|
version 1.36, 2009/10/04 10:14:19
|
version 1.59, 2010/01/07 08:16:34
|
|
Line 1
|
Line 1
|
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><!-- when publishing, change bits marked ZZZ --><html lang="en-US-x-Hixie"><title>Web Database</title><style type="text/css"> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-US-x-Hixie"><title>Web SQL Database</title><style type="text/css"> |
| pre { margin-left: 2em; white-space: pre-wrap; } |
pre { margin-left: 2em; white-space: pre-wrap; } |
| h2 { margin: 3em 0 1em 0; } |
h2 { margin: 3em 0 1em 0; } |
| h3 { margin: 2.5em 0 1em 0; } |
h3 { margin: 2.5em 0 1em 0; } |
|
Line 26
|
Line 26
|
| table { border-collapse: collapse; border-style: hidden hidden none hidden; } |
table { border-collapse: collapse; border-style: hidden hidden none hidden; } |
| table thead { border-bottom: solid; } |
table thead { border-bottom: solid; } |
| table tbody th:first-child { border-left: solid; } |
table tbody th:first-child { border-left: solid; } |
| |
table tbody th { text-align: left; } |
| table td, table th { border-left: solid; border-right: solid; border-bottom: solid thin; vertical-align: top; padding: 0.2em; } |
table td, table th { border-left: solid; border-right: solid; border-bottom: solid thin; vertical-align: top; padding: 0.2em; } |
| blockquote { margin: 0 0 0 2em; border: 0; padding: 0; font-style: italic; } |
blockquote { margin: 0 0 0 2em; border: 0; padding: 0; font-style: italic; } |
| |
|
|
Line 70
|
Line 71
|
| div.head .logo { float: right; margin: 0 1em; } |
div.head .logo { float: right; margin: 0 1em; } |
| div.head .logo img { border: none } /* remove border from top image */ |
div.head .logo img { border: none } /* remove border from top image */ |
| div.head dl { margin: 1em 0; } |
div.head dl { margin: 1em 0; } |
| p.copyright { font-size: x-small; font-style: oblique; margin: 0; } |
div.head p.copyright, div.head p.alt { font-size: x-small; font-style: oblique; margin: 0; } |
| |
|
| body > .toc > li { margin-top: 1em; margin-bottom: 1em; } |
body > .toc > li { margin-top: 1em; margin-bottom: 1em; } |
| body > .toc.brief > li { margin-top: 0.35em; margin-bottom: 0.35em; } |
body > .toc.brief > li { margin-top: 0.35em; margin-bottom: 0.35em; } |
|
Line 164
|
Line 165
|
| ul.domTree .t7 code, .domTree .t8 code { color: green; } |
ul.domTree .t7 code, .domTree .t8 code { color: green; } |
| ul.domTree .t10 code { color: teal; } |
ul.domTree .t10 code { color: teal; } |
| |
|
| </style><link href="http://www.w3.org/StyleSheets/TR/W3C-WD" rel="stylesheet" type="text/css"><div class="head"> |
#configUI { position: absolute; z-index: 20; top: 10em; right: 1em; width: 11em; font-size: small; } |
| |
#configUI p { margin: 0.5em 0; padding: 0.3em; background: #EEEEEE; color: black; border: inset thin; } |
| |
#configUI p label { display: block; } |
| |
#configUI #updateUI, #configUI .loginUI { text-align: center; } |
| |
#configUI input[type=button] { display: block; margin: auto; } |
| |
</style><link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel="stylesheet" type="text/css"><div class="head"> |
| <p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p> |
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p> |
| <h1>Web Database</h1> |
<h1>Web SQL Database</h1> |
| <h2 class="no-num no-toc" id="w3c-working-draft-10-september-2009">W3C Working Draft 10 September 2009</h2> <!-- ZZZ --> |
|
| |
|
| <dl><dt>This Version:</dt> |
<h2 class="no-num no-toc" id="editor-s-draft-7-january-2010">Editor's Draft 7 January 2010</h2> |
| <dd><a href="http://www.w3.org/TR/2009/WD-webdatabase-20090910/">http://www.w3.org/TR/2009/WD-webdatabase-20090910/</a></dd> <!-- ZZZ date x2 --> |
<dl><dt>Latest Published Version:</dt> |
| <dt>Latest Published Version:</dt> |
|
| <dd><a href="http://www.w3.org/TR/webdatabase/">http://www.w3.org/TR/webdatabase/</a></dd> |
<dd><a href="http://www.w3.org/TR/webdatabase/">http://www.w3.org/TR/webdatabase/</a></dd> |
| <dt>Latest Editor's Draft:</dt> |
<dt>Latest Editor's Draft:</dt> |
| <dd><a href="http://dev.w3.org/html5/webdatabase/">http://dev.w3.org/html5/webdatabase/</a></dd> |
<dd><a href="http://dev.w3.org/html5/webdatabase/">http://dev.w3.org/html5/webdatabase/</a></dd> |
| <!-- ZZZ: add the new version after it has shipped |
<!-- ZZZ: add the new version after it has shipped--> |
