Skip to content

Commit

Permalink
[] (0) URLification of javascript: URL section
Browse files Browse the repository at this point in the history 
git-svn-id: http://svn.whatwg.org/webapps@1809 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
@Hixie
Hixie committed Jun 26, 2008
1 parent 6ead4d0 commit 8fa83d9
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 64 deletions.
59 changes: 26 additions & 33 deletions index
View file
Expand Up @@ -30836,63 +30836,55 @@ never reset. This is nice and consistent.)
<h4 id=security4><span class=secno>5.4.2 </span>Security exceptions</h4>

<p class=big-issue>Define <dfn id=security9>security exception</dfn>.</p>
<!-- XXXURL XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \(URI\|IRI\|URL\) -->
<!-- SCRIPT EXEC -->

<h4 id=javascript-protocol><span class=secno>5.4.3 </span><dfn
id=the-javascript title="javascript protocol">The <code
title="">javascript:</code> protocol</dfn></h4>
<!-- XXXURL merge into URLs section? (we could define 'fetch'/'download' while we're at it?) -->
<!-- XXXURL JSURL issue -->
<!-- XXX maybe this should be merged into the 'fetch' section -->

<p>A URI using the <code title="">javascript:</code> protocol must, if and
<p>A URL using the <code title="">javascript:</code> protocol must, if and
when dereferenced, be evaluated by executing the script obtained using the
content retrieval operation defined for <code title="">javascript:</code>
URIs. <a href="#refsJSURI">[JSURI]</a></p>
<!-- XXXURL JSURL issue -->
URLs. <a href="#refsJSURL">[JSURL]</a></p>
<!--
JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.txt and
JSURL: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.txt and
http://www.websitedev.de/ietf/draft-hoehrmann-javascript-scheme-00.txt should be as stable as it gets,
http://ietfreport.isoc.org/idref/draft-hoehrmann-javascript-scheme/ for the latest version
-->
<!-- XXXURL JSURL issue -->

<p>When a <a href="#browsing1">browsing context</a> is <a href="#navigate"
title=navigate>navigated</a> to a <code>javascript:</code> URI, and the <a
title=navigate>navigated</a> to a <code>javascript:</code> URL, and the <a
href="#active">active document</a> of that browsing context has the <a
href="#same-origin">same origin</a> as the script given by that URI, the
href="#same-origin">same origin</a> as the script given by that URL, the
<a href="#script2">script execution context</a> must be the <code><a
href="#window">Window</a></code> object of the <a
href="#browsing1">browsing context</a> being navigated, and the <a
href="#script4">script document context</a> must be that <a
href="#active">active document</a>.</p>
<!-- XXXURL JSURL issue -->
href="#active">active document</a>.

<p>When a browsing context is <a href="#navigate"
title=navigate>navigated</a> to a <code>javascript:</code> URI, and the <a
title=navigate>navigated</a> to a <code>javascript:</code> URL, and the <a
href="#active">active document</a> of that browsing context has an <a
href="#origin0">origin</a> that is <em>not</em> the <a href="#same-origin"
title="same origin">same</a> as that of the script given by the URI, the
title="same origin">same</a> as that of the script given by the URL, the
<a href="#script2">script execution context</a> must be an empty object,
and the <a href="#script3">script browsing context</a> must be the <a
href="#browsing1">browsing context</a> being <a href="#navigate"
title=navigate>navigated</a>.</p>
<!-- XXXURL JSURL issue -->
title=navigate>navigated</a>.

<p>Otherwise, the <a href="#script2">script execution context</a> must be
an empty object, and the <a href="#script2">script execution context</a>'s
associated <a href="#browsing1">browsing context</a> must be the <a
href="#browsing1">browsing context</a> of the <code>Document</code> object
of the element, attribute, or style sheet from which the
<code>javascript:</code> URI was reached.</p>
<!-- XXXURL JSURL issue -->
<code>javascript:</code> URL was reached.

<p>If the result of executing the script is void (there is no return
value), then the URI must be treated in a manner equivalent to an HTTP
resource with an HTTP 204 No Content response.</p>
<!-- XXXURL JSURL issue -->
value), then the URL must be treated in a manner equivalent to an HTTP
resource with an HTTP 204 No Content response.

