hixie: Revamp how <object> type handling works, as the previous model was getting impenetrable and didn't match _any_ browsers. This one should more or less match Gecko and avoids known security problems with the previous model. Please let me know if you're a browser vendor and cannot implement this for whatever reason. (whatwg r4985)

hixie: Revamp how <object> type handling works, as the previous model
was getting impenetrable and didn't match _any_ browsers. This one
should more or less match Gecko and avoids known security problems with
the previous model. Please let me know if you're a browser vendor and
cannot implement this for whatever reason. (whatwg r4985)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.4003&r2=1.4004&f=h
http://html5.org/tools/web-apps-tracker?from=4984&to=4985

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4003
retrieving revision 1.4004
diff -u -d -r1.4003 -r1.4004
--- Overview.html 7 Apr 2010 05:10:32 -0000 1.4003
+++ Overview.html 8 Apr 2010 04:33:46 -0000 1.4004
@@ -285,7 +285,7 @@
    <h1>HTML5</h1>
    <h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
 
-   <h2 class="no-num no-toc" id="editor-s-draft-7-april-2010">Editor's Draft 7 April 2010</h2>
+   <h2 class="no-num no-toc" id="editor-s-draft-8-april-2010">Editor's Draft 8 April 2010</h2>
    <dl><dt>Latest Published Version:</dt>
     <dd><a href="http://www.w3.org/TR/html5/">http://www.w3.org/TR/html5/</a></dd>
     <dt>Latest Editor's Draft:</dt>
@@ -392,7 +392,7 @@
   specification's progress along the W3C Recommendation
   track.
 
-  This specification is the 7 April 2010 Editor's Draft.
+  This specification is the 8 April 2010 Editor's Draft.
   </p><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- relationship to other work (required) --><p>The contents of this specification are also part of <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/">a
   specification</a> published by the <a href="http://www.whatwg.org/">WHATWG</a>, which is available under a
   license that permits reuse of the specification text.</p><!-- UNDER NO CIRCUMSTANCES IS THE FOLLOWING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- required patent boilerplate --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5
@@ -2293,7 +2293,11 @@
   rendering of a <code><a href="#document">Document</a></code> object, but that neither acts
   as a <a href="#child-browsing-context">child browsing context</a> of the
   <code><a href="#document">Document</a></code> nor introduces any <code><a href="#node">Node</a></code> objects
-  to the <code><a href="#document">Document</a></code>'s DOM.<p>Typically such content handlers are provided by third parties,
+  to the <code><a href="#document">Document</a></code>'s DOM.<p>A user agent must not consider the types <code>text/plain</code>
+  and <code>application/octet-stream</code> as having a registered
+  <a href="#plugin">plugin</a>.</p><!-- because of the way <object> handles
+  those types, if nothing else (it also doesn't make any sense to have
+  a plugin registered for those types, of course) --><p>Typically such content handlers are provided by third parties,
   though a user agent can designate content handlers to be
   plugins.<p class="example">One example of a plugin would be a PDF viewer
   that is instantiated in a <a href="#browsing-context">browsing context</a> when the
@@ -18048,7 +18052,7 @@
      context</a> to the resulting <a href="#absolute-url">absolute
      URL</a>.</li>
 
-    </ol><p><i>Empty:</i> When the steps above require the user agent to
+    </ol><p><i>Empty</i>: When the steps above require the user agent to
     jump to the <i title="">empty</i> step, if the user agent is
     processing this <code><a href="#the-iframe-element">iframe</a></code>'s attributes for the first
     time, then the user agent must <a href="#queue-a-task">queue a task</a> to
@@ -19100,17 +19104,65 @@
      <code title="event-error">error</code> at the element, then jump
      to the last step in the overall set of steps (fallback).</li>
 
-     <li><p>Determine the <var title="">resource type</var>, as follows:</p>
+     <li id="object-type-detection">
 
-      <ol><li>
+      <p>Determine the <var title="">resource type</var>, as follows:</p>
 
