|
version 1.24, 2009/08/31 02:26:50
|
version 1.91, 2010/08/09 23:13:10
|
|
Line 1
|
Line 1
|
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><!-- when publishing, change bits marked ZZZ --><html lang="en-US-x-Hixie"><title>Web Database</title><style type="text/css"> |
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"><html lang="en-US-x-Hixie"><title>Web SQL Database</title><style type="text/css"> |
| pre { margin-left: 2em; white-space: pre-wrap; } |
pre { margin-left: 2em; white-space: pre-wrap; } |
| h2 { margin: 3em 0 1em 0; } |
h2 { margin: 3em 0 1em 0; } |
| h3 { margin: 2.5em 0 1em 0; } |
h3 { margin: 2.5em 0 1em 0; } |
|
Line 24
|
Line 24
|
| @media screen { code { color: orangered; } code :link, code :visited { color: inherit; } } |
@media screen { code { color: orangered; } code :link, code :visited { color: inherit; } } |
| var sub { vertical-align: bottom; font-size: smaller; position: relative; top: 0.1em; } |
var sub { vertical-align: bottom; font-size: smaller; position: relative; top: 0.1em; } |
| table { border-collapse: collapse; border-style: hidden hidden none hidden; } |
table { border-collapse: collapse; border-style: hidden hidden none hidden; } |
| table thead { border-bottom: solid; } |
table thead, table tbody { border-bottom: solid; } |
| table tbody th:first-child { border-left: solid; } |
table tbody th:first-child { border-left: solid; } |
| |
table tbody th { text-align: left; } |
| table td, table th { border-left: solid; border-right: solid; border-bottom: solid thin; vertical-align: top; padding: 0.2em; } |
table td, table th { border-left: solid; border-right: solid; border-bottom: solid thin; vertical-align: top; padding: 0.2em; } |
| blockquote { margin: 0 0 0 2em; border: 0; padding: 0; font-style: italic; } |
blockquote { margin: 0 0 0 2em; border: 0; padding: 0; font-style: italic; } |
| |
|
|
Line 35
|
Line 36
|
| .dice-example { border-collapse: collapse; border-style: hidden solid solid hidden; border-width: thin; margin-left: 3em; } |
.dice-example { border-collapse: collapse; border-style: hidden solid solid hidden; border-width: thin; margin-left: 3em; } |
| .dice-example caption { width: 30em; font-size: smaller; font-style: italic; padding: 0.75em 0; text-align: left; } |
.dice-example caption { width: 30em; font-size: smaller; font-style: italic; padding: 0.75em 0; text-align: left; } |
| .dice-example td, .dice-example th { border: solid thin; width: 1.35em; height: 1.05em; text-align: center; padding: 0; } |
.dice-example td, .dice-example th { border: solid thin; width: 1.35em; height: 1.05em; text-align: center; padding: 0; } |
| .applies th > * { display: block; } |
|
| .applies thead code { display: block; } |
|
| .applies td { text-align: center; } |
|
| .applies .yes { background: yellow; } |
|
| |
|
| .toc dfn, h1 dfn, h2 dfn, h3 dfn, h4 dfn, h5 dfn, h6 dfn { font: inherit; } |
.toc dfn, h1 dfn, h2 dfn, h3 dfn, h4 dfn, h5 dfn, h6 dfn { font: inherit; } |
| img.extra { float: right; } |
img.extra { float: right; } |
|
Line 46
|
Line 43
|
| pre.idl :link, pre.idl :visited { color: inherit; background: transparent; } |
pre.idl :link, pre.idl :visited { color: inherit; background: transparent; } |
| pre.css { border: solid thin; background: #FFFFEE; color: black; padding: 0.5em 1em; } |
pre.css { border: solid thin; background: #FFFFEE; color: black; padding: 0.5em 1em; } |
| pre.css:first-line { color: #AAAA50; } |
pre.css:first-line { color: #AAAA50; } |
| dl.domintro { color: green; margin: 2em 0 2em 2em; padding: 0.5em 1em; border: none; background: #EEFFEE; } |
dl.domintro { color: green; margin: 2em 0 2em 2em; padding: 0.5em 1em; border: none; background: #DDFFDD; } |
| hr + dl.domintro, div.impl + dl.domintro { margin-top: 2.5em; margin-bottom: 1.5em; } |
hr + dl.domintro, div.impl + dl.domintro { margin-top: 2.5em; margin-bottom: 1.5em; } |
| dl.domintro dt, dl.domintro dt * { color: black; text-decoration: none; } |
dl.domintro dt, dl.domintro dt * { color: black; text-decoration: none; } |
| dl.domintro dd { margin: 0.5em 0 1em 2em; padding: 0; } |
