W3C home > Mailing lists > Public > public-html-diffs@w3.org > March 2010

hixie: Explicitly fire 'error' on <img src=''> (blank src) (whatwg r4841)

From: poot <cvsmail@w3.org>
Date: Fri, 12 Mar 2010 08:33:57 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20100311233357.C724C2BC65@toro.w3.mag.keio.ac.jp>
hixie: Explicitly fire 'error' on <img src=''> (blank src) (whatwg
r4841)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.3877&r2=1.3878&f=h
http://html5.org/tools/web-apps-tracker?from=4840&to=4841

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3877
retrieving revision 1.3878
diff -u -d -r1.3877 -r1.3878
--- Overview.html	11 Mar 2010 04:47:12 -0000	1.3877
+++ Overview.html	11 Mar 2010 23:33:43 -0000	1.3878
@@ -9816,7 +9816,7 @@
   same name. The IDL attribute <dfn id="dom-meta-httpequiv" title="dom-meta-httpEquiv"><code>httpEquiv</code></dfn> must
   <a href="#reflect">reflect</a> the content attribute <code title="attr-meta-http-equiv"><a href="#attr-meta-http-equiv">http-equiv</a></code>.</p>
 
-  </div><h5 id="standard-metadata-names"><span class="secno">4.2.5.1 </span>Standard metadata names</h5><p class="XXX annotation"><b>Status: </b><i>Last call for comments. </i><span><a href="http://www.w3.org/html/wg/tracker/issues/79">ISSUE-79</a> (meta-keywords) blocks progress to Last Call</span><p>This specification defines a few names for the <code title="attr-meta-name"><a href="#attr-meta-name">name</a></code> attribute of the
+  </div><h5 id="standard-metadata-names"><span class="secno">4.2.5.1 </span>Standard metadata names</h5><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p>This specification defines a few names for the <code title="attr-meta-name"><a href="#attr-meta-name">name</a></code> attribute of the
   <code><a href="#meta">meta</a></code> element.<p>Names are case-insensitive<span class="impl">, and must be compared
   in an <a href="#ascii-case-insensitive">ASCII case-insensitive</a> manner</span>.<dl><dt><dfn id="meta-application-name" title="meta-application-name"><code>application-name</code></dfn></dt>
 
@@ -15799,29 +15799,38 @@
 
   <hr><p>Unless the user agent cannot support images, or its support for
   images has been disabled, or the user agent only fetches elements on
-  demand, or the element's <code title="attr-img-src"><a href="#attr-img-src">src</a></code>
-  attribute's value is the empty string, then, when an
-  <code><a href="#the-img-element">img</a></code> is created with a <code title="attr-img-src"><a href="#attr-img-src">src</a></code> attribute, and whenever the <code title="attr-img-src"><a href="#attr-img-src">src</a></code> attribute is set subsequently, the
-  user agent must <a href="#resolve-a-url" title="resolve a url">resolve</a> the value
-  of that attribute, relative to the element, and if that is
-  successful must then <a href="#fetch">fetch</a> that resource.</p> <!-- Note
-  how this does NOT happen when the base URL changes. --> <!--
-  http-origin privacy sensitive -->
+  demand, then, when an <code><a href="#the-img-element">img</a></code> is created with a <code title="attr-img-src"><a href="#attr-img-src">src</a></code> attribute, and whenever the <code title="attr-img-src"><a href="#attr-img-src">src</a></code> attribute is set subsequently, the
+  user agent must run the following steps:</p> <!-- Note how this does
+  NOT happen when the base URL changes. -->
 
-  <!-- same text in <input type=image> section and similar text elsewhere -->
-  <p>Fetching the image must <a href="#delay-the-load-event">delay the load event</a> of the
-  element's document until the <a href="#concept-task" title="concept-task">task</a>
-  that is <a href="#queue-a-task" title="queue a task">queued</a> by the
-  <a href="#networking-task-source">networking task source</a> once the resource has been <a href="#fetch" title="fetch">fetched</a> (defined below) has been run.</p>
+  <ol><li><p>If the element's <code title="attr-img-src"><a href="#attr-img-src">src</a></code>
+   attribute's value is the empty string, then <a href="#queue-a-task">queue a
+   task</a> to <a href="#fire-a-simple-event">fire a simple event</a> named <code title="event-error">error</code> at the <code><a href="#the-img-element">img</a></code> element,
+   and abort these steps.</li>
 