-        <p>Let the <var title="">resource type</var> be unknown.</p>
+<!-- Hopefully this step is exactly equivalent to the following:
 
-       </li>
+ START
+   |
+   V
+ Is there a Content-Type and is the UA going to obey it blindly?
+   |                   |
+   | YES               | NO
+   |                   V                                                          YES
+   |                 Is there a type="" attribute whose value is a plugin type? ============================================-.
+   |                   |                                                                                                     |
+   |                   | NO                                                                                                  |
+   |                   V                        NO                                       YES                                 V
+   |                 Is there a Content type? ========-> Is there a type="" attribute? ====================================>-+
+   |                   |                                                           |                                         |
+   |                   | YES                                                       | NO                                      |
+   V            NO     V                                                           |                                         |
+   +-<============== Is it text/plain or application/octet-stream?                 `============> Sniff ==-.                 |
+   |                   |                                     |                                             |                 |
+   |                   | text/plain                          | octet-stream                                V                 |
+   |                   V                              YES    V                                    Is the sniffed-type        |
+   |                 Does the page sniff as binary? ======> Is there a type="" attribute?       application/octet-stream?    |
+   |                   |                                     |              |                      |                |        |
+   |                   | NO                                  | YES          | NO                   | YES            | NO     |
+   |                   |                                     |              V                      V                |        |
+   |                   |                                     |             Extension that is plugin type?           |        |
+   |                   |                                     |                          |          |                |        |
+   |                   |                                     |                          | NO       | YES            |        |
+   |                   |                                     V                          |          |                |        |
+   |                   |                           Type attribute is XML or     YES     V          |                |        |
+   |                   |                           doesn't start with image/* ======> FALLBACK     |                |        |
+   |                   |                           and is not a plugin type?                       |                |        |
+   |                   |                                          |                                |                |        |
+   |                   |                                          | NO                             |                V        V
+   V                   V                                          V                                V               Use      Use
+  Use                 Use                                        Use it (will be                  Use              sniffed  type=""
+  Content-Type        text/plain                                 bitmap or plugin)                extension        type     attribute
+   |                   |                                          |                                |                |        |
+   |                   V                                          V                                V                V        |
+   `================->-+========================================>-+==============>-+-<============-+-<==============+-<======'
+                                                                                   |
+                                                                                   V
+                                                                  Continue following rules in the spec, which might
+                                                                  result in a plugin, a browsing context, an image,
+                                                                  or using fallback, depending on the UA and the type.
 
-       <li>
 
-        <p>Let the <var title="">sniffed</var> flag be false.</p>
+   "Extension that is plugin type?" means "Is there an extension that matches one that a plugin supports?".
+   Plugins are not allowed to register text/plain or application/octet-stream.
+
+-->
+
+      <ol><li>
+
+        <p>Let the <var title="">resource type</var> be unknown.</p>
 
        </li>
 
@@ -19123,7 +19175,8 @@
         <a href="#content-type" title="Content-Type">associated Content-Type
         metadata</a>, then let the <var title="">resource
         type</var> be the type specified in <a href="#content-type" title="Content-Type">the resource's Content-Type
-        metadata</a>, and abort these substeps.</p>
+        metadata</a>, and jump to the step below labeled
+        <i>handler</i>.</p>
 
        </li>
 
@@ -19135,43 +19188,116 @@
         but it <em>is</em> a type that a <a href="#plugin">plugin</a> supports,
         then let the <var title="">resource type</var> be the type
         specified in that <code title="attr-object-type"><a href="#attr-object-type">type</a></code>
-        attribute.</p>
+        attribute, and jump to the step below labeled
+        <i>handler</i>.</p>
 
        </li>
 
        <li>
 
-        <p>Otherwise, if the <var title="">resource type</var> is
-        unknown, and the resource has <a href="#content-type" title="Content-Type">associated Content-Type metadata</a>,
-        then let the <var title="">resource type</var> be the type
-        specified in <a href="#content-type" title="Content-Type">the resource's
-        Content-Type metadata</a>.</p>
+        <p>Run the approprate set of steps from the following
+        list:</p>
 
