- From: poot <cvsmail@w3.org>
- Date: Thu, 8 Apr 2010 13:34:07 +0900 (JST)
- To: public-html-diffs@w3.org
hixie: Revamp how <object> type handling works, as the previous model
was getting impenetrable and didn't match _any_ browsers. This one
should more or less match Gecko and avoids known security problems with
the previous model. Please let me know if you're a browser vendor and
cannot implement this for whatever reason. (whatwg r4985)
http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.4003&r2=1.4004&f=h
http://html5.org/tools/web-apps-tracker?from=4984&to=4985
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4003
retrieving revision 1.4004
diff -u -d -r1.4003 -r1.4004
--- Overview.html 7 Apr 2010 05:10:32 -0000 1.4003
+++ Overview.html 8 Apr 2010 04:33:46 -0000 1.4004
@@ -285,7 +285,7 @@
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
- <h2 class="no-num no-toc" id="editor-s-draft-7-april-2010">Editor's Draft 7 April 2010</h2>
+ <h2 class="no-num no-toc" id="editor-s-draft-8-april-2010">Editor's Draft 8 April 2010</h2>
<dl><dt>Latest Published Version:</dt>
<dd><a href="http://www.w3.org/TR/html5/">http://www.w3.org/TR/html5/</a></dd>
<dt>Latest Editor's Draft:</dt>
@@ -392,7 +392,7 @@
specification's progress along the W3C Recommendation
track.
- This specification is the 7 April 2010 Editor's Draft.
+ This specification is the 8 April 2010 Editor's Draft.
</p><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- relationship to other work (required) --><p>The contents of this specification are also part of <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/">a
specification</a> published by the <a href="http://www.whatwg.org/">WHATWG</a>, which is available under a
license that permits reuse of the specification text.</p><!-- UNDER NO CIRCUMSTANCES IS THE FOLLOWING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- required patent boilerplate --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5
@@ -2293,7 +2293,11 @@
rendering of a <code><a href="#document">Document</a></code> object, but that neither acts
as a <a href="#child-browsing-context">child browsing context</a> of the
<code><a href="#document">Document</a></code> nor introduces any <code><a href="#node">Node</a></code> objects
- to the <code><a href="#document">Document</a></code>'s DOM.<p>Typically such content handlers are provided by third parties,
+ to the <code><a href="#document">Document</a></code>'s DOM.<p>A user agent must not consider the types <code>text/plain</code>
+ and <code>application/octet-stream</code> as having a registered
+ <a href="#plugin">plugin</a>.</p><!-- because of the way <object> handles
+ those types, if nothing else (it also doesn't make any sense to have
+ a plugin registered for those types, of course) --><p>Typically such content handlers are provided by third parties,
though a user agent can designate content handlers to be
plugins.<p class="example">One example of a plugin would be a PDF viewer
that is instantiated in a <a href="#browsing-context">browsing context</a> when the
@@ -18048,7 +18052,7 @@
context</a> to the resulting <a href="#absolute-url">absolute
URL</a>.</li>
- </ol><p><i>Empty:</i> When the steps above require the user agent to
+ </ol><p><i>Empty</i>: When the steps above require the user agent to
jump to the <i title="">empty</i> step, if the user agent is
processing this <code><a href="#the-iframe-element">iframe</a></code>'s attributes for the first
time, then the user agent must <a href="#queue-a-task">queue a task</a> to
@@ -19100,17 +19104,65 @@
<code title="event-error">error</code> at the element, then jump
to the last step in the overall set of steps (fallback).</li>
- <li><p>Determine the <var title="">resource type</var>, as follows:</p>
+ <li id="object-type-detection">
- <ol><li>
+ <p>Determine the <var title="">resource type</var>, as follows:</p>
- <p>Let the <var title="">resource type</var> be unknown.</p>
+<!-- Hopefully this step is exactly equivalent to the following:
- </li>
+ START
+ |
+ V
+ Is there a Content-Type and is the UA going to obey it blindly?
+ | |
+ | YES | NO
+ | V YES
+ | Is there a type="" attribute whose value is a plugin type? ============================================-.
+ | | |
+ | | NO |
+ | V NO YES V
+ | Is there a Content type? ========-> Is there a type="" attribute? ====================================>-+
+ | | | |
+ | | YES | NO |
+ V NO V | |
+ +-<============== Is it text/plain or application/octet-stream? `============> Sniff ==-. |
+ | | | | |
+ | | text/plain | octet-stream V |
+ | V YES V Is the sniffed-type |
+ | Does the page sniff as binary? ======> Is there a type="" attribute? application/octet-stream? |
+ | | | | | | |
+ | | NO | YES | NO | YES | NO |
+ | | | V V | |
+ | | | Extension that is plugin type? | |
+ | | | | | | |
+ | | | | NO | YES | |
+ | | V | | | |
+ | | Type attribute is XML or YES V | | |
+ | | doesn't start with image/* ======> FALLBACK | | |
+ | | and is not a plugin type? | | |
+ | | | | | |
+ | | | NO | V V
+ V V V V Use Use
+ Use Use Use it (will be Use sniffed type=""
+ Content-Type text/plain bitmap or plugin) extension type attribute
+ | | | | | |
+ | V V V V |
+ `================->-+========================================>-+==============>-+-<============-+-<==============+-<======'
+ |
+ V
+ Continue following rules in the spec, which might
+ result in a plugin, a browsing context, an image,
+ or using fallback, depending on the UA and the type.
- <li>
- <p>Let the <var title="">sniffed</var> flag be false.</p>
+ "Extension that is plugin type?" means "Is there an extension that matches one that a plugin supports?".
+ Plugins are not allowed to register text/plain or application/octet-stream.
+
+-->
+
+ <ol><li>
+
+ <p>Let the <var title="">resource type</var> be unknown.</p>
</li>
@@ -19123,7 +19175,8 @@
<a href="#content-type" title="Content-Type">associated Content-Type
metadata</a>, then let the <var title="">resource
type</var> be the type specified in <a href="#content-type" title="Content-Type">the resource's Content-Type
- metadata</a>, and abort these substeps.</p>
+ metadata</a>, and jump to the step below labeled
+ <i>handler</i>.</p>
</li>
@@ -19135,43 +19188,116 @@
but it <em>is</em> a type that a <a href="#plugin">plugin</a> supports,
then let the <var title="">resource type</var> be the type
specified in that <code title="attr-object-type"><a href="#attr-object-type">type</a></code>
- attribute.</p>
+ attribute, and jump to the step below labeled
+ <i>handler</i>.</p>
</li>
<li>
- <p>Otherwise, if the <var title="">resource type</var> is
- unknown, and the resource has <a href="#content-type" title="Content-Type">associated Content-Type metadata</a>,
- then let the <var title="">resource type</var> be the type
- specified in <a href="#content-type" title="Content-Type">the resource's
- Content-Type metadata</a>.</p>
+ <p>Run the approprate set of steps from the following
+ list:</p>
- <p>If this results in the <var title="">resource type</var>
- being "<code title="">text/plain</code>", then let the <var title="">resource type</var> be the result of applying the
- <a href="#content-type-sniffing:-text-or-binary" title="Content-Type sniffing: text or binary">rules for
- distingushing if a resource is text or binary</a> to the
- resource instead, and then set the <var title="">sniffed</var>
- flag to true.</p>
+ <dl class="switch"><dt>The resource has <a href="#content-type" title="Content-Type">associated
+ Content-Type metadata</a></dt>
- </li>
+ <dd>
- <li>
+ <ol><li>
- <p>If the <var title="">resource type</var> is unknown or
- "<code title="">application/octet-stream</code>" at this point
- and there is a <code title="attr-object-type"><a href="#attr-object-type">type</a></code>
- attribute present on the <code><a href="#the-object-element">object</a></code> element, then
- change the <var title="">resource type</var> to instead be the
- type specified in that <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute.</p>
+ <p>Let <var title="">binary</var> be false.</p>
- <p>Otherwise, if the <var title="">resource type</var> is
- "<code title="">application/octet-stream</code>" but there is
- no <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute on the
- <code><a href="#the-object-element">object</a></code> element, then change the <var title="">resource type</var> to be unknown, so that the
- sniffing rules in the following steps are invoked.</p>
+ </li>
- </li>
+ <li>
+
+ <p>If the type specified in <a href="#content-type" title="Content-Type">the
+ resource's Content-Type metadata</a> is
+ "<code>text/plain</code>", and the result of applying the
+ <a href="#content-type-sniffing:-text-or-binary" title="Content-Type sniffing: text or binary">rules
+ for distingushing if a resource is text or binary</a>
+ to the resource is that the resource is not
+ <code>text/plain</code>, then set <var title="">binary</var> to true.</p>
+
+ </li>
+
+ <li>
+
+ <p>If the type specified in <a href="#content-type" title="Content-Type">the
+ resource's Content-Type metadata</a> is
+ "<code>application/octet-stream</code>", then set <var title="">binary</var> to true.</p>
+
+ </li>
+
+ <li>
+
+ <p>If <var title="">binary</var> is false, then let the
+ <var title="">resource type</var> be the type specified in
+ <a href="#content-type" title="Content-Type">the resource's Content-Type
+ metadata</a>, and jump to the step below labeled
+ <i>handler</i>.</p>
+
+ </li>
+
+ <li>
+
+ <p>If there is a <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute present on
+ the <code><a href="#the-object-element">object</a></code> element, then run the
+ following steps:</p>
+
+ <ol><li>
+
+ <p>If the attribute's value is a type that a <a href="#plugin">plugin</a> supports, or
+ the attribute's value is a type that starts with "<code>image/</code>" that is not also an <a href="#xml-mime-type">XML MIME type</a>,