dl.domintro dd { margin: 0.5em 0 1em 2em; padding: 0; } |
|
Line 74
|
Line 71
|
| div.head .logo { float: right; margin: 0 1em; } |
div.head .logo { float: right; margin: 0 1em; } |
| div.head .logo img { border: none } /* remove border from top image */ |
div.head .logo img { border: none } /* remove border from top image */ |
| div.head dl { margin: 1em 0; } |
div.head dl { margin: 1em 0; } |
| p.copyright { font-size: x-small; font-style: oblique; margin: 0; } |
div.head p.copyright, div.head p.alt { font-size: x-small; font-style: oblique; margin: 0; } |
| |
|
| body > .toc > li { margin-top: 1em; margin-bottom: 1em; } |
body > .toc > li { margin-top: 1em; margin-bottom: 1em; } |
| body > .toc.brief > li { margin-top: 0.35em; margin-bottom: 0.35em; } |
body > .toc.brief > li { margin-top: 0.35em; margin-bottom: 0.35em; } |
|
Line 144
|
Line 141
|
| .example { display: block; color: #222222; background: #FCFCFC; border-left: double; margin-left: 2em; padding-left: 1em; } |
.example { display: block; color: #222222; background: #FCFCFC; border-left: double; margin-left: 2em; padding-left: 1em; } |
| td > .example:only-child { margin: 0 0 0 0.1em; } |
td > .example:only-child { margin: 0 0 0 0.1em; } |
| |
|
| .tall-and-narrow { |
|
| font-size: 0.6em; |
|
| column-width: 25em; |
|
| column-gap: 1em; |
|
| -moz-column-width: 25em; |
|
| -moz-column-gap: 1em; |
|
| -webkit-column-width: 25em; |
|
| -webkit-column-gap: 1em; |
|
| } |
|
| |
|
| ul.domTree, ul.domTree ul { padding: 0 0 0 1em; margin: 0; } |
ul.domTree, ul.domTree ul { padding: 0 0 0 1em; margin: 0; } |
| ul.domTree li { padding: 0; margin: 0; list-style: none; position: relative; } |
ul.domTree li { padding: 0; margin: 0; list-style: none; position: relative; } |
| ul.domTree li li { list-style: none; } |
ul.domTree li li { list-style: none; } |
|
Line 168
|
Line 155
|
| ul.domTree .t7 code, .domTree .t8 code { color: green; } |
ul.domTree .t7 code, .domTree .t8 code { color: green; } |
| ul.domTree .t10 code { color: teal; } |
ul.domTree .t10 code { color: teal; } |
| |
|
| </style><link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel="stylesheet" type="text/css"><!-- ZZZ ED vs WD --><div class="head"> |
body.dfnEnabled dfn { cursor: pointer; } |
| |
.dfnPanel { |
| |
display: inline; |
| |
position: absolute; |
| |
z-index: 10; |
| |
height: auto; |
| |
width: auto; |
| |
padding: 0.5em 0.75em; |
| |
font: small sans-serif, Droid Sans Fallback; |
| |
background: #DDDDDD; |
| |
color: black; |
| |
border: outset 0.2em; |
| |
} |
| |
.dfnPanel * { margin: 0; padding: 0; font: inherit; text-indent: 0; } |
| |
.dfnPanel :link, .dfnPanel :visited { color: black; } |
| |
.dfnPanel p { font-weight: bolder; } |
| |
.dfnPanel * + p { margin-top: 0.25em; } |
| |
.dfnPanel li { list-style-position: inside; } |
| |
|
| |
#configUI { position: absolute; z-index: 20; top: 10em; right: 1em; width: 11em; font-size: small; } |
| |
#configUI p { margin: 0.5em 0; padding: 0.3em; background: #EEEEEE; color: black; border: inset thin; } |
| |
#configUI p label { display: block; } |
| |
#configUI #updateUI, #configUI .loginUI { text-align: center; } |
| |
#configUI input[type=button] { display: block; margin: auto; } |
| |
|
| |
</style><link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel="stylesheet" type="text/css"><div class="head"> |
| <p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p> |
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p> |
| <h1>Web Database</h1> |
<h1>Web SQL Database</h1> |
| <!--ZZZ:--> |
<h2 class="no-num no-toc" id="editor-s-draft-9-august-2010">Editor's Draft 9 August 2010</h2> |
| <!--<h2 class="no-num no-toc">W3C Working Draft 23 April 2009</h2>--> |
<dl><dt>Latest Published Version:</dt> |
| <h2 class="no-num no-toc" id="editor-s-draft-31-august-2009">Editor's Draft 31 August 2009</h2> |
|
| <!--:ZZZ--> |
|
| <dl><!-- ZZZ: update the month/day (twice), (un)comment out |
|
| <dt>This Version:</dt> |
|
| <dd><a href="http://www.w3.org/TR/2009/WD-webdatabase-20090423/">http://www.w3.org/TR/2009/WD-webdatabase-20090423/</a></dd> |