| <dt>Previous Versions:</dt> |
<dt>Previous Versions:</dt> |
| <dd><a href="http://www.w3.org/TR/2009/WD-webdatabase-20090423/">http://www.w3.org/TR/2009/WD-webdatabase-20090423/</a> |
<dd><a href="http://www.w3.org/TR/2009/WD-webstorage-20090423/">http://www.w3.org/TR/2009/WD-webstorage-20090423/</a> <!-- yes, storage, not db --> |
| :ZZZ --> |
<dd><a href="http://www.w3.org/TR/2009/WD-webdatabase-20091029/">http://www.w3.org/TR/2009/WD-webdatabase-20091029/</a></dd> |
| |
<!-- :ZZZ --> |
| <dt>Editors:</dt> |
<dt>Editors:</dt> |
| <dd><a href="mailto:ian@hixie.ch">Ian Hickson</a>, Google, Inc.</dd> |
<dd><a href="mailto:ian@hixie.ch">Ian Hickson</a>, Google, Inc.</dd> |
| </dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> |
</dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> |
|
Line 191
|
Line 196
|
| and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document |
and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document |
| use</a> rules apply.</p> |
use</a> rules apply.</p> |
| </div><hr class="top"><h2 class="no-num no-toc" id="abstract">Abstract</h2><p>This specification defines an API for storing data in databases |
</div><hr class="top"><h2 class="no-num no-toc" id="abstract">Abstract</h2><p>This specification defines an API for storing data in databases |
| that can be queried using a variant of SQL.<h2 class="no-num no-toc" id="status-of-this-document">Status of this document</h2><!-- intro boilerplate (required) --><p><em>This section describes the status of this document at the |
that can be queried using a variant of SQL.<h2 class="no-num no-toc" id="status-of-this-document">Status of This document</h2><!-- intro boilerplate (required) --><p><em>This section describes the status of this document at the |
| time of its publication. Other documents may supersede this |
time of its publication. Other documents may supersede this |
| document. A list of current W3C publications and the most recently |
document. A list of current W3C publications and the most recently |
| formally published revision of this technical report can be found in |
formally published revision of this technical report can be found in |
|
Line 215
|
Line 220
|
| under them in incompatible ways.</strong> Vendors interested in |
under them in incompatible ways.</strong> Vendors interested in |
| implementing this specification before it eventually reaches the |
implementing this specification before it eventually reaches the |
| Candidate Recommendation stage should join the aforementioned |
Candidate Recommendation stage should join the aforementioned |
| mailing lists and take part in the discussions.</p><!-- version history or list of changes (required) --><p>The latest stable version of the editor's draft of this |
mailing lists and take part in the discussions.<p class="XXX">This specification has reached an impasse: all |
| |
interested implementors have used the same SQL backend (Sqlite), but |
| |
we need multiple independent implementations to proceed along a |
| |
standardisation path. Until another implementor is interested in |
| |
implementing this spec, the description of the SQL dialect has been |
| |
left as simply a reference to Sqlite, which isn't acceptable for a |
| |
standard. Should you be an implementor interested in implementing an |
| |
independent SQL backend, please contact the editor so that he can |
| |
write a specification for the dialect, thus allowing this |
| |
specification to move forward.</p><!-- version history or list of changes (required) --><p>The latest stable version of the editor's draft of this |
| specification is always available on <a href="http://dev.w3.org/html5/webdatabase/Overview.html">the W3C CVS |
specification is always available on <a href="http://dev.w3.org/html5/webdatabase/Overview.html">the W3C CVS |
| server</a>. Change tracking for this document is available at the |
server</a>. Change tracking for this document is available at the |
| following location:<ul><li>CVS log: <a href="http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html">http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html</a></li> |
following location:<ul><li>CVS log: <a href="http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html">http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html</a></li> |
|
Line 231
|
