Skip to content
Permalink
Browse files
[giow] (2) Explicitly fire 'error' on <img src=''> (blank src)
git-svn-id: http://svn.whatwg.org/webapps@4841 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Mar 11, 2010
1 parent 4025647 commit 431d993c675ed4e0b85ed9fbe9f9ab4c17649202
Showing 3 changed files with 111 additions and 78 deletions.
@@ -18534,29 +18534,38 @@ <h4 id=the-img-element><span class=secno>4.8.1 </span>The <dfn><code>img</code><

<hr><p>Unless the user agent cannot support images, or its support for
images has been disabled, or the user agent only fetches elements on
demand, or the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
attribute's value is the empty string, then, when an
<code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
user agent must <a href=#resolve-a-url title="resolve a url">resolve</a> the value
of that attribute, relative to the element, and if that is
successful must then <a href=#fetch>fetch</a> that resource.</p> <!-- Note
how this does NOT happen when the base URL changes. --> <!--
http-origin privacy sensitive -->

<!-- same text in <input type=image> section and similar text elsewhere -->
<p>Fetching the image must <a href=#delay-the-load-event>delay the load event</a> of the
element's document until the <a href=#concept-task title=concept-task>task</a>
that is <a href=#queue-a-task title="queue a task">queued</a> by the
<a href=#networking-task-source>networking task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a> (defined below) has been run.</p>
demand, then, when an <code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
user agent must run the following steps:</p> <!-- Note how this does
NOT happen when the base URL changes. -->

<p class=warning>This, unfortunately, can be used to perform a
rudimentary port scan of the user's local network (especially in
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<a href=#origin title=origin>cross-origin</a> access control policies
that mitigate this attack.</p>
<ol><li><p>If the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
attribute's value is the empty string, then <a href=#queue-a-task>queue a
task</a> to <a href=#fire-a-simple-event>fire a simple event</a> named <code title=event-error>error</code> at the <code><a href=#the-img-element>img</a></code> element,
and abort these steps.</li>

<p>If the image is in a supported image type and its dimensions are
<li>

<p>Otherwise, <a href=#resolve-a-url title="resolve a url">resolve</a> the value
of that attribute, relative to the element, and if that is
successful must then <a href=#fetch>fetch</a> that resource.</p> <!--
http-origin privacy sensitive -->

<!-- same text in <input type=image> section and similar text
elsewhere --> <p>Fetching the image must <a href=#delay-the-load-event>delay the load
event</a> of the element's document until the <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a
task">queued</a> by the <a href=#networking-task-source>networking task source</a>
once the resource has been <a href=#fetch title=fetch>fetched</a> (<a href=#img-load>defined below</a>) has been run.</p>

<p class=warning>This, unfortunately, can be used to perform a
rudimentary port scan of the user's local network (especially in
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<a href=#origin title=origin>cross-origin</a> access control policies
that mitigate this attack.</p>

</li>

</ol><p>If the image is in a supported image type and its dimensions are
known, then the image is said to be <dfn id=img-available title=img-available><i>available</i></dfn> (this affects exactly
what the element represents, as defined below). This can be true
even before the image is completely downloaded, if the user agent
@@ -18569,9 +18578,8 @@ <h4 id=the-img-element><span class=secno>4.8.1 </span>The <dfn><code>img</code><

<p>If the image was not fetched (e.g. because the UA's image support
is disabled, or because the <code title=attr-img-src><a href=#attr-img-src>src</a></code>
attribute's value is an <i>ignored self-reference</i>), or if the
conditions in the previous paragraph are not met, then the image is
<em>not</em> <i title=img-available><a href=#img-available>available</a></i>.</p>
attribute's value is the empty string, or if the conditions in the
previous paragraph are not met, then the image is <em>not</em> <i title=img-available><a href=#img-available>available</a></i>.</p>

<p class=note>An image might be <i title=img-available><a href=#img-available>available</a></i> in one <a href=#view>view</a> but not
another. For instance, a <code><a href=#document>Document</a></code> could be rendered by
@@ -18608,8 +18616,9 @@ <h4 id=the-img-element><span class=secno>4.8.1 </span>The <dfn><code>img</code><
<p>This specification does not specify which image types are to be
supported.</p>