|
| <dt>Latest Published Version:</dt> |
|
| <dd><a href="http://www.w3.org/TR/webdatabase/">http://www.w3.org/TR/webdatabase/</a></dd> |
<dd><a href="http://www.w3.org/TR/webdatabase/">http://www.w3.org/TR/webdatabase/</a></dd> |
| :ZZZ --><dt>Latest Editor's Draft:</dt> |
<dt>Latest Editor's Draft:</dt> |
| <dd><a href="http://dev.w3.org/html5/webdatabase/">http://dev.w3.org/html5/webdatabase/</a></dd> |
<dd><a class="latest-link" href="http://dev.w3.org/html5/webdatabase/">http://dev.w3.org/html5/webdatabase/</a></dd> |
| <!-- ZZZ: add the new version after it has shipped |
<!-- ZZZ: add the new version after it has shipped--> |
| <dt>Previous Versions:</dt> |
<dt>Previous Versions:</dt> |
| <dd><a href="http://www.w3.org/TR/2009/WD-webdatabase-20090423/">http://www.w3.org/TR/2009/WD-webdatabase-20090423/</a> |
<dd><a href="http://www.w3.org/TR/2009/WD-webstorage-20090423/">http://www.w3.org/TR/2009/WD-webstorage-20090423/</a> <!-- yes, storage, not db --> |
| :ZZZ --> |
<dd><a href="http://www.w3.org/TR/2009/WD-webdatabase-20091029/">http://www.w3.org/TR/2009/WD-webdatabase-20091029/</a></dd> |
| |
<!-- :ZZZ --> |
| <dt>Editors:</dt> |
<dt>Editors:</dt> |
| <dd><a href="mailto:ian@hixie.ch">Ian Hickson</a>, Google, Inc.</dd> |
<dd><a href="mailto:ian@hixie.ch">Ian Hickson</a>, Google, Inc.</dd> |
| </dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> |
</dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> |
| © 2009 <a href="http://www.w3.org/"><abbr title="World Wide |
© 2010 <a href="http://www.w3.org/"><abbr title="World Wide |
| Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts |
Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts |
| Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research |
Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research |
| Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C |
Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C |
|
Line 197
|
Line 204
|
| <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> |
<a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> |
| and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document |
and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document |
| use</a> rules apply.</p> |
use</a> rules apply.</p> |
| |
|
| |
|
| </div><hr class="top"><h2 class="no-num no-toc" id="abstract">Abstract</h2><p>This specification defines an API for storing data in databases |
</div><hr class="top"><h2 class="no-num no-toc" id="abstract">Abstract</h2><p>This specification defines an API for storing data in databases |
| that can be queried using a variant of SQL.<h2 class="no-num no-toc" id="status-of-this-document">Status of this document</h2><!-- intro boilerplate (required) --><p><em>This section describes the status of this document at the |
that can be queried using a variant of SQL.<h2 class="no-num no-toc" id="status-of-this-document">Status of This document</h2><!-- intro boilerplate (required) --><p><em>This section describes the status of this document at the |
| time of its publication. Other documents may supersede this |
time of its publication. Other documents may supersede this |
| document. A list of current W3C publications and the most recently |
document. A list of current W3C publications and the most recently |
| formally published revision of this technical report can be found in |
formally published revision of this technical report can be found in |
|
Line 213
|
Line 222
|
| <a href="http://lists.whatwg.org/pipermail/whatwg-whatwg.org/">archives</a>), |
<a href="http://lists.whatwg.org/pipermail/whatwg-whatwg.org/">archives</a>), |
| <!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING SENTENCE TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --> |
<!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING SENTENCE TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --> |
| |
|
| or submit them using <a href="http://www.w3.org/Bugs/Public/enter_bug.cgi?product=WebAppsWG&component=Web%20Storage">our |
