Skip to content
Permalink
Browse files
[e] (0) Elaborate on willful violations.
git-svn-id: http://svn.whatwg.org/webapps@3138 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed May 26, 2009
1 parent e57482d commit 657ad9aac791826f42ce042a648126a67e15f35e
Showing 2 changed files with 57 additions and 34 deletions.
42 index
@@ -4647,8 +4647,8 @@
</ol><!-- XXX we might want to define "server-based naming authority",
it's not clear RFC3986 does a good job of defining that anymore
(earlier URI specs did) --><p class=note>These parsing rules are a <a href=#willful-violation>willful
violation</a> of RFC 3986 and RFC 3987 to handle legacy
content. <a href=#refsRFC3986>[RFC3986]</a> <a href=#refsRFC3987>[RFC3987]</a></p>
violation</a> of RFC 3986 and RFC 3987 (which do not define error
handling), motivated by a desire to handle legacy content. <a href=#refsRFC3986>[RFC3986]</a> <a href=#refsRFC3987>[RFC3987]</a></p>

</div>

@@ -5347,8 +5347,10 @@

</dl></li>

</ol><p class=note>The above algorithm is a <a href=#willful-violation>willful violation</a> of the
HTTP specification. <a href=#refsHTTP>[HTTP]</a></p>
</ol><p class=note>The above algorithm is a <a href=#willful-violation>willful
violation</a> of the HTTP specification, which requires that the
Content-Type headers be honored, despite implementation experience
showing that this is not pratical in many cases. <a href=#refsHTTP>[HTTP]</a></p>


<h4 id=content-type-sniffing:-web-pages><span class=secno>2.7.2 </span>Content-Type sniffing: Web pages</h4>
@@ -5944,8 +5946,9 @@
<tr><td> x-x-big5 <td> Big5 <td>
<a href=#refsBIG5>[BIG5]</a> <!-- XXX ? -->
</table><p class=note>The requirement to treat certain encodings as other
encodings according to the table above is a <a href=#willful-violation>willful violation</a> of the
W3C Character Model specification. <a href=#refsCHARMOD>[CHARMOD]</a></p>
encodings according to the table above is a <a href=#willful-violation>willful
violation</a> of the W3C Character Model specification, motivated
by a desire for compatibility with legacy content. <a href=#refsCHARMOD>[CHARMOD]</a></p>

<hr><p>User agents must not support the CESU-8, UTF-7, BOCU-1 and SCSU
encodings. <a href=#refsCESU8>[CESU8]</a> <a href=#refsUTF7>[UTF7]</a> <a href=#refsBOCU1>[BOCU1]</a> <a href=#refsSCSU>[SCSU]</a></p>
@@ -36054,7 +36057,10 @@ interface <dfn id=htmloptionelement>HTMLOptionElement</dfn> : <a href=#htmleleme

<p>If <var title="">action</var> is the empty string, let <var title="">action</var> be <a href="#the-document's-address">the document's address</a>.</p>

<p class=note>This step is a <a href=#willful-violation>willful violation</a> of RFC 3986. <a href=#refsRFC3986>[RFC3986]</a></p>
<p class=note>This step is a <a href=#willful-violation>willful violation</a> of
RFC 3986, which would require base URL processing here. This
violation is motivated by a desire for compatibility with legacy
content. <a href=#refsRFC3986>[RFC3986]</a></p>

<!-- Don't ask me why. But that's what IE does. It even treats
action="" differently from action=" " or action="#" (the latter
@@ -47188,9 +47194,12 @@ interface <dfn id=window>Window</dfn> {
<code><a href=#window>Window</a></code> object, then in JavaScript, the <code title="">this</code> keyword in the global scope must return the
<code><a href=#window>Window</a></code> object's <code><a href=#windowproxy>WindowProxy</a></code> object.</p>

<p class=note>This is a <a href=#willful-violation>willful violation</a> of the JavaScript
specification current at the time of writing (ECMAScript edition
3). <a href=#refsECMA262>[ECMA262]</a></p>
<p class=note>This is a <a href=#willful-violation>willful violation</a> of the
JavaScript specification current at the time of writing
(ECMAScript edition 3). The JavaScript specification requires that
the code title=""&gt;this keyword in the global scope return
the global object, but this is not compatible with the security
design prevalent in implementations as specified herein. <a href=#refsECMA262>[ECMA262]</a></p>

</dd>

@@ -49515,12 +49524,13 @@ style/default.css</pre>
CARRIAGE RETURN (CR) U+000A LINE FEED (LF) pairs.</p>