+ then let the <var title="">resource type</var> be the type specified in that <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute.</p>
+
+ </li>
+
+ <li>
+
+ <p>Jump to the step below labeled <i>handler</i>.</p>
+
+ </li>
+
+ </ol></li>
+
+ </ol></dd>
+
+ <dt>The resource does not have <a href="#content-type" title="Content-Type">associated Content-Type
+ metadata</a></dt>
+
+ <dd>
+
+ <ol><li>
+
+ <p>If there is a <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute present on
+ the <code><a href="#the-object-element">object</a></code> element, then let the <var title="">resource type</var> be the type specified in that
+ <code title="attr-object-type"><a href="#attr-object-type">type</a></code> attribute, and
+ jump to the step below labeled <i>handler</i>.</p>
+
+ </li>
+
+ <li>
+
+ <!-- no content-type and no attribute -->
+
+ <p>Let <var title="">sniffed type</var> be the <a href="#content-type-sniffing-0" title="content-type sniffing">sniffed type of the
+ resource</a>.</p>
+
+ </li>
+
+ <li>
+
+ <p>If <var title="">sniffed type</var> is <em>not</em>
+ <code>application/octet-stream</code>, then let <var title="">resource type</var> be <var title="">sniffed
+ type</var> and jump to the step below labeled
+ <i>handler</i>.</p>
+
+ </li>
+
+ </ol></dd>
+
+ </dl></li>
<li>
@@ -19179,40 +19305,29 @@
parsed the URL, since this algorithm is only used after
fetching the resource in the steps above -->
- <p>If the <var title="">resource type</var> is still unknown
- at this point, but the <a href="#url-path" title="url-path"><path></a> component of the
- <a href="#url">URL</a> of the specified resource (after any
+ <p>If the <a href="#url-path" title="url-path"><path></a> component
+ of the <a href="#url">URL</a> of the specified resource (after any
redirects) matches a pattern that a <a href="#plugin">plugin</a>
supports, then let <var title="">resource type</var> be the
type that that plugin can handle.</p>
<p class="example">For example, a plugin might say that it can
- handle resources with <a href="#url-path" title="url-path"><path></a>
- components that end with the four character string "<code title="">.swf</code>".</p>
+ handle resources with <a href="#url-path" title="url-path"><path></a> components that end with
+ the four character string "<code title="">.swf</code>".</p>
<!-- it's sad that we have to do extension sniffing. sigh. -->
<!-- see also <embed> which has a similar step -->
</li>
- <li>
-
- <p>If the <var title="">resource type</var> is still unknown,
- and the <var title="">sniffed</var> flag is false, then change
- the <var title="">resource type</var> to instead be the <a href="#content-type-sniffing-0" title="content-type sniffing">sniffed type of the
- resource</a>.</p>
-
- <p>Otherwise, if the <var title="">resource type</var> is
- still unknown, and the <var title="">sniffed</var> flag is
- <em>true</em>, then change the <var title="">resource
- type</var> back to <code title="">text/plain</code>.</p>
-
- </li>
+ </ol><p class="note">It is possible for this step to finish with <var title="">resource type</var> still being unknown, or for one of
+ the substeps above to jump straight to the next step. In both
+ cases, the next step will trigger fallback.</p>
- </ol></li>
+ </li>
- <li><p>Handle the content as given by the first of the following
- cases that matches:</p>
+ <li><p><i>Handler</i>: Handle the content as given by the first
+ of the following cases that matches:</p>
<dl class="switch"><dt>If the <var title="">resource type</var> is not a type that
the user agent supports, but it <em>is</em> a type that a
@@ -19309,6 +19424,9 @@
supported. Jump to the last step in the overall set of steps
(fallback).</p>
+ <p class="note">If the previous step ended with the <var title="">resource type</var> being unknown, this is the case
+ that is triggered.</p>
+
</dd>
</dl></li>
@@ -52505,7 +52623,7 @@
<li><p>Advance <var title="">position</var> past the 0x3D (ASCII
=) byte.</li>
- <li><p><i>Value:</i> If the byte at <var title="">position</var> is one of 0x09 (ASCII TAB), 0x0A (ASCII
+ <li><p><i>Value</i>: If the byte at <var title="">position</var> is one of 0x09 (ASCII TAB), 0x0A (ASCII
LF), 0x0C (ASCII FF), 0x0D (ASCII CR), or 0x20 (ASCII space) then
advance <var title="">position</var> to the next byte, then,
repeat this step.</li>
Received on Thursday, 8 April 2010 04:34:36 UTC