or submit them using <a href="http://www.w3.org/Bugs/Public/enter_bug.cgi?assigned_to=ian%40hixie.ch&blocked=&bug_file_loc=http%3A%2F%2F&bug_severity=normal&bug_status=NEW&comment=&component=Web%20Database%20%28editor%3A%20Ian%20Hickson%29&contenttypeentry=&contenttypemethod=autodetect&contenttypeselection=text%2Fplain&data=&dependson=&description=&form_name=enter_bug&keywords=&maketemplate=Remember%20values%20as%20bookmarkable%20template&op_sys=All&priority=P5&product=WebAppsWG&qa_contact=member-webapi-cvs%40w3.org&rep_platform=All&short_desc=&target_milestone=---&version=unspecified">our |
| public bug database</a>. |
public bug database</a>. |
| |
|
| All feedback is welcome.</p><!-- stability (required) --><p>Implementors should be aware that this specification is not |
All feedback is welcome.</p><!-- stability (required) --><p>Implementors should be aware that this specification is not |
|
Line 222
|
Line 231
|
| under them in incompatible ways.</strong> Vendors interested in |
under them in incompatible ways.</strong> Vendors interested in |
| implementing this specification before it eventually reaches the |
implementing this specification before it eventually reaches the |
| Candidate Recommendation stage should join the aforementioned |
Candidate Recommendation stage should join the aforementioned |
| mailing lists and take part in the discussions.</p><!-- version history or list of changes (required) --><p>The latest stable version of the editor's draft of this |
mailing lists and take part in the discussions.<p class="XXX">This specification has reached an impasse: all |
| |
interested implementors have used the same SQL backend (Sqlite), but |
| |
we need multiple independent implementations to proceed along a |
| |
standardisation path. Until another implementor is interested in |
| |
implementing this spec, the description of the SQL dialect has been |
| |
left as simply a reference to Sqlite, which isn't acceptable for a |
| |
standard. Should you be an implementor interested in implementing an |
| |
independent SQL backend, please contact the editor so that he can |
| |
write a specification for the dialect, thus allowing this |
| |
specification to move forward.</p><!-- version history or list of changes (required) --><p>The latest stable version of the editor's draft of this |
| specification is always available on <a href="http://dev.w3.org/html5/webdatabase/Overview.html">the W3C CVS |
specification is always available on <a href="http://dev.w3.org/html5/webdatabase/Overview.html">the W3C CVS |
| server</a>. Change tracking for this document is available at the |
server</a>. Change tracking for this document is available at the |
| following location:<ul><li>CVS log: <a href="http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html">http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html</a></li> |
following location:<ul><li>CVS log: <a href="http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html">http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html</a></li> |
|
Line 235
|
Line 253
|
| <li>Interactive Web interface: <a href="http://html5.org/tools/web-apps-tracker">http://html5.org/tools/web-apps-tracker</a></li> |
<li>Interactive Web interface: <a href="http://html5.org/tools/web-apps-tracker">http://html5.org/tools/web-apps-tracker</a></li> |
| <li>Commit-Watchers mailing list: <a href="http://lists.whatwg.org/listinfo.cgi/commit-watchers-whatwg.org">http://lists.whatwg.org/listinfo.cgi/commit-watchers-whatwg.org</a></li> |
<li>Commit-Watchers mailing list: <a href="http://lists.whatwg.org/listinfo.cgi/commit-watchers-whatwg.org">http://lists.whatwg.org/listinfo.cgi/commit-watchers-whatwg.org</a></li> |
| <li>Subversion interface: <a href="http://svn.whatwg.org/webapps/">http://svn.whatwg.org/webapps/</a></li> |
<li>Subversion interface: <a href="http://svn.whatwg.org/webapps/">http://svn.whatwg.org/webapps/</a></li> |
| </ul><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING LIST TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- status of document, group responsible (required) --><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Apps |
