- From: Michael Smith via cvs-syncmail <cvsmail@w3.org>
- Date: Mon, 05 Oct 2009 03:27:05 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec-author-view
In directory hutz:/tmp/cvs-serv17583
Modified Files:
Overview.html acknowledgements.html browsers.html comms.html
dom.html editing.html embedded-content-0.html forms.html
history.html iana-considerations.html index.html
infrastructure.html interactive-elements.html
introduction.html microdata.html
named-character-references.html obsolete.html offline.html
references.html semantics.html spec.html syntax.html
tabular-data.html text-level-semantics.html
the-canvas-element.html the-xhtml-syntax.html video.html
Log Message:
Disallow ` in unquoted attribute values. (whatwg r4076)
[updated by splitter]
Index: infrastructure.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/infrastructure.html,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -d -r1.300 -r1.301
--- infrastructure.html 5 Oct 2009 02:27:03 -0000 1.300
+++ infrastructure.html 5 Oct 2009 03:27:02 -0000 1.301
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="introduction.html">← 1 Introduction</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: text-level-semantics.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/text-level-semantics.html,v
retrieving revision 1.298
retrieving revision 1.299
diff -u -d -r1.298 -r1.299
--- text-level-semantics.html 5 Oct 2009 02:27:03 -0000 1.298
+++ text-level-semantics.html 5 Oct 2009 03:27:03 -0000 1.299
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="semantics.html">← 4 The elements of HTML</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: history.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/history.html,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -d -r1.300 -r1.301
--- history.html 5 Oct 2009 02:27:02 -0000 1.300
+++ history.html 5 Oct 2009 03:27:02 -0000 1.301
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="offline.html">← 6.7 Offline Web applications</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: tabular-data.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/tabular-data.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- tabular-data.html 5 Oct 2009 02:27:03 -0000 1.299
+++ tabular-data.html 5 Oct 2009 03:27:03 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="the-canvas-element.html">← 4.8.11 The canvas element</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: microdata.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/microdata.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- microdata.html 5 Oct 2009 02:27:03 -0000 1.299
+++ microdata.html 5 Oct 2009 03:27:03 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="interactive-elements.html">← 4.11 Interactive elements</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/Overview.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- Overview.html 5 Oct 2009 02:27:02 -0000 1.299
+++ Overview.html 5 Oct 2009 03:27:02 -0000 1.300
@@ -240,7 +240,7 @@
</dl><p>This specification is available in the following formats:
<a href="spec.html">single page HTML</a>,
<a href="Overview.html">multipage HTML</a>.
-This is revision 1.3237.
+This is revision 1.3238.
</p>
<p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
© 2009 <a href="http://www.w3.org/"><abbr title="World Wide
Index: embedded-content-0.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/embedded-content-0.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- embedded-content-0.html 5 Oct 2009 02:27:02 -0000 1.299
+++ embedded-content-0.html 5 Oct 2009 03:27:02 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="dom.html">← 3 Semantics, structure, and APIs of HTML documents</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: dom.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/dom.html,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -d -r1.300 -r1.301
--- dom.html 5 Oct 2009 02:27:02 -0000 1.300
+++ dom.html 5 Oct 2009 03:27:02 -0000 1.301
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="infrastructure.html">← 2 Common infrastructure</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: acknowledgements.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/acknowledgements.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- acknowledgements.html 5 Oct 2009 02:27:02 -0000 1.299
+++ acknowledgements.html 5 Oct 2009 03:27:02 -0000 1.300
@@ -217,7 +217,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="references.html">← References</a> –
<a href="Overview.html#contents">Table of contents</a>
Index: the-canvas-element.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/the-canvas-element.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- the-canvas-element.html 5 Oct 2009 02:27:03 -0000 1.299
