wg page 2 - Dave's Blog

Search
My timeline on Mastodon

The WHATWG Blog » Blog Archive » What’s next in HTML, episode 2: who’s been peeing in my sandbox?

2010 Jan 26, 2:00The sandbox attribute for the iframe element sounds like a big pit of issues. Includes a new mime type text/html-sandbox to put on content that shouldn't be rendered as html in browsers that don't support the sandbox attribute.PermalinkCommentshtml html5 sandbox security web browser iframe mime mimetype html-sandbox technical

The WHATWG Blog » Blog Archive » Sniffing for RSS 1.0 feeds served as text/html

2009 Sep 29, 10:54How Firefox and IE7&8 perform feed sniffingPermalinkCommentsrss feed atom mime mime-sniffing sniffing mimetype web browser html5 technical

ginger's thoughts » URI fragments vs URI queries for media fragment addressing

2009 Sep 11, 8:39"In the W3C Media Fragment Working Group (MFWG) we have had long discussions about the use of the URI query (”?”) or the URI fragment (”#”) addressing approach for addressing directly into media fragments, and the diverse new HTTP headers required to serve such URI requests, considering such side conditions as the stripping-off of fragment parameters from a URI by Web browsers, or the existence of caching Web proxies."PermalinkCommentsfragment uri via:connolly media url query http http-header

HTML vs. XHTML - WHATWG Wiki

2009 Sep 10, 6:42"Although HTML and XHTML appear to have similarities in their syntax, they are significantly different in many ways."PermalinkCommentshtml html5 xml xhtml whatwg wiki technical

WGMX 4 - Zombocalypse on Vimeo

2009 Jun 30, 4:59"Congratulations on not being devoured and purchasing the Wagglemax Zombocalypse TM Survival Kit"PermalinkCommentshumor video commercial ad apocalypse zombie horror for:hellosarah videogame

Linking to or Embedding a Portion of a Video

2009 Jun 19, 10:12

I'm excited by HTML5's video tag as are plenty of other people. Once that comes about and once media fragments are adopted, linking to or embedding a portion of a video will be as easy as using the correct fragment on your URL thanks to the Media Fragments WG who has been hard at work since the last time I looked at fragments.

However, until that work is embraced by browsers, embedding portions of videos will continue to require work specific to the site from which you are embedding the video. On the YouTube blog they wrote about how to "link to the best parts in your videos", using a fragment syntax like '#t=1m15s' to start playback of the associated video at 1 minute and 15 seconds. Of course if you want to embed part of a Hulu video it will be different. Although I haven't found an authoritative source describing the URL syntax to use, you can follow Hulu's video guide on linking to part of a video and note how the URL changes as you adjust the slider on the time-line. It looks like their syntax for linking to a Hulu page is to add '?c=[start time in seconds](:[end time in seconds])' with the colon and end time optional in order to link to a portion of a video. And the syntax for embedding appears to be "http://www.hulu.com/embed/.../[start time in seconds](/[end time in seconds])" again with the end time optional.

For more sites, check out the Media Fragments WG's list of existing applications' proprietary fragmenting schemes.

PermalinkCommentshulu technical media fragment wg url youtube video html5 uri fragment

Implementations in Web browsers - WHATWG Wiki

2009 Jun 8, 4:56"List of known implementations of HTML 5 in web browsers (list is incomplete, feel free to extend it)"PermalinkCommentsreference browser html ie8 firefox html5 opera whatwg wiki

InfoQ: HTTP Status Report

2009 Apr 29, 12:34"In this presentation, recorded at QCon San Francisco 2008, HTTPbis WG chair Mark Nottingham gives an update on the current status of the HTTP protocol in the wild, and the ongoing work to clarify the HTTP specification."PermalinkCommentshttp httpbis protocol ietf reference video authentication cookie uri url tcp sctp mark-nottingham via:ericlaw

[whatwg] Superset encodings [Re: ISO-8859-* and the C1 control range]

2009 Apr 23, 1:35"This e-mail is an attempt to give a relatively concise yet reasonably complete overview of non-Unicode character sets and encodings for 'Chinese characters', excluding those which are not supported by at least one of the four browsers IE, Safari, Firefox and Opera (henceforth 'all browsers'), and tentatively avoiding technical details which are out of scope for HTML5 unless they are important to gain a general understanding of the relevant issues."PermalinkCommentshtml html5 iso-2022 charset encoding character unicode cjk

[whatwg] [WhatWG] Some additional API is needed for sites to see whether registerProtocolHandler() call was successful