</ul><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING LIST TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- status of document, group responsible (required) --><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Applications |
| Working Group</a> is the W3C working group responsible for this |
Working Group</a> is the W3C working group responsible for this |
| specification's progress along the W3C Recommendation track. |
specification's progress along the W3C Recommendation track. |
| <!--ZZZ:--> |
This specification is the 9 August 2010 Editor's Draft. |
| <!--This specification is the 23 April 2009 Working Draft.--> |
|
| This specification is the 31 August 2009 Editor's Draft. |
|
| <!--:ZZZ--> |
|
| </p><!-- required patent boilerplate --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 |
</p><!-- required patent boilerplate --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 |
| February 2004 W3C Patent Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of |
February 2004 W3C Patent Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of |
| any patent disclosures</a> made in connection with the deliverables |
any patent disclosures</a> made in connection with the deliverables |
|
Line 249
|
Line 264
|
| patent. An individual who has actual knowledge of a patent which the |
patent. An individual who has actual knowledge of a patent which the |
| individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential |
individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential |
| Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section |
Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section |
| 6 of the W3C Patent Policy</a>.<h2 class="no-num no-toc" id="contents">Table of contents</h2> |
6 of the W3C Patent Policy</a>.<h2 class="no-num no-toc" id="contents">Table of Contents</h2> |
| <!--begin-toc--> |
<!--begin-toc--> |
| <ol class="toc"> |
<ol class="toc"> |
| <li><a href="#introduction"><span class="secno">1 </span>Introduction</a></li> |
<li><a href="#introduction"><span class="secno">1 </span>Introduction</a></li> |
|
Line 275
|
Line 290
|
| <li><a href="#privacy"><span class="secno">7 </span>Privacy</a> |
<li><a href="#privacy"><span class="secno">7 </span>Privacy</a> |
| <ol> |
<ol> |
| <li><a href="#user-tracking"><span class="secno">7.1 </span>User tracking</a></li> |
<li><a href="#user-tracking"><span class="secno">7.1 </span>User tracking</a></li> |
| <li><a href="#cookie-resurrection"><span class="secno">7.2 </span>Cookie resurrection</a></li> |
<li><a href="#sensitivity-of-data"><span class="secno">7.2 </span>Sensitivity of data</a></ol></li> |
| <li><a href="#sensitivity-of-data"><span class="secno">7.3 </span>Sensitivity of data</a></ol></li> |
<li><a href="#security-storage"><span class="secno">8 </span>Security</a> |
| <li><a href="#security"><span class="secno">8 </span>Security</a> |
|
| <ol> |
<ol> |
| <li><a href="#dns-spoofing-attacks"><span class="secno">8.1 </span>DNS spoofing attacks</a></li> |
<li><a href="#dns-spoofing-attacks"><span class="secno">8.1 </span>DNS spoofing attacks</a></li> |
| <li><a href="#cross-directory-attacks"><span class="secno">8.2 </span>Cross-directory attacks</a></li> |
<li><a href="#cross-directory-attacks"><span class="secno">8.2 </span>Cross-directory attacks</a></li> |
|
Line 362 prepareDatabase(function(db) {
|
Line 376 prepareDatabase(function(db) {
|
| agents.<p>User agents may impose implementation-specific limits on |
agents.<p>User agents may impose implementation-specific limits on |
| otherwise unconstrained inputs, e.g. to prevent denial of service |
otherwise unconstrained inputs, e.g. to prevent denial of service |
| attacks, to guard against running out of memory, or to work around |
attacks, to guard against running out of memory, or to work around |
| platform-specific limitations.<h3 id="dependencies"><span class="secno">2.1 </span>Dependencies</h3><p>This specification relies on several other underlying |