Line 245
|
| </ul><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING LIST TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- status of document, group responsible (required) --><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Apps |
</ul><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING LIST TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- status of document, group responsible (required) --><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Apps |
| Working Group</a> is the W3C working group responsible for this |
Working Group</a> is the W3C working group responsible for this |
| specification's progress along the W3C Recommendation track. |
specification's progress along the W3C Recommendation track. |
| This specification is the 10 September 2009 First Public Working Draft. <!--ZZZ (date and remove 'first public'--> |
|
| |
|
| |
This specification is the 7 January 2010 Editor's Draft. |
| </p><!-- required patent boilerplate --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 |
</p><!-- required patent boilerplate --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 |
| February 2004 W3C Patent Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of |
February 2004 W3C Patent Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of |
| any patent disclosures</a> made in connection with the deliverables |
any patent disclosures</a> made in connection with the deliverables |
|
Line 240
|
Line 254
|
| patent. An individual who has actual knowledge of a patent which the |
patent. An individual who has actual knowledge of a patent which the |
| individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential |
individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential |
| Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section |
Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section |
| 6 of the W3C Patent Policy</a>.<h2 class="no-num no-toc" id="contents">Table of contents</h2> |
6 of the W3C Patent Policy</a>.<h2 class="no-num no-toc" id="contents">Table of Contents</h2> |
| <!--begin-toc--> |
<!--begin-toc--> |
| <ol class="toc"> |
<ol class="toc"> |
| <li><a href="#introduction"><span class="secno">1 </span>Introduction</a></li> |
<li><a href="#introduction"><span class="secno">1 </span>Introduction</a></li> |
|
Line 513 interface <dfn id="databasecallback">Dat
|
Line 527 interface <dfn id="databasecallback">Dat
|
| instead of the user agent prompting the user for permission to |
instead of the user agent prompting the user for permission to |
| increase the quota every five megabytes.<h3 id="parsing-and-processing-sql-statements"><span class="secno">4.2 </span>Parsing and processing SQL statements</h3><p>When the user agent is to <dfn id="preprocess-the-sql-statement" title="preprocess the SQL |
increase the quota every five megabytes.<h3 id="parsing-and-processing-sql-statements"><span class="secno">4.2 </span>Parsing and processing SQL statements</h3><p>When the user agent is to <dfn id="preprocess-the-sql-statement" title="preprocess the SQL |
| statement">preprocess a SQL statement</dfn> <var title="">sqlStatement</var> with an array of arguments <var title="">arguments</var>, it must run the following steps:<ol><li><p>Parse <var title="">sqlStatement</var> as a SQL statement, |
statement">preprocess a SQL statement</dfn> <var title="">sqlStatement</var> with an array of arguments <var title="">arguments</var>, it must run the following steps:<ol><li><p>Parse <var title="">sqlStatement</var> as a SQL statement, |
| with the exception that U+003F QUESTION MARK (?) characters can be |
with the exception that U+003F QUESTION MARK characters (?) can be |
| used in place of SQL literals in the statement. <a href="#refsSQL">[SQL]</a></li> |
used in place of SQL literals in the statement. <a href="#refsSQL">[SQL]</a></li> |
| |
|
| <li> |
<li> |
| |
|
| <p>Replace each <code title="">?</code> placeholder with the value |
<p>Bind each <code title="">?</code> placeholder with the value of |
| of the argument in the <var title="">arguments</var> array with |
the argument in the <var title="">arguments</var> array with the |
| the same position. (So the first <code title="">?</code> |
same position. (So the first <code title="">?</code> placeholder |