-        <p>If this results in the <var title="">resource type</var>
-        being "<code title="">text/plain</code>", then let the <var title="">resource type</var> be the result of applying the
-        <a href="#content-type-sniffing:-text-or-binary" title="Content-Type sniffing: text or binary">rules for
-        distingushing if a resource is text or binary</a> to the
-        resource instead, and then set the <var title="">sniffed</var>
-        flag to true.</p>
+        <dl class="switch"><dt>The resource has <a href="#content-type" title="Content-Type">associated
+         Content-Type metadata</a></dt>
 
-       </li>
+         <dd>
 
-       <li>
+          <ol><li>
 
-        <p>If the <var title="">resource type</var> is unknown or
-        "<code title="">application/octet-stream</code>" at this point
-        and there is a <code title="attr-object-type"><a href="#attr-object-type">type</a></code>
-        attribute present on the <code><a href="#the-object-element">object</a></code> element, then
-        change the <var title="">resource type</var> to instead be the
-        type specified in that <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute.</p>
+            <p>Let <var title="">binary</var> be false.</p>
 
-        <p>Otherwise, if the <var title="">resource type</var> is
-        "<code title="">application/octet-stream</code>" but there is
-        no <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute on the
-        <code><a href="#the-object-element">object</a></code> element, then change the <var title="">resource type</var> to be unknown, so that the
-        sniffing rules in the following steps are invoked.</p>
+           </li>
 
-       </li>
+           <li>
+
+            <p>If the type specified in <a href="#content-type" title="Content-Type">the
+            resource's Content-Type metadata</a> is
+            "<code>text/plain</code>", and the result of applying the
+            <a href="#content-type-sniffing:-text-or-binary" title="Content-Type sniffing: text or binary">rules
+            for distingushing if a resource is text or binary</a>
+            to the resource is that the resource is not
+            <code>text/plain</code>, then set <var title="">binary</var> to true.</p>
+
+           </li>
+
+           <li>
+
+            <p>If the type specified in <a href="#content-type" title="Content-Type">the
+            resource's Content-Type metadata</a> is
+            "<code>application/octet-stream</code>", then set <var title="">binary</var> to true.</p>
+
+           </li>
+
+           <li>
+
+            <p>If <var title="">binary</var> is false, then let the
+            <var title="">resource type</var> be the type specified in
+            <a href="#content-type" title="Content-Type">the resource's Content-Type
+            metadata</a>, and jump to the step below labeled
+            <i>handler</i>.</p>
+
+           </li>
+
+           <li>
+
+            <p>If there is a <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute present on
+            the <code><a href="#the-object-element">object</a></code> element, then run the
+            following steps:</p>
+
+            <ol><li>
+
+              <p>If the attribute's value is a type that a <a href="#plugin">plugin</a> supports, or
+              the attribute's value is a type that starts with "<code>image/</code>" that is not also an <a href="#xml-mime-type">XML MIME type</a>,
+              then let the <var title="">resource type</var> be the type specified in that <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute.</p>
+
+             </li>
+
+             <li>
+
+              <p>Jump to the step below labeled <i>handler</i>.</p>
+
+             </li>
+
+            </ol></li>
+
+          </ol></dd>
+
+         <dt>The resource does not have <a href="#content-type" title="Content-Type">associated Content-Type
+         metadata</a></dt>
+
+         <dd>
+
+          <ol><li>
+
+            <p>If there is a <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute present on
+            the <code><a href="#the-object-element">object</a></code> element, then let the <var title="">resource type</var> be the type specified in that
+            <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute, and
+            jump to the step below labeled <i>handler</i>.</p>
+
+           </li>
+
+           <li>
+
+            <!-- no content-type and no attribute -->
+
+            <p>Let <var title="">sniffed type</var> be the <a href="#content-type-sniffing-0" title="content-type sniffing">sniffed type of the
+            resource</a>.</p>
+
+           </li>
+
+           <li>
+
+            <p>If <var title="">sniffed type</var> is <em>not</em>
+            <code>application/octet-stream</code>, then let <var title="">resource type</var> be <var title="">sniffed
+            type</var> and jump to the step below labeled
+            <i>handler</i>.</p>
+
+           </li>
+
+          </ol></dd>
+
+        </dl></li>
 