platform-specific limitations.<p>When support for a feature is disabled (e.g. as an emergency |
| specifications.<dl><dt>HTML5</dt> |
measure to mitigate a security problem, or to aid in development, or |
| |
for performance reasons), user agents must act as if they had no |
| |
support for the feature whatsoever, and as if the feature was not |
| |
mentioned in this specification. For example, if a particular |
| |
feature is accessed via an attribute in a Web IDL interface, the |
| |
attribute itself would be omitted from the objects that implement |
| |
that interface — leaving the attribute on the object but |
| |
making it return null or throw an exception is insufficient.<h3 id="dependencies"><span class="secno">2.1 </span>Dependencies</h3><p>This specification relies on several other underlying |
| |
specifications.<dl><dt>HTML</dt> |
| |
|
| <dd> |
<dd> |
| |
|
| <p>Many fundamental concepts from HTML5 are used by this |
<p>Many fundamental concepts from HTML are used by this |
| specification. <a href="#refsHTML5">[HTML5]</a></p> |
specification. <a href="#refsHTML">[HTML]</a></p> |
| |
|
| </dd> |
</dd> |
| |
|
|
Line 388 prepareDatabase(function(db) {
|
Line 410 prepareDatabase(function(db) {
|
| scripts in Web applications, and does not necessarily imply the |
scripts in Web applications, and does not necessarily imply the |
| existence of an actual <code>Document</code> object or of any other |
existence of an actual <code>Document</code> object or of any other |
| <code>Node</code> objects as defined in the DOM Core |
<code>Node</code> objects as defined in the DOM Core |
| specifications. <a href="#refsDOMCORE">[DOMCORE]</a><p>A DOM attribute is said to be <em>getting</em> when its value is |
specifications. <a href="#refsDOMCORE">[DOMCORE]</a><p>An IDL attribute is said to be <em>getting</em> when its value is |
| being retrieved (e.g. by author script), and is said to be |
being retrieved (e.g. by author script), and is said to be |
| <em>setting</em> when a new value is assigned to it.<p>The term "JavaScript" is used to refer to ECMA262, rather than |
<em>setting</em> when a new value is assigned to it.<p>The term "JavaScript" is used to refer to ECMA262, rather than |
| the official term ECMAScript, since the term JavaScript is more |
the official term ECMAScript, since the term JavaScript is more |
|
Line 451 interface <dfn id="databasecallback">Dat
|
Line 473 interface <dfn id="databasecallback">Dat
|
| |
|
| </li> |
</li> |
| |
|
| |
<li><p>If <var title="">origin</var> is not a scheme/host/port |
| |
tuple, then throw a <code>SECURITY_ERR</code> exception and abort |
| |
these steps.</li> |
| |
|
| <li><p>If the database version provided is not the empty string, |
<li><p>If the database version provided is not the empty string, |
| and there is already a database with the given name from the origin |
and there is already a database with the given name from the origin |
| <var title="">origin</var>, but the database has a different |
<var title="">origin</var>, but the database has a different |
|
Line 461 interface <dfn id="databasecallback">Dat
|
Line 487 interface <dfn id="databasecallback">Dat
|
| <li> |
<li> |
| |
|
| <p>If no database with the given name from the origin <var title="">origin</var> exists, then create the database and let |
<p>If no database with the given name from the origin <var title="">origin</var> exists, then create the database and let |
| <var title="">created</var> be true. Otherwise, let <var title="">created</var> be false.</p> |
<var title="">created</var> be true. If a callback was passed to |
| |
the method, then set the new database's version to the empty |
| |
string. Otherwise, set the new database's version to the given |
| |
database version.</p> |
| |
|
| <p>If a callback was passed to the method, then let the database's |
<p>Otherwise, if a database with the given name already exists, |
| version be the empty string. Otherwise, let its version be the |
let <var title="">created</var> be false.</p> |
| given database version</p> |
|
| |
|
| </li> |