| placeholder gets replaced by the first value in the <var title="">arguments</var> array, and generally the <var title="">n</var>th <code title="">?</code> placeholder gets |
gets bound to the first value in the <var title="">arguments</var> |
| replaced by the <var title="">n</var>th value in the <var title="">arguments</var> array.)</p> |
array, and generally the <var title="">n</var>th <code title="">?</code> placeholder gets bound to the <var title="">n</var>th value in the <var title="">arguments</var> |
| |
array.)</p> |
| <p class="note">Substitutions for <code title="">?</code> |
|
| placeholders are done at the literal level, not as string |
<p class="note">Binding the <code title="">?</code> placeholders |
| concatenations, so this provides a way to dynamically insert |
is done at the literal level, not as string concatenations, so |
| parameters into a statement without risk of a SQL injection |
this provides a way to dynamically insert parameters into a |
| attack.</p> |
statement without risk of a SQL injection attack.</p> |
| |
|
| <p>The result is <var title="">the statement</var>.</p> |
<p>The result is <var title="">the statement</var>.</p> |
| |
|
|
Line 788 interface <dfn id="sqlstatementerrorcall
|
Line 802 interface <dfn id="sqlstatementerrorcall
|
| <li><p>End these steps. The next step is only used when something |
<li><p>End these steps. The next step is only used when something |
| goes wrong.</li> |
goes wrong.</li> |
| |
|
| <li><p><span>Queue a task</span> to invoke the <i>error |
<li><p><span>Queue a task</span> to invoke the transaction's |
| callback</i>, if it is not null, with a newly constructed |
<i>error callback</i>, if it is not null, with a newly constructed |
| <code><a href="#sqlerror">SQLError</a></code> object that represents the last error to have |
<code><a href="#sqlerror">SQLError</a></code> object that represents the last error to have |
| occurred in this transaction. Rollback the transaction. Any |
occurred in this transaction. Rollback the transaction. Any |
| still-pending statements in the transaction are discarded.</li> |
still-pending statements in the transaction are discarded.</li> |
|
Line 958 interface <dfn id="sqltransactionsync">S
|
Line 972 interface <dfn id="sqltransactionsync">S
|
| be zero).<pre class="idl">interface <dfn id="sqlresultsetrowlist">SQLResultSetRowList</dfn> { |
be zero).<pre class="idl">interface <dfn id="sqlresultsetrowlist">SQLResultSetRowList</dfn> { |
| readonly attribute unsigned long <a href="#dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length">length</a>; |
readonly attribute unsigned long <a href="#dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length">length</a>; |
| getter <span>any</span> <a href="#dom-sqlresultsetrowlist-item" title="dom-SQLResultSetRowList-item">item</a>(in unsigned long index); |
getter <span>any</span> <a href="#dom-sqlresultsetrowlist-item" title="dom-SQLResultSetRowList-item">item</a>(in unsigned long index); |
| };</pre><p class="note">Implementors are encouraged to implement |
};</pre><p class="note">For the asynchronous API, implementors are |
| <code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects lazily, or at least |
encouraged to prefetch all the data for |
| asynchronously, for better performance.<p><code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects have a <dfn id="dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length"><code>length</code></dfn> |
<code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects when the object is |
| |
constructed (before the result set callback is invoked), rather than |
| |
on-demand, for better responsiveness. For the synchronous API, an |
| |
on-demand lazy evaluation implementation strategy is encouraged |
| |
instead, for better performance.<p><code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects have a <dfn id="dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length"><code>length</code></dfn> |
| attribute that must return the number of rows it represents (the |
attribute that must return the number of rows it represents (the |
| number of rows returned by the database). This is the <var title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></var>.<p class="note">Fetching the <code title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></code> might be |
number of rows returned by the database). This is the <var title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></var>.<p class="note">Fetching the <code title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></code> might be |
| expensive, and authors are thus encouraged to avoid using it (or |
expensive, and authors are thus encouraged to avoid using it (or |
|
Line 1068 interface <dfn id="sqltransactionsync">S
|
Line 1086 interface <dfn id="sqltransactionsync">S
|
| <td>A lock for the transaction could not be obtained in a |
<td>A lock for the transaction could not be obtained in a |
| reasonable time. |
reasonable time. |
| |
|
| </table><h2 id="web-sql"><span class="secno">5 </span>Web SQL</h2><p class="XXX">Need to define the SQL dialect.<h2 id="disk-space"><span class="secno">6 </span>Disk space</h2><p>User agents should limit the total amount of space allowed for |
</table><h2 id="web-sql"><span class="secno">5 </span>Web SQL</h2><p>User agents must implement the SQL dialect supported by Sqlite 3.6.19.<p>When converting bound arguments to SQL data types, the JavaScript |
| |
ToPrimitive operator must be applied to obtain the raw value to be |
| |
processed. <a href="#refsECMA262">[ECMA262]</a>.<h2 id="disk-space"><span class="secno">6 </span>Disk space</h2><p>User agents should limit the total amount of space allowed for |
| databases. |
databases. |
| |
|
| <p>User agents should guard against sites storing data under the |
<p>User agents should guard against sites storing data under the |
|
Line 1084 interface <dfn id="sqltransactionsync">S
|
Line 1104 interface <dfn id="sqltransactionsync">S
|
| future.<h2 id="privacy"><span class="secno">7 </span>Privacy</h2><h3 id="user-tracking"><span class="secno">7.1 </span>User tracking</h3><p>A third-party advertiser (or any entity capable of getting |
future.<h2 id="privacy"><span class="secno">7 </span>Privacy</h2><h3 id="user-tracking"><span class="secno">7.1 </span>User tracking</h3><p>A third-party advertiser (or any entity capable of getting |
| content distributed to multiple sites) could use a unique identifier |
content distributed to multiple sites) could use a unique identifier |
| stored in its |
stored in its |
| client-side database |
client-side databases |
| |
|
| |
|
| to track a user across multiple sessions, building a profile of the |
to track a user across multiple sessions, building a profile of the |
| user's interests to allow for highly targeted advertising. In |
user's interests to allow for highly targeted advertising. In |
|
Line 1099 interface <dfn id="sqltransactionsync">S
|
Line 1120 interface <dfn id="sqltransactionsync">S
|
| <p>User agents may restrict access to |
<p>User agents may restrict access to |
| the database objects |
the database objects |
| |
|
| |
|
| to scripts originating at the domain of the top-level document of |
to scripts originating at the domain of the top-level document of |
| the <span>browsing context</span>, for instance denying access to |
the <span>browsing context</span>, for instance denying access to |
| the API for pages from other domains running in |
the API for pages from other domains running in |
|
Line 1109 interface <dfn id="sqltransactionsync">S
|
Line 1131 interface <dfn id="sqltransactionsync">S
|
| <dt>Expiring stored data</dt> |
<dt>Expiring stored data</dt> |
| <dd> |
<dd> |
| |
|
| <p>User agents may automatically delete stored data after a period |
<p>User agents may, if so configured by the user, automatically |
| of time.</p> |
delete stored data after a period of time.</p> |
| |
|
| |
|
| <p>This can restrict the ability of a site to track a user, as the |
<p>This can restrict the ability of a site to track a user, as the |
|
Line 1118 interface <dfn id="sqltransactionsync">S
|
Line 1140 interface <dfn id="sqltransactionsync">S
|
| sessions when he authenticates with the site itself (e.g. by |
sessions when he authenticates with the site itself (e.g. by |
| making a purchase or logging in to a service).</p> |
making a purchase or logging in to a service).</p> |
| |
|
| <p>However, this also puts the user's data at risk.</p> |
<p>However, this also reduces the usefulness of the API as a |
| |
long-term storage mechanism. It can also put the user's data at |
| |
risk, if the user does not fully understand the implications of |
| |
data expiration.</p> |
| |
|
| <!--v2 consider adding an explicit way for sites to state when |
