- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 27 Jun 2008 00:21:41 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv30630
Modified Files:
Overview.html
Log Message:
URLify the registerContentHandler() section. This also modified the rules for handling relative URLs and for escaping content here, it wasn't just s/URI/URL/ as other commits have been. (whatwg r1811)
Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.999
retrieving revision 1.1000
diff -u -d -r1.999 -r1.1000
--- Overview.html 26 Jun 2008 23:49:38 -0000 1.999
+++ Overview.html 27 Jun 2008 00:21:38 -0000 1.1000
@@ -59,7 +59,7 @@
for HTML and XHTML</h2>
<h2 class="no-num no-toc" id=editors0><!-- "W3C Working Draft" -->
- Editor's Draft <!--ZZZ-->26 June 2008</h2>
+ Editor's Draft <!--ZZZ-->27 June 2008</h2>
<dl><!-- ZZZ: update the month/day
<dt>This Version:</dt>
@@ -207,7 +207,7 @@
<p>The W3C <a href="http://www.w3.org/html/wg/">HTML Working Group</a> is
the W3C working group responsible for this specification's progress along
- the W3C Recommendation track. <!--ZZZ:--> This specification is the 26
+ the W3C Recommendation track. <!--ZZZ:--> This specification is the 27
June 2008 <!--ZZZ "Working Draft"-->Editor's Draft. <!--:ZZZ--></p>
<!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST -->
<!-- relationship to other work (required) -->
@@ -32082,46 +32082,47 @@
parameters. Thus, if <var title="">mimeType</var> values passed to this
method include characters such as commas or whitespace, or include MIME
parameters, then the handler being registered will never be used.</p>
- </dd>
- <!-- XXXURL XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \(URI\|IRI\|URL\) -->
<dt><var title="">url</var>
- <dd> <!-- XXXURL use url, algorithms -->
- <p>The URI of the page that will handle the requests. When the user agent
- uses this URI, it must replace the first occurrence of the exact literal
- string "<code>%s</code>" with an escaped version of the URI of the
- content in question (as defined below), and then fetch the resulting URI
- using the GET method (or equivalent for non-HTTP URIs).</p>
- <!-- XXXURL use url, algorithms -->
- <p>To get the escaped version of the URI, first, the domain part of the
- URI (if any) must be converted to its punycode representation, and then,
- every character in the URI that is not in the ranges given in the next
- paragraph must be replaced by its UTF-8 byte representation, each byte
- being represented by a U+0025 (%) character and two digits in the range
- U+0030 (0) to U+0039 (9) and U+0041 (A) to U+0046 (F) giving the
- hexadecimal representation of the byte.</p>
+ <dd>
+ <p>The <a href="#url">URL</a> of the page that will handle the requests.
+ When the user agent uses this URL, it must replace the first occurrence
+ of the exact literal string "<code>%s</code>" with an escaped version of
+ the URL of the content in question (as defined below), then <a
+ href="#resolve" title="resolve a url">resolve</a> the resulting URL
+ (using the <a href="#document0">document base URL</a> of the <a
+ href="#script4">script document context</a> of the script that
+ originally invoked the <code
+ title=dom-navigator-registerContentHandler><a
+ href="#registercontenthandler">registerContentHandler()</a></code> or
+ <code title=dom-navigator-registerProtocolHandler><a
+ href="#registerprotocolhandler">registerProtocolHandler()</a></code>
+ method), and then fetch the resulting URL using the GET method (or
+ equivalent for non-HTTP URLs).</p>
+
+ <p>To get the escaped version of the URL of the content in question, the
+ user agent must <a href="#resolve" title="resolve a URL">resolve</a> the
+ URL, and then every character in the URL that doesn't match the
+ <query> production defined in RFC 3986 must be replaced by the
+ percent-encoded form of the character.</p>
- <p>The ranges of characters that must not be escaped are: U+002D (-),
- U+002E (.), U+0030 (0) to U+0039 (9), U+0041 (A) to U+005A (Z), U+005F
- (_), U+0061 (a) to U+007A (z), and U+007E (~).</p>
- <!-- XXXURL move that to a common algorithms section if any other
- part of the spec needs it -->
-
<div class=example>
- <p>If the user had visited a site that made the following call:</p>
+ <p>If the user had visited a site at <code
+ title="">http://example.com/</code> that made the following call:</p>
- <pre>navigator.registerContentHandler('application/x-soup', 'http://example.com/soup?url=%s', 'SoupWeb™')</pre>
+ <pre>navigator.registerContentHandler('application/x-soup', 'soup?url=%s', 'SoupWeb™')</pre>
- <p>...and then clicked on a link such as:</p>
+ <p>...and then, much later, while visiting <code
+ title="">http://www.example.net/</code>, clicked on a link such as:</p>
+
+ <pre><a href="chickenkïwi.soup">Download our Chicken Kiwi soup!</a></pre>
- <pre><a href="http://www.example.net/chickenkïwi.soup">Download our Chicken Kiwi soup!</a></pre>
- <!-- XXXURL use url -->
<p>...then, assuming this <code>chickenkïwi.soup</code> file was
served with the MIME type <code>application/x-soup</code>, the UA might
- navigate to the following URI:</p>
+ navigate to the following URL:</p>
- <pre>http://example.com/soup?url=http%3A%2F%2Fwww.example.net%2Fchickenk%C3%AFwi.soup</pre>
+ <pre>http://example.com/soup?url=http://www.example.net/chickenk%C3%AFwi.soup</pre>
<p>This site could then fetch the <code>chickenkïwi.soup</code>
file and do whatever it is that it does with soup (synthesize it and
@@ -32134,13 +32135,12 @@
<p>A descriptive title of the handler, which the UA might use to remind
the user what the site in question is.</p>
</dl>
- <!-- XXXURL use url -->
<p>User agents should raise <a href="#security9" title="security
exception">security exceptions</a> if the methods are called with <var
title="">protocol</var> or <var title="">mimeType</var> values that the UA
deems to be "privileged". For example, a site attempting to register a
- handler for <code>http</code> URIs or <code>text/html</code> content in a
+ handler for <code>http</code> URLs or <code>text/html</code> content in a
Web browser would likely cause an exception to be raised.