2009 Apr 7, 12:14This makes plenty of sense, that a site should be able to check if a protocol handler exists for some URI scheme, but it'd be nice if this were some sort of declaritive fallback plan rather than having to do it all with script. "The HTML5 standard function registerProtocolHandler() should probably remain void as in standard, but WhatWG could invent yet another boolean protocolRegistered("area"), with the only argument (protocol name as string), to check whether a protocol is registered."PermalinkCommentshtml5 registerProtocolHandler html script url uri scheme protocol

Planet HTML5

2009 Apr 7, 10:04Aggregation of feeds concerning HTML5 including Ian Hickson's, Planet Mozilla, Planet WebKit, the IE Blog, the WHATWG blog, etc etc.PermalinkCommentsw3c html5 html blog feed daily

Thoughts on registerProtocolHandler in HTML 5

2009 Apr 7, 9:02

I'm a big fan of the concept of registerProtocolHandler in HTML 5 and in FireFox 3, but not quite the implementation. From a high level, it allows web apps to register themselves as handlers of an URL scheme so for (the canonical) example, GMail can register for the mailto URL scheme. I like the concept:

However, the way its currently spec'ed out I don't like the following: PermalinkCommentsurl template registerprotocolhandler firefox technical url scheme protocol boring html5 uri urn

The WHATWG Blog - Blog Archive - This Week in HTML 5 - Episode 20

2009 Feb 3, 11:15"r2719 specifies that browsers should not allow scripts to set document.domain to anything on the Public Suffix List, such as "com" or "co.jp". Essential background reading on why this is dangerous: Untraceable XSS Attacks. Most browsers already block this attack, e.g. Firefox since 3.0. [Background: Re: Setting document.domain]"PermalinkCommentshtml5 tld publicsuffix dns security html internet web reference w3c

The WHATWG Blog

2008 Oct 1, 1:08A weekly summary of the going-ons in the WHATWG usually on the topic of squabbles in HTML5 esp. what to do about the alt attribute in the img tag. Interesting stuff on charsets.PermalinkCommentsdevelopment software whatwg html5 html specification feed rss user-agent w3c

[whatwg] Web Applications 1.0 Draft

2008 Aug 20, 9:48Apple will or will not license the canvas tag? 'Apple Computer, Inc. ("Apple") believes it has intellectual property rights ("IP Rights") relative to WHATWG's Web Applications 1.0 Working Draft, dated March 24, 2005, Section 10.1, entitled "Graphics: The bitmap canvas". At this time, Apple reserves all rights in its IP Rights and makes no representations as to Apple's willingness or unwillingness to license these IP Rights. However, in the event that the Web Applications 1.0 Working Draft, dated March 24, 2005, becomes part of a formalized draft standard at W3C or IETF, for example, Apple is prepared to address the disclosure/licensing rules of such organizations.'PermalinkCommentsapple patent html ip html5 canvas whatwg browser browser-war

Finished First Three Zelda Games

2008 Jul 17, 4:45
Screen shot from Legend of ZeldaScreen shot from Zelda II: The Adventures of LinkScreen shot from Legend of Zelda: A Link to the Past

I want to once again profess my love for the Wii's Virtual Console. Sarah and I recently finished playing through the first three Zelda games. Although I'd played a bit of the first two I never had a Nintendo as a kid and so unlike Sarah this was my first time completely playing through Zelda I & II. What people say about Zelda II is true... its all so true. And on the flip side I have fond memories of beating the third Zelda game which Sarah hadn't played.

In hilarious Zelda related news, a friend from work's husband posted the following blog post concerning their son named Link.

PermalinkCommentszelda link video-games nontechnical wii

New Cookie related Internet Drafts from Yngve N. Pettersen on 2006-03-20 (ietf-http-wg@w3.org from January to March 2006)

2008 Jun 30, 3:46Opera's solution to minimal security domain determination: "The drafts describe 1) Opera's current "rule of thumb" implementation that uses DNS in an attempt to confirm the validity of a domain, and 2) a proposed new HTTP based lookup service that returPermalinkCommentsopera rfc ietf cookie http internet browser dns domain

URI Fragment Info Roundup

2008 Apr 21, 11:53

['Neverending story' by Alexandre Duret-Lutz. A framed photo of books with the droste effect applied. Licensed under creative commons.]Information about URI Fragments, the portion of URIs that follow the '#' at the end and that are used to navigate within a document, is scattered throughout various documents which I usually have to hunt down. Instead I'll link to them all here.