<p>The <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking task
source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
<p id=img-load>The <a href=#concept-task title=concept-task>task</a> that is
<a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking
task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
following alternatives:</p>

<dl class=switch><dt>If the download was successful and the image is <i title=img-available><a href=#img-available>available</a></i></dt>
61 index
@@ -18433,29 +18433,38 @@ interface <dfn id=htmlimageelement>HTMLImageElement</dfn> : <a href=#htmlelement

<hr><p>Unless the user agent cannot support images, or its support for
images has been disabled, or the user agent only fetches elements on
demand, or the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
attribute's value is the empty string, then, when an
<code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
user agent must <a href=#resolve-a-url title="resolve a url">resolve</a> the value
of that attribute, relative to the element, and if that is
successful must then <a href=#fetch>fetch</a> that resource.</p> <!-- Note
how this does NOT happen when the base URL changes. --> <!--
http-origin privacy sensitive -->

<!-- same text in <input type=image> section and similar text elsewhere -->
<p>Fetching the image must <a href=#delay-the-load-event>delay the load event</a> of the
element's document until the <a href=#concept-task title=concept-task>task</a>
that is <a href=#queue-a-task title="queue a task">queued</a> by the
<a href=#networking-task-source>networking task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a> (defined below) has been run.</p>
demand, then, when an <code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
user agent must run the following steps:</p> <!-- Note how this does
NOT happen when the base URL changes. -->

<ol><li><p>If the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
attribute's value is the empty string, then <a href=#queue-a-task>queue a
task</a> to <a href=#fire-a-simple-event>fire a simple event</a> named <code title=event-error>error</code> at the <code><a href=#the-img-element>img</a></code> element,
and abort these steps.</li>

<li>

<p>Otherwise, <a href=#resolve-a-url title="resolve a url">resolve</a> the value
of that attribute, relative to the element, and if that is
successful must then <a href=#fetch>fetch</a> that resource.</p> <!--
http-origin privacy sensitive -->

<!-- same text in <input type=image> section and similar text
elsewhere --> <p>Fetching the image must <a href=#delay-the-load-event>delay the load
event</a> of the element's document until the <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a
task">queued</a> by the <a href=#networking-task-source>networking task source</a>
once the resource has been <a href=#fetch title=fetch>fetched</a> (<a href=#img-load>defined below</a>) has been run.</p>

<p class=warning>This, unfortunately, can be used to perform a
rudimentary port scan of the user's local network (especially in
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<a href=#origin title=origin>cross-origin</a> access control policies
that mitigate this attack.</p>
<p class=warning>This, unfortunately, can be used to perform a
rudimentary port scan of the user's local network (especially in
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<a href=#origin title=origin>cross-origin</a> access control policies
that mitigate this attack.</p>

<p>If the image is in a supported image type and its dimensions are
</li>

</ol><p>If the image is in a supported image type and its dimensions are
known, then the image is said to be <dfn id=img-available title=img-available><i>available</i></dfn> (this affects exactly
what the element represents, as defined below). This can be true
even before the image is completely downloaded, if the user agent
@@ -18468,9 +18477,8 @@ interface <dfn id=htmlimageelement>HTMLImageElement</dfn> : <a href=#htmlelement

<p>If the image was not fetched (e.g. because the UA's image support
is disabled, or because the <code title=attr-img-src><a href=#attr-img-src>src</a></code>
attribute's value is an <i>ignored self-reference</i>), or if the
conditions in the previous paragraph are not met, then the image is
<em>not</em> <i title=img-available><a href=#img-available>available</a></i>.</p>
attribute's value is the empty string, or if the conditions in the
previous paragraph are not met, then the image is <em>not</em> <i title=img-available><a href=#img-available>available</a></i>.</p>

<p class=note>An image might be <i title=img-available><a href=#img-available>available</a></i> in one <a href=#view>view</a> but not
another. For instance, a <code><a href=#document>Document</a></code> could be rendered by
@@ -18507,8 +18515,9 @@ interface <dfn id=htmlimageelement>HTMLImageElement</dfn> : <a href=#htmlelement
<p>This specification does not specify which image types are to be
supported.</p>