<p>Otherwise, the URI must be treated in a manner equivalent to an HTTP
<p>Otherwise, the URL must be treated in a manner equivalent to an HTTP
resource with a 200 OK response whose <a href="#content-type5"
title=Content-Type>Content-Type metadata</a> is <code
title="">text/html</code> and whose response body is the return value
Expand All @@ -30902,14 +30894,14 @@ JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t
href="#img">img</a></code> elements, ignore the <a href="#content-type5"
title=Content-Type>Content-Type metadata</a>.

<div class=example> <!-- XXXURL JSURL issue -->
<p>So for example a <code title="">javascript:</code> URI for a <code
<div class=example>
<p>So for example a <code title="">javascript:</code> URL for a <code
title=attr-img-src><a href="#src">src</a></code> attribute of an <code><a
href="#img">img</a></code> element would be evaluated in the context of
an empty object as soon as the attribute is set; it would then be sniffed
to determine the image type and decoded as an image.</p>
<!-- XXXURL JSURL issue -->
<p>A <code title="">javascript:</code> URI in an <code

<p>A <code title="">javascript:</code> URL in an <code
title=attr-a-href>href</code> attribute of an <code><a
href="#a">a</a></code> element would only be evaluated when the link was
<a href="#following0" title="following hyperlinks">followed</a>.</p>
Expand Down Expand Up @@ -31470,12 +31462,13 @@ JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t
<p>The function referenced by the <code title=handler-onerror><a
href="#onerror">onerror</a></code> attribute must be invoked with three
arguments, before notifying the user of the error.</p>
<!-- XXXURL use url, or address -->

<p>The three arguments passed to the function are all
<code>DOMString</code>s; the first must give the message that the UA is
considering reporting, the second must give the URI to the resource in
which the error occurred, and the third must give the line number in
that resource on which the error occurred.</p>
considering reporting, the second must give the <a
href="#absolute">absolute URL</a> of the resource in which the error
occurred, and the third must give the line number in that resource on
which the error occurred.</p>

<p>If the function returns false, then the error should not be reported
to the user. Otherwise, if the function returns another value (or does
Expand Down Expand Up @@ -31959,10 +31952,10 @@ JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t
href="#registerprotocolhandler">registerProtocolHandler()</a></code>
only)

<dd> <!-- XXXURL use url -->
<dd>
<p>A scheme, such as <code>ftp</code> or <code>fax</code>. The scheme
must be treated case-insensitively by user agents for the purposes of
comparing with the scheme part of URIs that they consider against the
comparing with the scheme part of URLs that they consider against the
list of registered handlers.</p>

<p>The <var title="">protocol</var> value, if it contains a colon (as in
Expand All @@ -31986,7 +31979,7 @@ JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t
method include characters such as commas or whitespace, or include MIME
parameters, then the handler being registered will never be used.</p>
</dd>
<!-- XXXURL use url -->
<!-- XXXURL XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \(URI\|IRI\|URL\) -->

<dt><var title="">uri</var>

Expand Down
53 changes: 22 additions & 31 deletions source
View file
Expand Up @@ -28436,62 +28436,55 @@ never reset. This is nice and consistent.)

<p class="big-issue">Define <dfn>security exception</dfn>.</p>

<!-- XXXURL XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \(URI\|IRI\|URL\) -->


<!-- SCRIPT EXEC -->
<h4 id="javascript-protocol"><dfn title="javascript protocol">The <code title="">javascript:</code> protocol</dfn></h4>

<!-- XXXURL merge into URLs section? (we could define 'fetch'/'download' while we're at it?) -->
<!-- XXXURL JSURL issue -->
<p>A URI using the <code title="">javascript:</code> protocol must,
<!-- XXX maybe this should be merged into the 'fetch' section -->

<p>A URL using the <code title="">javascript:</code> protocol must,
if and when dereferenced, be evaluated by executing the script
obtained using the content retrieval operation defined for <code
title="">javascript:</code> URIs. <a
href="#refsJSURI">[JSURI]</a></p>
title="">javascript:</code> URLs. <a
href="#refsJSURL">[JSURL]</a></p>

<!-- XXXURL JSURL issue -->
<!--
JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.txt and
JSURL: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.txt and
http://www.websitedev.de/ietf/draft-hoehrmann-javascript-scheme-00.txt should be as stable as it gets,
http://ietfreport.isoc.org/idref/draft-hoehrmann-javascript-scheme/ for the latest version
-->