-  <p class="warning">This, unfortunately, can be used to perform a
-  rudimentary port scan of the user's local network (especially in
-  conjunction with scripting, though scripting isn't actually
-  necessary to carry out such an attack). User agents may implement
-  <a href="#origin" title="origin">cross-origin</a> access control policies
-  that mitigate this attack.</p>
+   <li>
 
-  <p>If the image is in a supported image type and its dimensions are
+    <p>Otherwise, <a href="#resolve-a-url" title="resolve a url">resolve</a> the value
+    of that attribute, relative to the element, and if that is
+    successful must then <a href="#fetch">fetch</a> that resource.</p> <!--
+    http-origin privacy sensitive -->
+
+    <!-- same text in <input type=image> section and similar text
+    elsewhere --> <p>Fetching the image must <a href="#delay-the-load-event">delay the load
+    event</a> of the element's document until the <a href="#concept-task" title="concept-task">task</a> that is <a href="#queue-a-task" title="queue a
+    task">queued</a> by the <a href="#networking-task-source">networking task source</a>
+    once the resource has been <a href="#fetch" title="fetch">fetched</a> (<a href="#img-load">defined below</a>) has been run.</p>
+
+    <p class="warning">This, unfortunately, can be used to perform a
+    rudimentary port scan of the user's local network (especially in
+    conjunction with scripting, though scripting isn't actually
+    necessary to carry out such an attack). User agents may implement
+    <a href="#origin" title="origin">cross-origin</a> access control policies
+    that mitigate this attack.</p>
+
+   </li>
+
+  </ol><p>If the image is in a supported image type and its dimensions are
   known, then the image is said to be <dfn id="img-available" title="img-available"><i>available</i></dfn> (this affects exactly
   what the element represents, as defined below). This can be true
   even before the image is completely downloaded, if the user agent
@@ -15834,9 +15843,8 @@
 
   <p>If the image was not fetched (e.g. because the UA's image support
   is disabled, or because the <code title="attr-img-src"><a href="#attr-img-src">src</a></code>
-  attribute's value is an <i>ignored self-reference</i>), or if the
-  conditions in the previous paragraph are not met, then the image is
-  <em>not</em> <i title="img-available"><a href="#img-available">available</a></i>.</p>
+  attribute's value is the empty string, or if the conditions in the
+  previous paragraph are not met, then the image is <em>not</em> <i title="img-available"><a href="#img-available">available</a></i>.</p>
 
   <p class="note">An image might be <i title="img-available"><a href="#img-available">available</a></i> in one <a href="#view">view</a> but not
   another. For instance, a <code><a href="#document">Document</a></code> could be rendered by
@@ -15873,8 +15881,9 @@
   <p>This specification does not specify which image types are to be
   supported.</p>
 
-  <p>The <a href="#concept-task" title="concept-task">task</a> that is <a href="#queue-a-task" title="queue a task">queued</a> by the <a href="#networking-task-source">networking task
-  source</a> once the resource has been <a href="#fetch" title="fetch">fetched</a>, must act as appropriate given the
+  <p id="img-load">The <a href="#concept-task" title="concept-task">task</a> that is
+  <a href="#queue-a-task" title="queue a task">queued</a> by the <a href="#networking-task-source">networking
+  task source</a> once the resource has been <a href="#fetch" title="fetch">fetched</a>, must act as appropriate given the
   following alternatives:</p>
 
   <dl class="switch"><dt>If the download was successful and the image is <i title="img-available"><a href="#img-available">available</a></i></dt>
Received on Thursday, 11 March 2010 23:34:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 18 December 2010 06:14:18 GMT