W3C home > Mailing lists > Public > public-html-diffs@w3.org > October 2011

hixie: xrefs for DOM Parsing (whatwg r6708)

From: poot <cvsmail@w3.org>
Date: Wed, 19 Oct 2011 19:15:39 -0400
To: public-html-diffs@w3.org
Message-Id: <E1RGfMJ-0007Jm-K5@jay.w3.org>
hixie: xrefs for DOM Parsing (whatwg r6708)


RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.5378
retrieving revision 1.5379
diff -u -d -r1.5378 -r1.5379
--- Overview.html	19 Oct 2011 23:09:26 -0000	1.5378
+++ Overview.html	19 Oct 2011 23:15:25 -0000	1.5379
@@ -3195,16 +3195,22 @@
      <li><dfn id="event-click" title="event-click"><code>click</code></dfn> event</li>
     </ul><p>In addition, user agents must implement the features defined in
-    the DOM Range, DOM Parsing and Serialization, HTML Editing APIs,
-    and UndoManager and DOM Transaction specifications that apply to
-    their conformance class.
+    the DOM Range, DOM Parsing and Serialization specification, HTML
+    Editing APIs, and UndoManager and DOM Transaction specifications
+    that apply to their conformance class.
     <a href="#refsDOMRANGE">[DOMRANGE]</a>
     <a href="#refsDOMPARSING">[DOMPARSING]</a>
     <a href="#refsEDITING">[EDITING]</a>
     <a href="#refsUNDO">[UNDO]</a>
-   </dd>
+    <p>The following features are defined in the DOM Parsing and
+    Serialization specification: <a href="#refsDOMPARSING">[DOMPARSING]</a></p>
+    <ul class="brief"><li><dfn id="dom-innerhtml" title="dom-innerHTML">innerHTML</dfn></li>
+     <li><dfn id="dom-outerhtml" title="dom-outerHTML">outerHTML</dfn></li>
+    </ul></dd>
    <dt>File API</dt>
@@ -13300,7 +13306,7 @@
   </div><p class="note">When inserted using the <code title="dom-document-write"><a href="#dom-document-write">document.write()</a></code> method,
   <code><a href="#the-script-element">script</a></code> elements execute (typically synchronously), but
-  when inserted using <code title="dom-innerHTML">innerHTML</code> and <code title="dom-outerHTML">outerHTML</code> attributes, they do not
+  when inserted using <code title="dom-innerHTML"><a href="#dom-innerhtml">innerHTML</a></code> and <code title="dom-outerHTML"><a href="#dom-outerhtml">outerHTML</a></code> attributes, they do not
   execute at all.<div class="example">
    <p>In this example, two <code><a href="#the-script-element">script</a></code> elements are used. One
@@ -13627,7 +13633,7 @@
        <a href="#text-node">text node</a> children of the <code><a href="#the-noscript-element">noscript</a></code>
-       <li>Set the <code title="dom-innerHTML">innerHTML</code>
+       <li>Set the <code title="dom-innerHTML"><a href="#dom-innerhtml">innerHTML</a></code>
        attribute of the <var title="">parent element</var> to the value
        of <var title="">s</var>. (This, as a side-effect, causes the
        <code><a href="#the-noscript-element">noscript</a></code> element to be removed from the
@@ -38931,7 +38937,7 @@
    outer form "a".</p>
    <p>This happens as follows: First, the "e" node gets associated
-   with "c" in the <a href="#html-parser">HTML parser</a>. Then, the <code title="dom-innerHTML">innerHTML</code> algorithm moves the nodes
+   with "c" in the <a href="#html-parser">HTML parser</a>. Then, the <code title="dom-innerHTML"><a href="#dom-innerhtml">innerHTML</a></code> algorithm moves the nodes
    from the temporary document to the "b" element. At this point, the
    nodes see their ancestor chain change, and thus all the "magic"
    associations done by the parser are reset to normal ancestor
@@ -63724,11 +63730,11 @@
    <p>This can enable cross-site scripting attacks. An example of this
    would be a page that lets the user enter some font names that are
    then inserted into a CSS <code><a href="#the-style-element">style</a></code> block via the DOM and
-   which then uses the <code title="dom-innerHTML">innerHTML</code>
+   which then uses the <code title="dom-innerHTML"><a href="#dom-innerhtml">innerHTML</a></code>
    IDL attribute to get the HTML serialization of that
    <code><a href="#the-style-element">style</a></code> element: if the user enters
    "<code>&lt;/style&gt;&lt;script&gt;attack&lt;/script&gt;</code>" as a font
-   name, <code title="dom-innerHTML">innerHTML</code> will return
+   name, <code title="dom-innerHTML"><a href="#dom-innerhtml">innerHTML</a></code> will return
    markup that, if parsed in a different context, would contain a
    <code><a href="#the-script-element">script</a></code> node, even though no <code><a href="#the-script-element">script</a></code> node
    existed in the original DOM.</p>
Received on Wednesday, 19 October 2011 23:15:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:09:20 UTC