<!-- XXXURL JSURL issue -->
<p>When a <span>browsing context</span> is <span
title="navigate">navigated</span> to a <code>javascript:</code> URI,
title="navigate">navigated</span> to a <code>javascript:</code> URL,
and the <span>active document</span> of that browsing context has
the <span>same origin</span> as the script given by that URI, the
the <span>same origin</span> as the script given by that URL, the
<span>script execution context</span> must be the
<code>Window</code> object of the <span>browsing context</span>
being navigated, and the <span>script document context</span> must
be that <span>active document</span>.</p>

<!-- XXXURL JSURL issue -->
<p>When a browsing context is <span
title="navigate">navigated</span> to a <code>javascript:</code> URI,
title="navigate">navigated</span> to a <code>javascript:</code> URL,
and the <span>active document</span> of that browsing context has an
<span>origin</span> that is <em>not</em> the <span title="same
origin">same</span> as that of the script given by the URI, the
origin">same</span> as that of the script given by the URL, the
<span>script execution context</span> must be an empty object, and
the <span>script browsing context</span> must be the <span>browsing
context</span> being <span title="navigate">navigated</span>.</p>

<!-- XXXURL JSURL issue -->
<p>Otherwise, the <span>script execution context</span> must be an
empty object, and the <span>script execution context</span>'s
associated <span>browsing context</span> must be the <span>browsing
context</span> of the <code>Document</code> object of the element,
attribute, or style sheet from which the <code>javascript:</code>
URI was reached.</p>
URL was reached.</p>

<!-- XXXURL JSURL issue -->
<p>If the result of executing the script is void (there is no return
value), then the URI must be treated in a manner equivalent to an
value), then the URL must be treated in a manner equivalent to an
HTTP resource with an HTTP 204 No Content response.</p>

<!-- XXXURL JSURL issue -->
<p>Otherwise, the URI must be treated in a manner equivalent to an
<p>Otherwise, the URL must be treated in a manner equivalent to an
HTTP resource with a 200 OK response whose <span
title="Content-Type">Content-Type metadata</span> is <code
title="">text/html</code> and whose response body is the return
Expand All @@ -28503,15 +28496,13 @@ JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t

<div class="example">

<!-- XXXURL JSURL issue -->
<p>So for example a <code title="">javascript:</code> URI for a
<p>So for example a <code title="">javascript:</code> URL for a
<code title="attr-img-src">src</code> attribute of an
<code>img</code> element would be evaluated in the context of an
empty object as soon as the attribute is set; it would then be
sniffed to determine the image type and decoded as an image.</p>

<!-- XXXURL JSURL issue -->
<p>A <code title="">javascript:</code> URI in an <code
<p>A <code title="">javascript:</code> URL in an <code
title="attr-a-href">href</code> attribute of an <code>a</code>
element would only be evaluated when the link was <span
title="following hyperlinks">followed</span>.</p>
Expand Down Expand Up @@ -29020,12 +29011,12 @@ JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t
title="handler-onerror">onerror</code> attribute must be invoked
with three arguments, before notifying the user of the error.</p>

<!-- XXXURL use url, or address -->
<p>The three arguments passed to the function are all
<code>DOMString</code>s; the first must give the message that the
UA is considering reporting, the second must give the URI to the
resource in which the error occurred, and the third must give the
line number in that resource on which the error occurred.</p>
UA is considering reporting, the second must give the
<span>absolute URL</span> of the resource in which the error
occurred, and the third must give the line number in that resource
on which the error occurred.</p>

<p>If the function returns false, then the error should not be
reported to the user. Otherwise, if the function returns another
Expand Down Expand Up @@ -29588,10 +29579,9 @@ JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t

<dd>

<!-- XXXURL use url -->
<p>A scheme, such as <code>ftp</code> or <code>fax</code>. The
scheme must be treated case-insensitively by user agents for the
purposes of comparing with the scheme part of URIs that they
purposes of comparing with the scheme part of URLs that they
consider against the list of registered handlers.</p>

<p>The <var title="">protocol</var> value, if it contains a colon
Expand Down Expand Up @@ -29619,7 +29609,8 @@ JSURI: http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.t

</dd>

<!-- XXXURL use url -->
<!-- XXXURL XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \(URI\|IRI\|URL\) -->

<dt><var title="">uri</var></dt>

<dd>
Expand Down

0 comments on commit 8fa83d9

Please sign in to comment.