">output</var>.</p>
- <p>When convering the bytes into Unicode characters, bytes or
+ <p>A <span>WebSRT parser</span>, specifically its conversion and
+ parsing steps, is typically run asynchronously, with the input byte
+ stream being updated incrementally as the resource is downloaded;
+ this is called an <dfn>incremental WebSRT parser</dfn>.</p>
+
+ <p>The following <span title="MIME type">MIME type<!--s--></span> must be
+ recognised as indicating the <span>WebSRT</span> format:</p>
+
+ <ul class="brief">
+ <li><code>text/srt</code></li>
+ </ul>
+
+ <!--<p class="note">Not all of these MIME types are valid registered
+ types.</p>-->
+
+ <p>When converting the bytes into Unicode characters, bytes or
sequences of bytes that are not valid UTF-8 sequences must be
interpreted as a U+FFFD REPLACEMENT CHARACTER, and all U+0000 NULL
characters must be replaced by U+FFFD REPLACEMENT CHARACTERs.</p>
@@ -28948,8 +28998,9 @@
<ol>
- <li><p>Let <var title="">input</var> be the string being
- parsed.</p></li>
+ <li><p>Let <var title="">input</var> be the string being parsed,
+ after conversion to Unicode and after the replacement of U+0000
+ NULL characters described above.</p></li>
<li><p>Let <var title="">position</var> be a pointer into <var
title="">input</var>, initially pointing at the start of the
@@ -28982,7 +29033,7 @@
<li><p>If <var title="">line</var> contains the three-character
substring "<code title="">--></code>" (U+002D HYPHEN-MINUS, U+002D
HYPHEN-MINUS, U+003E GREATER-THAN SIGN), then jump to the step
- labeled <i>timing</i> below.</p></li>
+ labeled <i>timings</i> below.</p></li>
<li><p>Let <var title="">id</var> be <var
title="">line</var>.<p></li>
@@ -29009,13 +29060,72 @@
<li><p>If <var title="">line</var> is the empty string, then jump
to the step labeled <i>cue loop</i>.</p></li>
- <li><p><i>Timings</i>: <span class="XXX">...</span></p></li>
+ <li><p>If <var title="">line</var> does not contain the
+ three-character substring "<code title="">--></code>" (U+002D
+ HYPHEN-MINUS, U+002D HYPHEN-MINUS, U+003E GREATER-THAN SIGN), then
+ jump to the step labeled <i>bad cue</i> below.</p></li>
+ <li><p><i>Timings</i>: <span>Collect WebSRT cue timings and
+ settings</span> from <var title="">line</var>. If that fails, jump
+ to the step labeled <i>bad cue</i>. Otherwise, let <var
+ title="">start time</var> be the first collected time, <var
+ title="">end time</var> be the second collected time, and
+ <span class="XXX">...settings...</span>.</p></li>
+
+ <li><p class="XXX">...voice...</p></li>
+
+ <li><p class="XXX">...cues...</p></li>
+
+ <li><p>Let <var title="">cue</var> be a newly created <span>timed
+ track cue</span>.</p></li>
+
+ <li><p class="XXX">...fill cue...</p></li>
+
+ <li><p>Jump to the step labeled <i>cue loop</i>.</p></li>
+
<li><p><i>End</i>: The file has ended. Abort these steps. The
<span>WebSRT parser</span> has finished.</p></li>
</ol>
+ <p>When the algorithm above requires that the user agent
+ <dfn>collect WebSRT cue timings and settings</dfn> from a string,
+ the user agent must run the following algorithm. This algorithm
+ either fails, or returns two timestamps and <span class="XXX">...settings...</span>.</p>
+
+ <ol>
+
+ <li><p>Let <var title="">input</var> be the string being
+ parsed.</p></li>
+
+ <li><p>Let <var title="">position</var> be a pointer into <var
+ title="">input</var>, initially pointing at the start of the
+ string.</p></li>
+
+ <li><p><span>Skip whitespace</span>.</p></li>
+
+ <li><p><span>Collect a WebSRT timestamp</span>. If that algorithm
+ fails, then abort these steps and return failure.</p></li>
+
+ <li><p><span>Skip whitespace</span>.</p></li>
+
+ <li><p class="XXX">check that we're at "<--" and fail if we're not</p></li>
+
+ <li><p><span>Skip whitespace</span>.</p></li>
+
+ <li><p><span>Collect a WebSRT timestamp</span>. If that algorithm
+ fails, then abort these steps and return failure.</p></li>
+
+ <li><p><span>Skip whitespace</span>.</p></li>
+
+ <li><p class="XXX">...settings...</p></li>
+
+ <li><p>Return the two collected timestamps and <span class="XXX">...settings...</span>.</p></li>
+
+ </ol>
+
+ <p class="XXX"><dfn>Collect a WebSRT timestamp</dfn>...</p>
+
</div>
<!--START w3c-html--><!--TT-->
@@ -66901,10 +67011,10 @@
<li>
<p><i>Fetching the manifest</i>: <span>Fetch</span> the resource
- from <var title="">manifest URL</var>, and let <var
- title="">manifest</var> be that resource.</p> <!-- http-origin
- privacy sensitive, though it doesn't matter, since this can never
- be cross-origin -->
+ from <var title="">manifest URL</var> with the <i>synchronous
+ flag</i> set, and let <var title="">manifest</var> be that
+ resource.</p> <!-- http-origin privacy sensitive, though it
+ doesn't matter, since this can never be cross-origin -->
<p>If the resource is labeled with the <span>MIME type</span>
<code>text/cache-manifest</code>, parse <var
@@ -67191,15 +67301,16 @@
<li>
<p><span>Fetch</span> the resource, from the <span>origin</span>
- of the <span>URL</span> <var title="">manifest URL</var>. If
