This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<hr><p>Unless the user agent cannot support images, or its support for
images has been disabled, or the user agent only fetches elements on
demand, or the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
attribute's value is the empty string, then, when an
<code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
user agent must <a href=#resolve-a-url title="resolve a url">resolve</a> the value
of that attribute, relative to the element, and if that is
successful must then <a href=#fetch>fetch</a> that resource.</p> <!-- Note
how this does NOT happen when the base URL changes. --> <!--
http-origin privacy sensitive -->
<!-- same text in <input type=image> section and similar text elsewhere -->
<p>Fetching the image must <a href=#delay-the-load-event>delay the load event</a> of the
element's document until the <a href=#concept-task title=concept-task>task</a>
that is <a href=#queue-a-task title="queue a task">queued</a> by the
<a href=#networking-task-source>networking task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a> (defined below) has been run.</p>
demand, then, when an <code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
user agent must run the following steps:</p> <!-- Note how this does
NOT happen when the base URL changes. -->
<p class=warning>This, unfortunately, can be used to perform a
rudimentary port scan of the user's local network (especially in
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<a href=#origin title=origin>cross-origin</a> access control policies
that mitigate this attack.</p>
<ol><li><p>If the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
attribute's value is the empty string, then <a href=#queue-a-task>queue a
task</a> to <a href=#fire-a-simple-event>fire a simple event</a> named <code title=event-error>error</code> at the <code><a href=#the-img-element>img</a></code> element,
and abort these steps.</li>
<p>If the image is in a supported image type and its dimensions are
<li>
<p>Otherwise, <a href=#resolve-a-url title="resolve a url">resolve</a> the value
of that attribute, relative to the element, and if that is
successful must then <a href=#fetch>fetch</a> that resource.</p> <!--
http-origin privacy sensitive -->
<!-- same text in <input type=image> section and similar text
elsewhere --> <p>Fetching the image must <a href=#delay-the-load-event>delay the load
event</a> of the element's document until the <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a
task">queued</a> by the <a href=#networking-task-source>networking task source</a>
once the resource has been <a href=#fetch title=fetch>fetched</a> (<a href=#img-load>defined below</a>) has been run.</p>
<p class=warning>This, unfortunately, can be used to perform a
rudimentary port scan of the user's local network (especially in
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<a href=#origin title=origin>cross-origin</a> access control policies
that mitigate this attack.</p>
</li>
</ol><p>If the image is in a supported image type and its dimensions are
known, then the image is said to be <dfn id=img-available title=img-available><i>available</i></dfn> (this affects exactly
what the element represents, as defined below). This can be true
even before the image is completely downloaded, if the user agent
<p>This specification does not specify which image types are to be
supported.</p>
<p>The <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking task
source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
<p id=img-load>The <a href=#concept-task title=concept-task>task</a> that is
<a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking
task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
following alternatives:</p>
<dl class=switch><dt>If the download was successful and the image is <i title=img-available><a href=#img-available>available</a></i></dt>
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<hr><p>Unless the user agent cannot support images, or its support for
images has been disabled, or the user agent only fetches elements on
demand, or the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
attribute's value is the empty string, then, when an
<code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
user agent must <a href=#resolve-a-url title="resolve a url">resolve</a> the value
of that attribute, relative to the element, and if that is
successful must then <a href=#fetch>fetch</a> that resource.</p> <!-- Note
how this does NOT happen when the base URL changes. --> <!--
http-origin privacy sensitive -->
<!-- same text in <input type=image> section and similar text elsewhere -->
<p>Fetching the image must <a href=#delay-the-load-event>delay the load event</a> of the
element's document until the <a href=#concept-task title=concept-task>task</a>
that is <a href=#queue-a-task title="queue a task">queued</a> by the
<a href=#networking-task-source>networking task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a> (defined below) has been run.</p>
demand, then, when an <code><a href=#the-img-element>img</a></code> is created with a <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute, and whenever the <code title=attr-img-src><a href=#attr-img-src>src</a></code> attribute is set subsequently, the
user agent must run the following steps:</p> <!-- Note how this does
NOT happen when the base URL changes. -->
<ol><li><p>If the element's <code title=attr-img-src><a href=#attr-img-src>src</a></code>
attribute's value is the empty string, then <a href=#queue-a-task>queue a
task</a> to <a href=#fire-a-simple-event>fire a simple event</a> named <code title=event-error>error</code> at the <code><a href=#the-img-element>img</a></code> element,
and abort these steps.</li>
<li>
<p>Otherwise, <a href=#resolve-a-url title="resolve a url">resolve</a> the value
of that attribute, relative to the element, and if that is
successful must then <a href=#fetch>fetch</a> that resource.</p> <!--
http-origin privacy sensitive -->
<!-- same text in <input type=image> section and similar text
elsewhere --> <p>Fetching the image must <a href=#delay-the-load-event>delay the load
event</a> of the element's document until the <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a
task">queued</a> by the <a href=#networking-task-source>networking task source</a>
once the resource has been <a href=#fetch title=fetch>fetched</a> (<a href=#img-load>defined below</a>) has been run.</p>
<p class=warning>This, unfortunately, can be used to perform a
rudimentary port scan of the user's local network (especially in
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<a href=#origin title=origin>cross-origin</a> access control policies
that mitigate this attack.</p>
<p class=warning>This, unfortunately, can be used to perform a
rudimentary port scan of the user's local network (especially in
conjunction with scripting, though scripting isn't actually
necessary to carry out such an attack). User agents may implement
<a href=#origin title=origin>cross-origin</a> access control policies
that mitigate this attack.</p>
<p>If the image is in a supported image type and its dimensions are
</li>
</ol><p>If the image is in a supported image type and its dimensions are
known, then the image is said to be <dfn id=img-available title=img-available><i>available</i></dfn> (this affects exactly
what the element represents, as defined below). This can be true
even before the image is completely downloaded, if the user agent
<p>This specification does not specify which image types are to be
supported.</p>
<p>The <a href=#concept-task title=concept-task>task</a> that is <a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking task
source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
<p id=img-load>The <a href=#concept-task title=concept-task>task</a> that is
<a href=#queue-a-task title="queue a task">queued</a> by the <a href=#networking-task-source>networking
task source</a> once the resource has been <a href=#fetch title=fetch>fetched</a>, must act as appropriate given the
following alternatives:</p>
<dl class=switch><dt>If the download was successful and the image is <i title=img-available><a href=#img-available>available</a></i></dt>
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters