- From: poot <cvsmail@w3.org>
- Date: Fri, 12 Mar 2010 08:33:57 +0900 (JST)
- To: public-html-diffs@w3.org
hixie: Explicitly fire 'error' on <img src=''> (blank src) (whatwg r4841) http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.3877&r2=1.3878&f=h http://html5.org/tools/web-apps-tracker?from=4840&to=4841 =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.3877 retrieving revision 1.3878 diff -u -d -r1.3877 -r1.3878 --- Overview.html 11 Mar 2010 04:47:12 -0000 1.3877 +++ Overview.html 11 Mar 2010 23:33:43 -0000 1.3878 @@ -9816,7 +9816,7 @@ same name. The IDL attribute <dfn id="dom-meta-httpequiv" title="dom-meta-httpEquiv"><code>httpEquiv</code></dfn> must <a href="#reflect">reflect</a> the content attribute <code title="attr-meta-http-equiv"><a href="#attr-meta-http-equiv">http-equiv</a></code>.</p> - </div><h5 id="standard-metadata-names"><span class="secno">4.2.5.1 </span>Standard metadata names</h5><p class="XXX annotation"><b>Status: </b><i>Last call for comments. </i><span><a href="http://www.w3.org/html/wg/tracker/issues/79">ISSUE-79</a> (meta-keywords) blocks progress to Last Call</span><p>This specification defines a few names for the <code title="attr-meta-name"><a href="#attr-meta-name">name</a></code> attribute of the + </div><h5 id="standard-metadata-names"><span class="secno">4.2.5.1 </span>Standard metadata names</h5><p class="XXX annotation"><b>Status: </b><i>Last call for comments</i><p>This specification defines a few names for the <code title="attr-meta-name"><a href="#attr-meta-name">name</a></code> attribute of the <code><a href="#meta">meta</a></code> element.<p>Names are case-insensitive<span class="impl">, and must be compared in an <a href="#ascii-case-insensitive">ASCII case-insensitive</a> manner</span>.<dl><dt><dfn id="meta-application-name" title="meta-application-name"><code>application-name</code></dfn></dt> @@ -15799,29 +15799,38 @@ <hr><p>Unless the user agent cannot support images, or its support for images has been disabled, or the user agent only fetches elements on - demand, or the element's <code title="attr-img-src"><a href="#attr-img-src">src</a></code> - attribute's value is the empty string, then, when an - <code><a href="#the-img-element">img</a></code> is created with a <code title="attr-img-src"><a href="#attr-img-src">src</a></code> attribute, and whenever the <code title="attr-img-src"><a href="#attr-img-src">src</a></code> attribute is set subsequently, the - user agent must <a href="#resolve-a-url" title="resolve a url">resolve</a> the value - of that attribute, relative to the element, and if that is - successful must then <a href="#fetch">fetch</a> that resource.</p> <!-- Note - how this does NOT happen when the base URL changes. --> <!-- - http-origin privacy sensitive --> + demand, then, when an <code><a href="#the-img-element">img</a></code> is created with a <code title="attr-img-src"><a href="#attr-img-src">src</a></code> attribute, and whenever the <code title="attr-img-src"><a href="#attr-img-src">src</a></code> attribute is set subsequently, the + user agent must run the following steps:</p> <!-- Note how this does + NOT happen when the base URL changes. --> - <!-- same text in <input type=image> section and similar text elsewhere --> - <p>Fetching the image must <a href="#delay-the-load-event">delay the load event</a> of the - element's document until the <a href="#concept-task" title="concept-task">task</a> - that is <a href="#queue-a-task" title="queue a task">queued</a> by the - <a href="#networking-task-source">networking task source</a> once the resource has been <a href="#fetch" title="fetch">fetched</a> (defined below) has been run.</p> + <ol><li><p>If the element's <code title="attr-img-src"><a href="#attr-img-src">src</a></code> + attribute's value is the empty string, then <a href="#queue-a-task">queue a + task</a> to <a href="#fire-a-simple-event">fire a simple event</a> named <code title="event-error">error</code> at the <code><a href="#the-img-element">img</a></code> element, + and abort these steps.</li> - <p class="warning">This, unfortunately, can be used to perform a - rudimentary port scan of the user's local network (especially in - conjunction with scripting, though scripting isn't actually - necessary to carry out such an attack). User agents may implement - <a href="#origin" title="origin">cross-origin</a> access control policies - that mitigate this attack.</p> + <li> - <p>If the image is in a supported image type and its dimensions are + <p>Otherwise, <a href="#resolve-a-url" title="resolve a url">resolve</a> the value + of that attribute, relative to the element, and if that is + successful must then <a href="#fetch">fetch</a> that resource.</p> <!-- + http-origin privacy sensitive --> + + <!-- same text in <input type=image> section and similar text + elsewhere --> <p>Fetching the image must <a href="#delay-the-load-event">delay the load + event</a> of the element's document until the <a href="#concept-task" title="concept-task">task</a> that is <a href="#queue-a-task" title="queue a + task">queued</a> by the <a href="#networking-task-source">networking task source</a> + once the resource has been <a href="#fetch" title="fetch">fetched</a> (<a href="#img-load">defined below</a>) has been run.</p> + + <p class="warning">This, unfortunately, can be used to perform a + rudimentary port scan of the user's local network (especially in + conjunction with scripting, though scripting isn't actually + necessary to carry out such an attack). User agents may implement + <a href="#origin" title="origin">cross-origin</a> access control policies + that mitigate this attack.</p> + + </li> + + </ol><p>If the image is in a supported image type and its dimensions are known, then the image is said to be <dfn id="img-available" title="img-available"><i>available</i></dfn> (this affects exactly what the element represents, as defined below). This can be true even before the image is completely downloaded, if the user agent @@ -15834,9 +15843,8 @@ <p>If the image was not fetched (e.g. because the UA's image support is disabled, or because the <code title="attr-img-src"><a href="#attr-img-src">src</a></code> - attribute's value is an <i>ignored self-reference</i>), or if the - conditions in the previous paragraph are not met, then the image is - <em>not</em> <i title="img-available"><a href="#img-available">available</a></i>.</p> + attribute's value is the empty string, or if the conditions in the + previous paragraph are not met, then the image is <em>not</em> <i title="img-available"><a href="#img-available">available</a></i>.</p> <p class="note">An image might be <i title="img-available"><a href="#img-available">available</a></i> in one <a href="#view">view</a> but not another. For instance, a <code><a href="#document">Document</a></code> could be rendered by @@ -15873,8 +15881,9 @@ <p>This specification does not specify which image types are to be supported.</p> - <p>The <a href="#concept-task" title="concept-task">task</a> that is <a href="#queue-a-task" title="queue a task">queued</a> by the <a href="#networking-task-source">networking task - source</a> once the resource has been <a href="#fetch" title="fetch">fetched</a>, must act as appropriate given the + <p id="img-load">The <a href="#concept-task" title="concept-task">task</a> that is + <a href="#queue-a-task" title="queue a task">queued</a> by the <a href="#networking-task-source">networking + task source</a> once the resource has been <a href="#fetch" title="fetch">fetched</a>, must act as appropriate given the following alternatives:</p> <dl class="switch"><dt>If the download was successful and the image is <i title="img-available"><a href="#img-available">available</a></i></dt>
Received on Thursday, 11 March 2010 23:34:26 UTC