Network Working Group B. Hoehrmann
Internet-Draft November 5, 2006
Intended status: Standards Track
Expires: May 9, 2007
The 'javascript' resource identifier scheme
draft-hoehrmann-javascript-scheme-00
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 9, 2007.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This memo defines syntax and semantics of the 'javascript' resource
identifier scheme, enabling applications to specify script code in
contexts where resource identifiers are expected.
Hoehrmann Expires May 9, 2007 [Page 1]
Internet-Draft The 'javascript' scheme November 2006
1. Introduction
The 'javascript' resource identifier scheme allows to encode script
code in a resource identifier in a way similar to the 'data' scheme,
but with extended semantics. This document defines the scheme and
two operations that describe how existing implementations handle it.
The first operation, content retrieval, defines which script code a
given 'javascript' resource identifier represents. This operation is
fully defined in this document and some applications, such as
implementations of the Virtual Reality Modeling Language, might take
advantage of only this operation.
The second operation, in-context evaluation, is often implemented by
web browser applications, and provides a means to run custom script
code when the resource identifier is dereferenced. As an example,
consider a HTML document containing a hyperlink like:
<a href='javascript:doSomething()'>...</a>
In typical implementations, when the user activates the hyperlink,
the web browser will pass control to the doSomething() function, and
if the function returns something, render the result in place of the
current document.
Some semantics of this operation are out of scope of this document.
As an example, in the example above, if the doSomething() function
returns a string object, the implementation would lack clues, like an
Internet media type, how to process it; it could interprete it as
script, style sheet, HTML document, resource identifier, or any other
type of resource, as appropriate for the context.
In order not to limit the applicability of this scheme for certain
applications, this document just describes this operation in terms of
an abstract model; it is expected that, where needed, other
specifications define the semantics in more detail using this model.
2. Terminology and Conformance
Resource identifiers, including percent-encoding and requirements for
IRIs, are defined in STD 66, [RFC3986] and [RFC3987]. Source text
and the media type application/javascript are defined in [RFC4329],
the 'data' scheme in [RFC2397], and UTF-8, including the term byte
order mark, in STD 63, [RFC3629].
An application that generates resource identifiers conforms to this
specification if and only if, given a valid application/javascript
Hoehrmann Expires May 9, 2007 [Page 2]
Internet-Draft The 'javascript' scheme November 2006
entity, it generates only 'javascript' resource identifiers that
conform to this specification.
An application that dereferences 'javascript' resource identifiers
conforms to this specification if and only if it implements the
content retrieval operation as defined in this specification.
A resource identifier conforms to this specification if and only if
it is a valid IRI and application of the content retrieval operation
yields a valid application/javascript entity without generating any
error. Use of a byte order mark and literal use of the character "/"
should be avoided.
A resource identifier is said to have one or more encoding errors
when applying the content retrieval operation to it results in one or
more errors. Resource identifiers with encoding errors do not
conform to this specification.
For resource identifiers with encoding errors the considerations for
handling encoding errors in application/javascript entities apply.
The algorithms defined in this document are considered equivalent to
any and all algorithms that map the same input to the same results.
3. Operations
This section defines two operations that can be applied to resource
identifiers that conform to this specification. Other operations may
be defined in other specifications.
3.1. Content retrieval
This operation retrieves the source text that is included in the
scheme-specific part of a given 'javascript' resource identifier.
1. Represent the scheme-specific part as sequence of octets in
the UTF-8 character encoding.
2. Replace any percent-encoded octet by its corresponding octet.
3. If the sequence starts with the sequence 0xEF 0xBB 0xBF,
discard this sequence.
4. Decode the octet sequence using the UTF-8 character encoding
and transform the result into source text.
Hoehrmann Expires May 9, 2007 [Page 3]
Internet-Draft The 'javascript' scheme November 2006
3.2. In-context evaluation
This operation defines a model under which applications may evaluate
the source text included in a given 'javascript' resource identifier.
1. Retrieve the source text using the content retrieval
operation.
2. Determine a dereference context for further processing.
3. Evaluate the source text in this context and memorize the
result as dereference by-product.
4. Process the dereference by-product as appropriate for the
dereference context.
4. Interoperability Considerations
A common error in 'javascript' resource identifiers is incorrect use
of fragment identifiers as in <javascript:_scrollTo('#example')>, and
some applications might have to recover from such errors. Designers
of protocol elements that accept resource identifiers as defined in
this document should consider this case and, where compatibility is a
concern, define a pre-processing step that percent-encodes all '#'
characters before the content of the protocol element is processed as
'javascript' resource identifier.
Authors should be aware that use of 'javascript' resource identifiers
may have implications for the interoperability, accessibility, or
usability of their documents and applications. Applications may vary
in whether and where they support it, and how they implement the in-
context evaluation. As an example, a user may ask a web browser to
open a 'javascript' hyperlink included in a HTML document in a new
browser window; in this case the web browser might establish the
dereference context such that references to variables and functions
defined elsewhere in the HTML document can no longer be resolved.
5. Security Considerations
For applications that rely only on the content retrieval operation as
defined in this document, the security considerations are equivalent
to those for 'data' resource identifiers and application/javascript
as defined in their respective specifications. In-context evaluation
may introduce additional security issues, but these depend on the
dereference context and how the dereference by-product is processed
which is not defined by this specification; security considerations
Hoehrmann Expires May 9, 2007 [Page 4]
Internet-Draft The 'javascript' scheme November 2006
for this operation are consequently considered out of scope.
6. Internationalization Considerations
None beyond those inherent to resource identifiers and entities of
type application/javascript.
7. IANA Considerations
This document registers the 'javascript' scheme as permanent scheme
in the IANA Uniform Resource Identifier scheme registry per BCP 115.
8. References
8.1. Normative References
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005.
[RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
Identifiers (IRIs)", RFC 3987, January 2005.
[RFC4329] Hoehrmann, B., "Scripting Media Types", RFC 4329,
April 2006.
8.2. Informative References
[RFC2397] Masinter, L., "The "data" URL scheme", RFC 2397,
August 1998.
Author's Address
Bjoern Hoehrmann
Weinheimer Strasse 22
Mannheim D-68309
Germany
Email: mailto:bjoern@hoehrmann.de
URI: http://bjoern.hoehrmann.de
Hoehrmann Expires May 9, 2007 [Page 5]
Internet-Draft The 'javascript' scheme November 2006
Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Hoehrmann Expires May 9, 2007 [Page 6]