<p>The <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking task
source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
<p id=img-load>The <a href=#concept-task title=concept-task>task</a> that is
<a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking
task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
following alternatives:</p>

<dl class=switch><dt>If the download was successful and the image is <i title=img-available><a href=#img-available>available</a></i></dt>
67 source
@@ -19657,30 +19657,45 @@ interface <dfn>HTMLImageElement</dfn> : <span>HTMLElement</span> {

<p>Unless the user agent cannot support images, or its support for
images has been disabled, or the user agent only fetches elements on
demand, or the element's <code title="attr-img-src">src</code>
attribute's value is the empty string, then, when an
<code>img</code> is created with a <code
demand, then, when an <code>img</code> is created with a <code
title="attr-img-src">src</code> attribute, and whenever the <code
title="attr-img-src">src</code> attribute is set subsequently, the
user agent must <span title="resolve a url">resolve</span> the value
of that attribute, relative to the element, and if that is
successful must then <span>fetch</span> that resource.</p> <!-- Note
how this does NOT happen when the base URL changes. --> <!--
http-origin privacy sensitive -->
user agent must run the following steps:</p> <!-- Note how this does
NOT happen when the base URL changes. -->

<!-- same text in <input type=image> section and similar text elsewhere -->
<p>Fetching the image must <span>delay the load event</span> of the
element's document until the <span title="concept-task">task</span>
that is <span title="queue a task">queued</span> by the
<span>networking task source</span> once the resource has been <span
title="fetch">fetched</span> (defined below) has been run.</p>
<ol>

<p class="warning">This, unfortunately, can be used to perform a
rudimentary port scan of the user's local network (especially in
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<span title="origin">cross-origin</span> access control policies
that mitigate this attack.</p>
<li><p>If the element's <code title="attr-img-src">src</code>
attribute's value is the empty string, then <span>queue a
task</span> to <span>fire a simple event</span> named <code
title="event-error">error</code> at the <code>img</code> element,
and abort these steps.</p></li>

<li>

<p>Otherwise, <span title="resolve a url">resolve</span> the value
of that attribute, relative to the element, and if that is
successful must then <span>fetch</span> that resource.</p> <!--
http-origin privacy sensitive -->

<!-- same text in <input type=image> section and similar text
elsewhere --> <p>Fetching the image must <span>delay the load
event</span> of the element's document until the <span
title="concept-task">task</span> that is <span title="queue a
task">queued</span> by the <span>networking task source</span>
once the resource has been <span title="fetch">fetched</span> (<a
href="#img-load">defined below</a>) has been run.</p>

<p class="warning">This, unfortunately, can be used to perform a
rudimentary port scan of the user's local network (especially in
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<span title="origin">cross-origin</span> access control policies
that mitigate this attack.</p>

</li>

</ol>

<p>If the image is in a supported image type and its dimensions are
known, then the image is said to be <dfn
@@ -19697,9 +19712,9 @@ interface <dfn>HTMLImageElement</dfn> : <span>HTMLElement</span> {

<p>If the image was not fetched (e.g. because the UA's image support
is disabled, or because the <code title="attr-img-src">src</code>
attribute's value is an <i>ignored self-reference</i>), or if the
conditions in the previous paragraph are not met, then the image is
<em>not</em> <i title="img-available">available</i>.</p>
attribute's value is the empty string, or if the conditions in the
previous paragraph are not met, then the image is <em>not</em> <i
title="img-available">available</i>.</p>

<p class="note">An image might be <i
title="img-available">available</i> in one <span>view</span> but not
@@ -19739,9 +19754,9 @@ interface <dfn>HTMLImageElement</dfn> : <span>HTMLElement</span> {
<p>This specification does not specify which image types are to be
supported.</p>

<p>The <span title="concept-task">task</span> that is <span
title="queue a task">queued</span> by the <span>networking task
source</span> once the resource has been <span
<p id="img-load">The <span title="concept-task">task</span> that is
<span title="queue a task">queued</span> by the <span>networking
task source</span> once the resource has been <span
title="fetch">fetched</span>, must act as appropriate given the
following alternatives:</p>

0 comments on commit 431d993

Please sign in to comment.