Definitions. Fragments are defined in the URI RFC which states that they're used to identify a secondary resource that is related to the primary resource identified by the URI as a subset of the primary, a view of the primary, or some other resource described by the primary. The interpretation of a fragment is based on the mime type of the primary resource. Tim Berners-Lee notes that determining fragment meaning from mime type is a problem because a single URI may contain a single fragment, however over HTTP a single URI can result in the same logical resource represented in different mime types. So there's one fragment but multiple mime types and so multiple interpretations of the one fragment. The URI RFC says that if an author has a single resource available in multiple mime types then the author must ensure that the various representations of a single resource must all resolve fragments to the same logical secondary resource. Depending on which mime types you're dealing with this is either not easy or not possible.

HTTP. In HTTP when URIs are used, the fragment is not included. The General Syntax section of the HTTP standard says it uses the definitions of 'URI-reference' (which includes the fragment), 'absoluteURI', and 'relativeURI' (which don't include the fragment) from the URI RFC. However, the 'URI-reference' term doesn't actually appear in the BNF for the protocol. Accordingly the headers like 'Request-URI', 'Content-Location', 'Location', and 'Referer' which include URIs are defined with 'absoluteURI' or 'relativeURI' and don't include the fragment. This is in keeping with the original fragment definition which says that the fragment is used as a view of the original resource and consequently only needed for resolution on the client. Additionally, the URI RFC explicitly notes that not including the fragment is a privacy feature such that page authors won't be able to stop clients from viewing whatever fragments the client chooses. This seems like an odd claim given that if the author wanted to selectively restrict access to portions of documents there are other options for them like breaking out the parts of a single resource to which the author wishes to restrict access into separate resources.

HTML. In HTML, the HTML mime type RFC defines HTML's fragment use which consists of fragments referring to elements with a corresponding 'id' attribute or one of a particular set of elements with a corresponding 'name' attribute. The HTML spec discusses fragment use additionally noting that the names and ids must be unique in the document and that they must consist of only US-ASCII characters. The ID and NAME attributes are further restricted in section 6 to only consist of alphanumerics, the hyphen, period, colon, and underscore. This is a subset of the characters allowed in the URI fragment so no encoding is discussed since technically its not needed. However, practically speaking, browsers like FireFox and Internet Explorer allow for names and ids containing characters outside of the defined set including characters that must be percent-encoded to appear in a URI fragment. The interpretation of percent-encoded characters in fragments for HTML documents is not consistent across browsers (or in some cases within the same browser) especially for the percent-encoded percent.

Text. Text/plain recently got a fragment definition that allows fragments to refer to particular lines or characters within a text document. The scheme no longer includes regular expressions, which disappointed me at first, but in retrospect is probably good idea for increasing the adoption of this fragment scheme and for avoiding the potential for ubiquitous DoS via regex. One of the authors also notes this on his blog. I look forward to the day when this scheme is widely implemented.

XML. XML has the XPointer framework to define its fragment structure as noted by the XML mime type definition. XPointer consists of a general scheme that contains subschemes that identify a subset of an XML document. Its too bad such a thing wasn't adopted for URI fragments in general to solve the problem of a single resource with multiple mime type representations. I wrote more about XPointer when I worked on hacking XPointer into IE.

SVG and MPEG. Through the Media Fragments Working Group I found a couple more fragment scheme definitions. SVG's fragment scheme is defined in the SVG documentation and looks similar to XML's. MPEG has one defined but I could only find it as an ISO document "Text of ISO/IEC FCD 21000-17 MPEG-12 FID" and not as an RFC which is a little disturbing.

AJAX. AJAX websites have used fragments as an escape hatch for two issues that I've seen. The first is getting a unique URL for versions of a page that are produced on the client by script. The fragment may be changed by script without forcing the page to reload. This goes outside the rules of the standards by using HTML fragments in a fashion not called out by the HTML spec. but it does seem to be inline with the spirit of the fragment in that it is a subview of the original resource and interpretted client side. The other hack-ier use of the fragment in AJAX is for cross domain communication. The basic idea is that different frames or windows may not communicate in normal fashions if they have different domains but they can view each other's URLs and accordingly can change their own fragments in order to send a message out to those who know where to look. IMO this is not inline with the spirit of the fragment but is rather a cool hack.

PermalinkCommentsxml text ajax technical url boring uri fragment rfc

Wget for Windows

2008 Feb 2, 12:19Another essential for setting up a new computer.PermalinkCommentswget download opensource gnu windows tool free internet setupnewcomputer

YouTube - Sorry, Internet

2008 Jan 30, 10:12Internet videos support WGA strike.PermalinkCommentswga youtube humor video strike internet
Older EntriesNewer Entries Creative Commons License Some rights reserved.