|
| data should expire, as in localStorage.expireData(365); --> |
|
| |
|
| </dd> |
</dd> |
| |
|
|
Line 1130 interface <dfn id="sqltransactionsync">S
|
Line 1153 interface <dfn id="sqltransactionsync">S
|
| |
|
| <p>If users attempt to protect their privacy by clearing cookies |
<p>If users attempt to protect their privacy by clearing cookies |
| without also clearing data stored in the |
without also clearing data stored in the |
| |
relevant databases, |
| database |
|
| |
|
| |
sites can defeat those attempts by using the two features as |
| feature, sites can defeat those attempts by using the two features |
redundant backup for each other. User agents should present the |
| as redundant backup for each other. User agents should present the |
|
| interfaces for clearing these in a way that helps users to |
interfaces for clearing these in a way that helps users to |
| understand this possibility and enables them to delete data in all |
understand this possibility and enables them to delete data in all |
| persistent storage features simultaneously. <a href="#refsCOOKIES">[COOKIES]</a></p> |
persistent storage features simultaneously. <a href="#refsCOOKIES">[COOKIES]</a></p> |
|
Line 1145 interface <dfn id="sqltransactionsync">S
|
Line 1166 interface <dfn id="sqltransactionsync">S
|
| <dt>Site-specific white-listing of access to |
<dt>Site-specific white-listing of access to |
| databases |
databases |
| |
|
| |
|
| </dt> |
</dt> |
| <dd> |
<dd> |
| |
|
| <p>User agents may require the user to authorize access to |
<p>User agents may require the user to authorize access to |
| databases before a site can use the feature.</p> |
databases before a site can use the feature.</p> |
| |
|
| |
|
| |
|
| </dd> |
</dd> |
| |
|
|
Line 1238 interface <dfn id="sqltransactionsync">S
|
Line 1261 interface <dfn id="sqltransactionsync">S
|
| there is little reason to allow Web authors to control the character |
there is little reason to allow Web authors to control the character |
| encoding used in the disk representation of the data, as all data in |
encoding used in the disk representation of the data, as all data in |
| JavaScript is implicitly UTF-16.<h3 id="sql-injection"><span class="secno">8.5 </span>SQL injection</h3><p>Authors are strongly recommended to make use of the <code title="">?</code> placeholder feature of the <code title="dom-sqltransaction-executeSql"><a href="#dom-sqltransaction-executesql">executeSql()</a></code> method, |
JavaScript is implicitly UTF-16.<h3 id="sql-injection"><span class="secno">8.5 </span>SQL injection</h3><p>Authors are strongly recommended to make use of the <code title="">?</code> placeholder feature of the <code title="dom-sqltransaction-executeSql"><a href="#dom-sqltransaction-executesql">executeSql()</a></code> method, |
| and to never construct SQL statements on the fly.</p><!--START vCard--><!--START vEvent--><h2 class="no-num" id="references">References</h2><!--REFS--><!--END vCard--><!--END vEvent--><p>All references are normative unless marked "Non-normative".</p><!--START vCard--><!--START vEvent--><dl><dt id="refsCOOKIES">[COOKIES]</dt> |
and to never construct SQL statements on the fly.</p><!--START vCard--><!--START vEvent--><h2 class="no-num" id="references">References</h2><!--REFS--><!--END vCard--><!--END vEvent--><p>All references are normative unless marked "Non-normative".</p><!--START vCard--><!--START vEvent--><!-- XXX really should remove dates and version numbers from these references once and for all --><dl><dt id="refsCOOKIES">[COOKIES]</dt> |
| <!-- |
<!-- |
| |
<dd><cite><a href="http://www.ietf.org/rfc/rfc2109.txt">HTTP State |
| |
Management Mechanism</a></cite>, D. Kristol, L. Montulli. IETF, |
| |
February 1997.</dd> |
| <dd><cite><a href="http://www.ietf.org/rfc/rfc2965.txt">HTTP State Management |
<dd><cite><a href="http://www.ietf.org/rfc/rfc2965.txt">HTTP State Management |
| Mechanism</a></cite>, D. Kristol, L. Montulli. IETF, October 2000.</dd> |
Mechanism</a></cite>, D. Kristol, L. Montulli. IETF, October 2000.</dd> |
| --> |
--> |
![[BACK]](/https/dev.w3.org/cvsweb/icons/back.gif){kind=icon}
Return to Overview.html CVS log ![[TXT]](/https/dev.w3.org/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/https/dev.w3.org/cvsweb/icons/dir.gif){kind=icon}
Up to [Public] / html5 / webdatabase