        <li>
 
@@ -19179,40 +19305,29 @@
         parsed the URL, since this algorithm is only used after
         fetching the resource in the steps above -->
 
-        <p>If the <var title="">resource type</var> is still unknown
-        at this point, but the <a href="#url-path" title="url-path">&lt;path&gt;</a> component of the
-        <a href="#url">URL</a> of the specified resource (after any
+        <p>If the <a href="#url-path" title="url-path">&lt;path&gt;</a> component
+        of the <a href="#url">URL</a> of the specified resource (after any
         redirects) matches a pattern that a <a href="#plugin">plugin</a>
         supports, then let <var title="">resource type</var> be the
         type that that plugin can handle.</p>
 
         <p class="example">For example, a plugin might say that it can
-        handle resources with <a href="#url-path" title="url-path">&lt;path&gt;</a>
-        components that end with the four character string "<code title="">.swf</code>".</p>
+        handle resources with <a href="#url-path" title="url-path">&lt;path&gt;</a> components that end with
+        the four character string "<code title="">.swf</code>".</p>
 
         <!-- it's sad that we have to do extension sniffing. sigh. -->
         <!-- see also <embed> which has a similar step -->
 
        </li>
 
-       <li>
-
-        <p>If the <var title="">resource type</var> is still unknown,
-        and the <var title="">sniffed</var> flag is false, then change
-        the <var title="">resource type</var> to instead be the <a href="#content-type-sniffing-0" title="content-type sniffing">sniffed type of the
-        resource</a>.</p>
-
-        <p>Otherwise, if the <var title="">resource type</var> is
-        still unknown, and the <var title="">sniffed</var> flag is
-        <em>true</em>, then change the <var title="">resource
-        type</var> back to <code title="">text/plain</code>.</p>
-
-       </li>
+      </ol><p class="note">It is possible for this step to finish with <var title="">resource type</var> still being unknown, or for one of
+      the substeps above to jump straight to the next step. In both
+      cases, the next step will trigger fallback.</p>
 
-      </ol></li>
+     </li>
 
-     <li><p>Handle the content as given by the first of the following
-     cases that matches:</p>
+     <li><p><i>Handler</i>: Handle the content as given by the first
+     of the following cases that matches:</p>
 
       <dl class="switch"><dt>If the <var title="">resource type</var> is not a type that
        the user agent supports, but it <em>is</em> a type that a
@@ -19309,6 +19424,9 @@
         supported. Jump to the last step in the overall set of steps
         (fallback).</p>
 
+        <p class="note">If the previous step ended with the <var title="">resource type</var> being unknown, this is the case
+        that is triggered.</p>
+
        </dd>
 
       </dl></li>
@@ -52505,7 +52623,7 @@
      <li><p>Advance <var title="">position</var> past the 0x3D (ASCII
      =) byte.</li>
 
-     <li><p><i>Value:</i> If the byte at <var title="">position</var> is one of 0x09 (ASCII TAB), 0x0A (ASCII
+     <li><p><i>Value</i>: If the byte at <var title="">position</var> is one of 0x09 (ASCII TAB), 0x0A (ASCII
      LF), 0x0C (ASCII FF), 0x0D (ASCII CR), or 0x20 (ASCII space) then
      advance <var title="">position</var> to the next byte, then,
      repeat this step.</li>

Received on Thursday, 8 April 2010 04:34:36 UTC