</li> |
| |
|
|
Line 521 interface <dfn id="databasecallback">Dat
|
Line 549 interface <dfn id="databasecallback">Dat
|
| instead of the user agent prompting the user for permission to |
instead of the user agent prompting the user for permission to |
| increase the quota every five megabytes.<h3 id="parsing-and-processing-sql-statements"><span class="secno">4.2 </span>Parsing and processing SQL statements</h3><p>When the user agent is to <dfn id="preprocess-the-sql-statement" title="preprocess the SQL |
increase the quota every five megabytes.<h3 id="parsing-and-processing-sql-statements"><span class="secno">4.2 </span>Parsing and processing SQL statements</h3><p>When the user agent is to <dfn id="preprocess-the-sql-statement" title="preprocess the SQL |
| statement">preprocess a SQL statement</dfn> <var title="">sqlStatement</var> with an array of arguments <var title="">arguments</var>, it must run the following steps:<ol><li><p>Parse <var title="">sqlStatement</var> as a SQL statement, |
statement">preprocess a SQL statement</dfn> <var title="">sqlStatement</var> with an array of arguments <var title="">arguments</var>, it must run the following steps:<ol><li><p>Parse <var title="">sqlStatement</var> as a SQL statement, |
| with the exception that U+003F QUESTION MARK (?) characters can be |
with the exception that U+003F QUESTION MARK characters (?) can be |
| used in place of SQL literals in the statement. <a href="#refsSQL">[SQL]</a></li> |
used in place of SQL literals in the statement. <a href="#refsSQL">[SQL]</a></li> |
| |
|
| <li> |
<li> |
| |
|
| <p>Replace each <code title="">?</code> placeholder with the value |
<p>Bind each <code title="">?</code> placeholder with the value of |
| of the argument in the <var title="">arguments</var> array with |
the argument in the <var title="">arguments</var> array with the |
| the same position. (So the first <code title="">?</code> |
same position. (So the first <code title="">?</code> placeholder |
| placeholder gets replaced by the first value in the <var title="">arguments</var> array, and generally the <var title="">n</var>th <code title="">?</code> placeholder gets |
gets bound to the first value in the <var title="">arguments</var> |
| replaced by the <var title="">n</var>th value in the <var title="">arguments</var> array.)</p> |
array, and generally the <var title="">n</var>th <code title="">?</code> placeholder gets bound to the <var title="">n</var>th value in the <var title="">arguments</var> |
| |
array.)</p> |
| <p class="note">Substitutions for <code title="">?</code> |
|
| placeholders are done at the literal level, not as string |
<p class="note">Binding the <code title="">?</code> placeholders |
| concatenations, so this provides a way to dynamically insert |
is done at the literal level, not as string concatenations, so |
| parameters into a statement without risk of a SQL injection |
this provides a way to dynamically insert parameters into a |
| attack.</p> |
statement without risk of a SQL injection attack.</p> |
| |
|
| <p>The result is <var title="">the statement</var>.</p> |
<p>The result is <var title="">the statement</var>.</p> |
| |
|
|
Line 592 interface <dfn id="databasecallback">Dat
|
Line 620 interface <dfn id="databasecallback">Dat
|
| example, attempts to read from or write to the file system will |
example, attempts to read from or write to the file system will |
| fail.<p class="note">A future version of this specification will probably |
fail.<p class="note">A future version of this specification will probably |
| define the exact SQL subset required in more detail.<h3 id="asynchronous-database-api"><span class="secno">4.3 </span>Asynchronous database API</h3><pre class="idl">interface <dfn id="database">Database</dfn> { |
define the exact SQL subset required in more detail.<h3 id="asynchronous-database-api"><span class="secno">4.3 </span>Asynchronous database API</h3><pre class="idl">interface <dfn id="database">Database</dfn> { |