- this is an <span title="concept-appcache-upgrade">upgrade
- attempt</span>, then use the <span
- title="concept-appcache-newer">newest</span> <span>application
- cache</span> in <var title="">cache group</var> as an HTTP
- cache, and honor HTTP caching semantics (such as expiration,
- ETags, and so forth) with respect to that cache. User agents may
- also have other caches in place that are also honored.</p> <!--
- not http-origin privacy sensitive -->
+ of the <span>URL</span> <var title="">manifest URL</var>, with
+ the <i>synchronous flag</i> set and the <i>manual redirect
+ flag</i> set. If this is an <span
+ title="concept-appcache-upgrade">upgrade attempt</span>, then
+ use the <span title="concept-appcache-newer">newest</span>
+ <span>application cache</span> in <var title="">cache
+ group</var> as an HTTP cache, and honor HTTP caching semantics
+ (such as expiration, ETags, and so forth) with respect to that
+ cache. User agents may also have other caches in place that are
+ also honored.</p> <!-- not http-origin privacy sensitive -->
<p class="note">If the resource in question is already being
downloaded for other reasons then the existing download process
@@ -67406,9 +67517,10 @@
<li>
<p><span>Fetch</span> the resource from <var title="">manifest
- URL</var> again, and let <var title="">second manifest</var> be
- that resource.</p> <!-- http-origin privacy sensitive, though it
- doesn't matter, since this can never be cross-origin -->
+ URL</var> again, with the <i>synchronous flag</i> set, and let
+ <var title="">second manifest</var> be that resource.</p> <!--
+ http-origin privacy sensitive, though it doesn't matter, since
+ this can never be cross-origin -->
</li>
@@ -76130,18 +76242,17 @@
<li>
<p>Attempt to <span>fetch</span> the resource identified by <var
- title="">url</var>, from the <var title="">owner origin</var>.</p>
- <!-- not http-origin privacy sensitive -->
+ title="">url</var>, from the <var title="">owner origin</var>,
+ with the <i>synchronous flag</i> set and the <i>force same-origin
+ flag</i> set.</p> <!-- not http-origin privacy sensitive (looking
+ forward to CORS) -->
- <p>If the attempt fails, or if the attempt involves any redirects
- to URIs that do not have the <span>same origin</span> as <var
- title="">url</var> (even if the final URI is at the <span>same
- origin</span> as the original <var title="">url</var>), then for
- each <code>Worker</code> or <code>SharedWorker</code> object
- associated with <var title="">worker global scope</var>,
- <span>queue a task</span> to <span>fire a simple event</span>
- named <code title="event-error">error</code> at that
- object. Abort these steps.</p>
+ <p>If the attempt fails, then for each <code>Worker</code> or
+ <code>SharedWorker</code> object associated with <var
+ title="">worker global scope</var>, <span>queue a task</span> to
+ <span>fire a simple event</span> named <code
+ title="event-error">error</code> at that object. Abort these
+ steps.</p>
<p>If the attempt succeeds, then convert the script resource to
Unicode by assuming it was encoded as UTF-8, to obtain its <var
@@ -76994,8 +77105,9 @@
<p>Attempt to <span>fetch</span> each resource identified by the
resulting <span title="absolute URL">absolute URLs</span>, from
- the <span>entry script</span>'s <span>origin</span>.</p> <!-- not
- http-origin privacy sensitive -->
+ the <span>entry script</span>'s <span>origin</span>, with the
+ <i>synchronous flag</i> set.</p> <!-- not http-origin privacy
+ sensitive -->
</li>
@@ -77418,12 +77530,18 @@
<li><p>Return a new <code>EventSource</code> object, and continue
these steps in the background (without blocking scripts).</p></li>
+ <li><p>If the <span>origin</span> of the resulting <span>absolute
+ URL</span> is not the <span>same origin</span> as that of the
+ <span>entry script</span>, then act as if the resource could not be
+ obtained due to a network error and abort these steps.</p></li>
+
<li>
<p><span>Fetch</span> the resource identified by the resulting
<span>absolute URL</span>, from the <span>entry script</span>'s
- <span>origin</span>, and process it as described below.</p> <!--
- not http-origin privacy sensitive -->
+ <span>origin</span>, with the <i>force same-origin flag</i> set,
+ and process it as described below.</p> <!-- not http-origin
+ privacy sensitive (looking forward to CORS) -->
<p class="note">The definition of the <span
title="fetch">fetching</span> algorithm is such that if the
@@ -77543,15 +77661,6 @@
sources. User agents should ignore HTTP cache headers in the
response, never caching event sources.</p>
- <p>User agents must act as if the connection had failed due to a
- network error if the <span>origin</span> of the <span>URL</span> of
- the resource to be <span title="fetch">fetched</span> is not the
- <span>same origin</span> as that of the <span>entry script</span>
- when the <code title="dom-EventSource">EventSource()</code>
- constructor is invoked.</p>
-
- <!-- v2: add CORS support -->
-
<hr>
<p>As data is received, the <span title="concept-task">tasks</span>