<p>User agents must raise a <code>SYNTAX_ERR</code> exception if the <var
@@ -32201,11 +32201,10 @@
against typical attacks against strings embedded in their interface, for
example ensuring that markup or escape characters in such strings are not
executed, that null bytes are properly handled, that over-long strings do
- not cause crashes or buffer overruns, and so forth.</p>
- <!-- XXXURL use url -->
+ not cause crashes or buffer overruns, and so forth.
- <p><strong>Leaking Intranet URIs.</strong> The mechanism described in this
- section can result in secret Intranet URIs being leaked, in the following
+ <p><strong>Leaking Intranet URLs.</strong> The mechanism described in this
+ section can result in secret Intranet URLs being leaked, in the following
manner:
<ol>
@@ -32218,28 +32217,25 @@
<li>The user agent contacts the third party and hands the third party the
URI to the Intranet content.
</ol>
- <!-- XXXURL use url -->
- <p>No actual confidential file data is leaked in this manner, but the URIs
- themselves could contain confidential information. For example, the URI
+ <p>No actual confidential file data is leaked in this manner, but the URLs
+ themselves could contain confidential information. For example, the URL
could be
- <code>https://www.corp.example.com/upcoming-aquisitions/samples.egf</code>,
+ <code>http://www.corp.example.com/upcoming-aquisitions/the-sample-company.egf</code>,
which might tell the third party that Example Corporation is intending to
- merge with Samples LLC. Implementors might wish to consider allowing
- administrators to disable this feature for certain subdomains, content
- types, or protocols.</p>
- <!-- XXXURL use url -->
+ merge with The Sample Company. Implementors might wish to consider
+ allowing administrators to disable this feature for certain subdomains,
+ content types, or protocols.
- <p><strong>Leaking secure URIs.</strong> User agents should not send HTTPS
- URIs to third-party sites registered as content handlers, in the same way
+ <p><strong>Leaking secure URLs.</strong> User agents should not send HTTPS
+ URLs to third-party sites registered as content handlers, in the same way
that user agents do not send <code>Referer</code> headers from secure
- sites to third-party sites.</p>
- <!-- XXXURL use url -->
+ sites to third-party sites.
<p><strong>Leaking credentials.</strong> User agents must never send
- username or password information in the URIs that are escaped and included
+ username or password information in the URLs that are escaped and included
sent to the handler sites. User agents may even avoid attempting to pass
- to Web-based handlers the URIs of resources that are known to require
+ to Web-based handlers the URLs of resources that are known to require
authentication to access, as such sites would be unable to access the
resources in question without prompting the user for credentials
themselves (a practice that would require the user to know whether to
@@ -32276,10 +32272,9 @@
| |
| ( Trust kittens.example.org ) (( Cancel )) |
|____________________________________________________________|</pre>
- <!-- XXXURL use url -->
<p>...where "Kittens at work" is the title of the page that invoked the
- method, "http://kittens.example.org/" is the URI of that page, "x-meow" is
+ method, "http://kittens.example.org/" is the URL of that page, "x-meow" is
the string that was passed to the <code
title=dom-navigator-registerProtocolHandler><a
href="#registerprotocolhandler">registerProtocolHandler()</a></code>
@@ -32289,12 +32284,10 @@
argument (<var title="">title</var>).
<p>If the user clicks the Cancel button, then nothing further happens. If
- the user clicks the "Trust" button, then the handler is remembered.</p>
- <!-- XXXURL use url -->
+ the user clicks the "Trust" button, then the handler is remembered.
- <p>When the user then attempts to fetch a URI that uses the "x-meow:"
- scheme, then it might display a dialog as follows:</p>
- <!-- XXXURL use url? -->
+ <p>When the user then attempts to fetch a URL that uses the "x-meow:"
+ scheme, then it might display a dialog as follows:
<pre>||[ Unknown Protocol ]||||||||||||||||||||||||||||||||||||||||
| |
@@ -32307,10 +32300,10 @@
| (o) Contact the FerretBrowser plugin registry to see if |
| there is an official way to handle this resource. |
| |
-| ( ) Pass this URI to a local application: |
+| ( ) Pass this URL to a local application: |
| [ /no application selected/ ] ( Choose ) |
| |
-| ( ) Pass this URI to the "Kittens-at-work displayer" |
+| ( ) Pass this URL to the "Kittens-at-work displayer" |
| application at "kittens.example.org". |
| |
| [ ] Always do this for resources using the "x-meow" |
@@ -32330,7 +32323,8 @@
<p>The <code title=dom-navigator-registerContentHandler><a
href="#registercontenthandler">registerContentHandler()</a></code> method
would work equivalently, but for unknown MIME types instead of unknown
- protocols.
+ protocols.</p>
+ <!-- XXXURL XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \(URI\|IRI\|URL\) -->
<h3 id=offline><span class=secno>5.7 </span>Offline Web applications</h3>
Received on Friday, 27 June 2008 00:22:16 UTC