+++ the-canvas-element.html 5 Oct 2009 03:27:03 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="video.html">← 4.8.7 The video element</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: iana-considerations.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/iana-considerations.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- iana-considerations.html 5 Oct 2009 02:27:03 -0000 1.299
+++ iana-considerations.html 5 Oct 2009 03:27:02 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="obsolete.html">← 11 Obsolete features</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: forms.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/forms.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- forms.html 5 Oct 2009 02:27:02 -0000 1.299
+++ forms.html 5 Oct 2009 03:27:02 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="tabular-data.html">← 4.9 Tabular data</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: interactive-elements.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/interactive-elements.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- interactive-elements.html 5 Oct 2009 02:27:03 -0000 1.299
+++ interactive-elements.html 5 Oct 2009 03:27:02 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="forms.html">← 4.10 Forms</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: editing.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/editing.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- editing.html 5 Oct 2009 02:27:02 -0000 1.299
+++ editing.html 5 Oct 2009 03:27:02 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="history.html">← 6.8 Session history and navigation</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: video.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/video.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- video.html 5 Oct 2009 02:27:03 -0000 1.299
+++ video.html 5 Oct 2009 03:27:03 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="text-level-semantics.html">← 4.6 Text-level semantics</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: browsers.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/browsers.html,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -d -r1.300 -r1.301
--- browsers.html 5 Oct 2009 02:27:02 -0000 1.300
+++ browsers.html 5 Oct 2009 03:27:02 -0000 1.301
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="microdata.html">← 5 Microdata</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: the-xhtml-syntax.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/the-xhtml-syntax.html,v
retrieving revision 1.298
retrieving revision 1.299
diff -u -d -r1.298 -r1.299
--- the-xhtml-syntax.html 5 Oct 2009 02:27:03 -0000 1.298
+++ the-xhtml-syntax.html 5 Oct 2009 03:27:03 -0000 1.299
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="named-character-references.html">← 9.2 Named character references</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: offline.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/offline.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- offline.html 5 Oct 2009 02:27:03 -0000 1.299
+++ offline.html 5 Oct 2009 03:27:03 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="browsers.html">← 6 Web browsers</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: syntax.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/syntax.html,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -d -r1.300 -r1.301
--- syntax.html 5 Oct 2009 02:27:03 -0000 1.300
+++ syntax.html 5 Oct 2009 03:27:03 -0000 1.301
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="comms.html">← 8 Communication</a> –
<a href="Overview.html#contents">Table of contents</a> –
@@ -490,9 +490,39 @@
characters</a>, any U+0022 QUOTATION MARK (<code>"</code>)
characters, U+0027 APOSTROPHE (<code>'</code>) characters,
U+003D EQUALS SIGN (<code>=</code>) characters, U+003C LESS-THAN
- SIGN (<code><</code>) characters, or U+003E GREATER-THAN SIGN
- (<code>></code>) characters, and must not be the empty
- string.</p>
+ SIGN (<code><</code>) characters, U+003E GREATER-THAN SIGN
+ (<code>></code>) characters, or U+0060 GRAVE ACCENT (`)
+ characters, and must not be the empty string.</p>
+
+ <!-- The ` character is in this list on a temporary basis, waiting
+ for IE to fix it's parsing bug whereby it treats ` as an
+ attribute value delimiter. Otherwise, escaping software that
+ tries to be clever and not use quotes when it doesn't need to
+ could be tricked by an attacker.
+
+ Posit a site that allows the user to input text that is used
+ verbatim in two attributes, such that the user can set the
+ first attribute's value to:
+
+ `
+
+ ...and the second to:
+
+ ` onload='...payload...' end=x
+
+ ...with the assumption that the site is going to not quote
+ the first one, and quote the second one with double quotes:
+
+ <body title=` class="` onload='...payload...' end=x">
+
+ In IE, this is treated as:
+
+ <body title=' class="'
+ onload='...payload...'