<p class=note>This is a <a href=#willful-violation title="willful violation">willful
double violation</a> of RFC2046. <a href=#refsRFC2046>[RFC2046]</a></p> <!-- 2046 (and 2045) says that
charset="" is always allowed on text/*, but that harks back to the
old days before UTF-8 was widely used; 2046 also says that newlines
are always CRLF-delimited, which is not workable given the
widespread use of editors that use either lone LFs or lone CRs as
line break delimiters. -->
double violation</a> of RFC2046, which requires all <code title="">text/*</code> types to support an open-ended set of
character encodings and only allows CRLF line breaks. These
requirements, however, are outdated; UTF-8 is now widely used, such
that supporting other encodings is no longer necessary, and use of
CR, LF, and CRLF line breaks is commonly supported and indeed
sometimes CRLF is <em>not</em> supported by text editors. <a href=#refsRFC2046>[RFC2046]</a></p> <!-- also RFC 2045 for charset
-->

<p>The first line of an application cache manifest must consist of
the string "CACHE", a single U+0020 SPACE character, the string
49 source
@@ -4231,8 +4231,9 @@
(earlier URI specs did) -->

<p class="note">These parsing rules are a <span>willful
violation</span> of RFC 3986 and RFC 3987 to handle legacy
content. <a href="#refsRFC3986">[RFC3986]</a> <a
violation</span> of RFC 3986 and RFC 3987 (which do not define error
handling), motivated by a desire to handle legacy content. <a
href="#refsRFC3986">[RFC3986]</a> <a
href="#refsRFC3987">[RFC3987]</a></p>

</div>
@@ -5038,8 +5039,11 @@

</ol>

<p class="note">The above algorithm is a <span>willful violation</span> of the
HTTP specification. <a href="#refsHTTP">[HTTP]</a></p>
<p class="note">The above algorithm is a <span>willful
violation</span> of the HTTP specification, which requires that the
Content-Type headers be honored, despite implementation experience
showing that this is not pratical in many cases. <a
href="#refsHTTP">[HTTP]</a></p>


<h4>Content-Type sniffing: Web pages</h4>
@@ -5796,8 +5800,9 @@
</table>

<p class="note">The requirement to treat certain encodings as other
encodings according to the table above is a <span>willful violation</span> of the
W3C Character Model specification. <a
encodings according to the table above is a <span>willful
violation</span> of the W3C Character Model specification, motivated
by a desire for compatibility with legacy content. <a
href="#refsCHARMOD">[CHARMOD]</a></p>

<hr>
@@ -40496,8 +40501,10 @@ interface <dfn>HTMLOptionElement</dfn> : <span>HTMLElement</span> {
<p>If <var title="">action</var> is the empty string, let <var
title="">action</var> be <span>the document's address</span>.</p>

<p class="note">This step is a <span>willful violation</span> of RFC 3986. <a
href="#refsRFC3986">[RFC3986]</a></p>
<p class="note">This step is a <span>willful violation</span> of
RFC 3986, which would require base URL processing here. This
violation is motivated by a desire for compatibility with legacy
content. <a href="#refsRFC3986">[RFC3986]</a></p>

<!-- Don't ask me why. But that's what IE does. It even treats
action="" differently from action=" " or action="#" (the latter
@@ -53763,9 +53770,13 @@ interface <dfn>Window</dfn> {
title="">this</code> keyword in the global scope must return the
<code>Window</code> object's <code>WindowProxy</code> object.</p>

<p class="note">This is a <span>willful violation</span> of the JavaScript
specification current at the time of writing (ECMAScript edition
3). <a href="#refsECMA262">[ECMA262]</a></p>
<p class="note">This is a <span>willful violation</span> of the
JavaScript specification current at the time of writing
(ECMAScript edition 3). The JavaScript specification requires that
the code title="">this</code> keyword in the global scope return
the global object, but this is not compatible with the security
design prevalent in implementations as specified herein. <a
href="#refsECMA262">[ECMA262]</a></p>

</dd>

@@ -56471,13 +56482,15 @@ style/default.css</pre>
CARRIAGE RETURN (CR) U+000A LINE FEED (LF) pairs.</p>

<p class="note">This is a <span title="willful violation">willful
double violation</span> of RFC2046. <a
href="#refsRFC2046">[RFC2046]</a></p> <!-- 2046 (and 2045) says that
charset="" is always allowed on text/*, but that harks back to the
old days before UTF-8 was widely used; 2046 also says that newlines
are always CRLF-delimited, which is not workable given the
widespread use of editors that use either lone LFs or lone CRs as
line break delimiters. -->
double violation</span> of RFC2046, which requires all <code
title="">text/*</code> types to support an open-ended set of
character encodings and only allows CRLF line breaks. These
requirements, however, are outdated; UTF-8 is now widely used, such
that supporting other encodings is no longer necessary, and use of
CR, LF, and CRLF line breaks is commonly supported and indeed
sometimes CRLF is <em>not</em> supported by text editors. <a
href="#refsRFC2046">[RFC2046]</a></p> <!-- also RFC 2045 for charset
-->

<p>The first line of an application cache manifest must consist of
the string "CACHE", a single U+0020 SPACE character, the string

0 comments on commit 657ad9a

Please sign in to comment.