Short URL: http://html5.org/r/6523
| SVN | Bug | Comment | Time (UTC) |
|---|---|---|---|
| 6523 | 2011-08-23 23:27 |
Index: source
===================================================================
--- source (revision 6522)
+++ source (revision 6523)
@@ -80196,7 +80196,11 @@
the user is not repeatedly prompted with the same request.</p>
<p>The arguments to the methods have the following meanings and
- corresponding implementation requirements:</p>
+ corresponding implementation requirements. The requirements that
+ involve throwing exceptions must be processed in the order given
+ below, stopping at the first exception raised. (So the
+ <code>SECURITY_ERR</code> exceptions take precedence over the
+ <code>SYNTAX_ERR</code> exception.)</p>
<dl>
@@ -80214,9 +80218,34 @@
(as in "<code>ftp:</code>"), will never match anything, since
schemes don't contain colons.</p>
- <p class="note">This feature is not intended to be used with
- non-standard protocols.</p>
+ <p>If the <code
+ title="dom-navigator-registerProtocolHandler">registerProtocolHandler()</code>
+ method is invoked with a scheme that is neither a
+ <span>whitelisted scheme</span> nor a scheme whose value starts
+ with the substring "<code title="">web+</code>" and otherwise
+ contains only characters in the range U+0061 LATIN SMALL LETTER A
+ to U+007A LATIN SMALL LETTER Z, the user agent must raise
+ <code>SECURITY_ERR</code> exception.</p>
+ <p>The following schemes are the <dfn title="whitelisted
+ scheme">whitelisted schemes</dfn>:</p>
+
+ <ul class="brief">
+ <li><code title="">irc</code></li>
+ <li><code title="">mailto</code></li>
+ <li><code title="">mms</code></li>
+ <li><code title="">news</code></li>
+ <li><code title="">nntp</code></li>
+ <li><code title="">sms</code></li>
+ <li><code title="">smsto</code></li>
+ <li><code title="">tel</code></li>
+ <li><code title="">urn</code></li>
+ <li><code title="">webcal</code></li>
+ </ul>
+
+ <p class="note">This list can be changed. If there are schemes
+ that should be added, please send feedback.</p>
+
</dd>
<dt><var title="">mimeType</var> (<code title="dom-navigator-registerContentHandler">registerContentHandler()</code> only)</dt>
@@ -80242,6 +80271,36 @@
used by the user agent <em>after</em> the sniffing algorithms have
been applied.</p>
+ <p>If the <code
+ title="dom-navigator-registerContentHandler">registerContentHandler()</code>
+ method is invoked with a <span>MIME type</span> that is in the
+ <span>type blacklist</span> or that the user agent has deemed a
+ privileged type, the user agent must raise
+ <code>SECURITY_ERR</code> exception.</p>
+
+ <p>The following <span title="MIME type">MIME types</span> are in
+ the <dfn>type blacklist</dfn>:</p>
+
+ <ul title="brief">
+
+ <li><code>text/cache-manifest</code></li>
+ <li><code>text/css</code></li>
+ <li><code>text/html-sandboxed</code></li>
+ <li><code>text/html</code></li>
+ <li><code>text/ping</code></li>
+ <li><code>text/plain</code></li>
+ <li><code>application/x-www-form-urlencoded</code></li>
+ <li><code>image/gif</code></li>
+ <li><code>image/jpeg</code></li>
+ <li><code>image/png</code></li>
+ <li>All <span title="XML MIME type">XML MIME types</span></li>
+ <li>All types that the user agent supports displaying natively in a <span>browsing context</span> during <span title="navigate">navigation</span></li>
+
+ </ul>
+
+ <p class="note">This list can be changed. If there are schemes
+ that should be added, please send feedback.</p>
+
</dd>
@@ -80275,6 +80334,15 @@
percent-encoded form of that character. <a
href="#refsRFC3986">[RFC3986]</a></p>
+ <p>User agents must raise a <code>SYNTAX_ERR</code> exception if
+ the <var title="">url</var> argument passed to one of these
+ methods does not contain the exact literal string
+ "<code>%s</code>", or if <span title="resolve a
+ url">resolving</span> the <var title="">url</var> argument with
+ the first occurrence of the string "<code title="">%s</code>"
+ removed, relative to the <span>entry script</span>'s <span
+ title="script's base URL">base URL</span>, is not successful.</p>
+
<div class="example">
<p>If the user had visited a site at <code
@@ -80315,26 +80383,6 @@
</dl>
- <p>User agents should raise <code>SECURITY_ERR</code> exceptions if
- the methods are called with <var title="">scheme</var> or <var
- title="">mimeType</var> values that the UA deems to be
- "privileged". For example, a site attempting to register a handler
- for <code>http</code> URLs or <code>text/html</code> content in a
- Web browser would likely cause an exception to be raised.</p>
-
- <p>User agents must raise a <code>SYNTAX_ERR</code> exception if the
- <var title="">url</var> argument passed to one of these methods does
- not contain the exact literal string "<code>%s</code>", or if <span
- title="resolve a url">resolving</span> the <var title="">url</var>
- argument with the first occurrence of the string "<code
- title="">%s</code>" removed, relative to the <span>entry
- script</span>'s <span title="script's base URL">base URL</span>, is
- not successful.</p>
-
- <p>User agents must not raise any other exceptions (other than
- binding-specific exceptions, such as for an incorrect number of
- arguments in an JavaScript implementation).</p>
-
<p>This section does not define how the pages registered by these
methods are used, beyond the requirements on how to process the <var
title="">url</var> value (see above). To some extent, the <span
@@ -111509,6 +111557,50 @@
<!--START w3c-html--><!--PING-->
+ <h3><dfn title="scheme-web"><code>web+</code> scheme prefix</dfn></h3>
+
+ <p>This section describes a convention for use with the IANA URI
+ scheme registry. It does not itself register a specific scheme. <a
+ href="#refsRFC4395">[RFC4395]</a></p>
+
+ <dl>
+ <dt>URI scheme name</dt>
+ <dd>
+ Schemes starting with the four characters "<code
+ title="">web+</code>" followed by one or more letters in the range
+ <code title="">a</code>-<code title="">z</code>.
+ </dd>
+ <dt>Status</dt>
+ <dd>permanent</dd>
+ <dt>URI scheme syntax</dt>
+ <dd>Scheme-specific.</dd>
+ <dt>URI scheme semantics</dt>
+ <dd>Scheme-specific.</dd>
+ <dt>Encoding considerations</dt>
+ <dd>All "<code title="">web+</code>" schemes should use UTF-8 encodings were relevant.</dd>
+ <dt>Applications/protocols that use this URI scheme name</dt>
+ <dd>Scheme-specific.</dd>
+ <dt>Interoperability considerations</dt>
+ <dd>The scheme is expected to be used in the context of Web applications.</dd>
+ <dt>Security considerations</dt>
+ <dd>
+ Any Web page is able to register a handler for all "<code
+ title="">web+</code>" schemes. As such, these schemes must not be
+ used for features intended to be core platform features (e.g.
+ network transfer protocols like HTTP or FTP). Similarly, such
+ schemes must not store confidential information in their URLs,
+ such as usernames, passwords, personal information, or
+ confidential project names.
+ </dd>
+ <dt>Contact</dt>
+ <dd>Ian Hickson <ian@hixie.ch></dd>
+ <dt>Author/Change controller</dt>
+ <dd>Ian Hickson <ian@hixie.ch></dd>
+ <dt>References</dt>
+ <dd>W3C</dd>
+ </dl>
+
+
<h2 id="index" class="no-num">Index</h2>
<div class="impl">
@@ -115934,6 +116026,9 @@
Layer Security (TLS) Extensions</a></cite>, S. Blake-Wilson,
M. Nystrom, D. Hopwood, J. Mikkelsen, T. Wright. IETF.</dd>
+ <dt id="refsRFC4395">[RFC4395]</dt>
+ <dd><cite><a href="http://tools.ietf.org/html/rfc4395">Guidelines and Registration Procedures for New URI Schemes</a></cite>, T. Hansen, T. Hardie, L. Masinter. IETF.</dd>
+
<dt id="refsRFC4648">[RFC4648]</dt>
<dd><cite><a href="http://tools.ietf.org/html/rfc4648">The Base16,
Base32, and Base64 Data Encodings</a></cite>, S. Josefsson.
@@ -116474,6 +116569,7 @@
James Craig,
James Graham,
James Justin Harrell,
+ James Kozianski,
James M Snell,
James Perrett,
James Robinson,
@@ -116779,6 +116875,7 @@
Wayne Pollock,
Wellington Fernando de Macedo,
Weston Ruter,
+ Wilhelm Joys Andersen,
Will Levine,
William Swanson,
Wladimir Palant,