+ end='x"'>
+
+ -->
+
<div class="example">
Index: obsolete.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/obsolete.html,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -d -r1.300 -r1.301
--- obsolete.html 5 Oct 2009 02:27:03 -0000 1.300
+++ obsolete.html 5 Oct 2009 03:27:03 -0000 1.301
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="the-xhtml-syntax.html">← 10 The XHTML syntax</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: named-character-references.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/named-character-references.html,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -d -r1.300 -r1.301
--- named-character-references.html 5 Oct 2009 02:27:03 -0000 1.300
+++ named-character-references.html 5 Oct 2009 03:27:03 -0000 1.301
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="syntax.html">← 9 The HTML syntax</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: references.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/references.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- references.html 5 Oct 2009 02:27:03 -0000 1.299
+++ references.html 5 Oct 2009 03:27:03 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="index.html">← Index</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: semantics.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/semantics.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- semantics.html 5 Oct 2009 02:27:03 -0000 1.299
+++ semantics.html 5 Oct 2009 03:27:03 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="embedded-content-0.html">← 3.2.5.1.6 Embedded content</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: index.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/index.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- index.html 5 Oct 2009 02:27:03 -0000 1.299
+++ index.html 5 Oct 2009 03:27:02 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="iana-considerations.html">← IANA considerations</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: comms.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/comms.html,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -d -r1.299 -r1.300
--- comms.html 5 Oct 2009 02:27:02 -0000 1.299
+++ comms.html 5 Oct 2009 03:27:02 -0000 1.300
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="editing.html">← 7 User Interaction</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: spec.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/spec.html,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -d -r1.300 -r1.301
--- spec.html 5 Oct 2009 02:27:03 -0000 1.300
+++ spec.html 5 Oct 2009 03:27:03 -0000 1.301
@@ -238,7 +238,7 @@
</dl><p>This specification is available in the following formats:
<a href=spec.html>single page HTML</a>,
<a href=Overview.html>multipage HTML</a>.
-This is revision 1.3237.
+This is revision 1.3238.
</p>
<p class=copyright><a href=http://www.w3.org/Consortium/Legal/ipr-notice#Copyright>Copyright</a>
© 2009 <a href=http://www.w3.org/><abbr title="World Wide
@@ -25579,9 +25579,39 @@
characters</a>, any U+0022 QUOTATION MARK (<code>"</code>)
characters, U+0027 APOSTROPHE (<code>'</code>) characters,
U+003D EQUALS SIGN (<code>=</code>) characters, U+003C LESS-THAN
- SIGN (<code><</code>) characters, or U+003E GREATER-THAN SIGN
- (<code>></code>) characters, and must not be the empty
- string.</p>
+ SIGN (<code><</code>) characters, U+003E GREATER-THAN SIGN
+ (<code>></code>) characters, or U+0060 GRAVE ACCENT (`)
+ characters, and must not be the empty string.</p>
+
+ <!-- The ` character is in this list on a temporary basis, waiting
+ for IE to fix it's parsing bug whereby it treats ` as an
+ attribute value delimiter. Otherwise, escaping software that
+ tries to be clever and not use quotes when it doesn't need to
+ could be tricked by an attacker.
+
+ Posit a site that allows the user to input text that is used
+ verbatim in two attributes, such that the user can set the
+ first attribute's value to:
+
+ `
+
+ ...and the second to:
+
+ ` onload='...payload...' end=x
+
+ ...with the assumption that the site is going to not quote
+ the first one, and quote the second one with double quotes:
+
+ <body title=` class="` onload='...payload...' end=x">
+
+ In IE, this is treated as:
+
+ <body title=' class="'
+ onload='...payload...'
+ end='x"'>
+
+ -->
+
<div class=example>
Index: introduction.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/introduction.html,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -d -r1.300 -r1.301
--- introduction.html 5 Oct 2009 02:27:03 -0000 1.300
+++ introduction.html 5 Oct 2009 03:27:03 -0000 1.301
@@ -217,7 +217,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3237.</p>
+<p>This is revision 1.3238.</p>
</div><div>
<a href="Overview.html#contents">Table of contents</a> –
<a href="infrastructure.html">2 Common infrastructure →</a>
Received on Monday, 5 October 2009 03:27:11 UTC