| void <a href="#dom-database-transaction" title="dom-database-transaction">transaction</a>(in <a href="#sqltransactioncallback">SQLTransactionCallback</a> callback, optional in <a href="#sqltransactionerrorcallback">SQLTransactionErrorCallback</a> errorCallback, optional in <a href="#sqlvoidcallback">SQLVoidCallback</a> successCallback); |
void <a href="#dom-database-transaction" title="dom-database-transaction">transaction</a>(in <a href="#sqltransactioncallback">SQLTransactionCallback</a> callback, in optional <a href="#sqltransactionerrorcallback">SQLTransactionErrorCallback</a> errorCallback, in optional <a href="#sqlvoidcallback">SQLVoidCallback</a> successCallback); |
| void <a href="#dom-database-readtransaction" title="dom-database-readTransaction">readTransaction</a>(in <a href="#sqltransactioncallback">SQLTransactionCallback</a> callback, optional in <a href="#sqltransactionerrorcallback">SQLTransactionErrorCallback</a> errorCallback, optional in <a href="#sqlvoidcallback">SQLVoidCallback</a> successCallback); |
void <a href="#dom-database-readtransaction" title="dom-database-readTransaction">readTransaction</a>(in <a href="#sqltransactioncallback">SQLTransactionCallback</a> callback, in optional <a href="#sqltransactionerrorcallback">SQLTransactionErrorCallback</a> errorCallback, in optional <a href="#sqlvoidcallback">SQLVoidCallback</a> successCallback); |
| |
|
| readonly attribute DOMString <a href="#dom-database-version" title="dom-database-version">version</a>; |
readonly attribute DOMString <a href="#dom-database-version" title="dom-database-version">version</a>; |
| void <a href="#dom-database-changeversion" title="dom-database-changeVersion">changeVersion</a>(in DOMString oldVersion, in DOMString newVersion, in <a href="#sqltransactioncallback">SQLTransactionCallback</a> callback, in <a href="#sqltransactionerrorcallback">SQLTransactionErrorCallback</a> errorCallback, in optional <a href="#sqlvoidcallback">SQLVoidCallback</a> successCallback); |
void <a href="#dom-database-changeversion" title="dom-database-changeVersion">changeVersion</a>(in DOMString oldVersion, in DOMString newVersion, in optional <a href="#sqltransactioncallback">SQLTransactionCallback</a> callback, in optional <a href="#sqltransactionerrorcallback">SQLTransactionErrorCallback</a> errorCallback, in optional <a href="#sqlvoidcallback">SQLVoidCallback</a> successCallback); |
| }; |
}; |
| |
|
| [Callback=FunctionOnly, NoInterfaceObject] |
[Callback=FunctionOnly, NoInterfaceObject] |
|
Line 645 interface <dfn id="sqltransactionerrorca
|
Line 673 interface <dfn id="sqltransactionerrorca
|
| the value of the second argument to the <code title="dom-database-changeVersion"><a href="#dom-database-changeversion">changeVersion()</a></code> |
the value of the second argument to the <code title="dom-database-changeVersion"><a href="#dom-database-changeversion">changeVersion()</a></code> |
| method.</li> |
method.</li> |
| |
|
| </ol><p>...and the <i>mode</i> being read/write.<h4 id="executing-sql-statements"><span class="secno">4.3.1 </span>Executing SQL statements</h4><p>The <code title="dom-database-transaction"><a href="#dom-database-transaction">transaction()</a></code>, |
</ol><p>...and the <i>mode</i> being read/write.<p>If any of the optional arguments are omitted, then they must be |
| |
treated as if they were null.<h4 id="executing-sql-statements"><span class="secno">4.3.1 </span>Executing SQL statements</h4><p>The <code title="dom-database-transaction"><a href="#dom-database-transaction">transaction()</a></code>, |
| <code title="dom-database-readTransaction"><a href="#dom-database-readtransaction">readTransaction()</a></code>, |
<code title="dom-database-readTransaction"><a href="#dom-database-readtransaction">readTransaction()</a></code>, |
| and <code title="dom-database-changeVersion"><a href="#dom-database-changeversion">changeVersion()</a></code> |
and <code title="dom-database-changeVersion"><a href="#dom-database-changeversion">changeVersion()</a></code> |
| methods invoke callbacks with <code><a href="#sqltransaction">SQLTransaction</a></code> |
methods invoke callbacks with <code><a href="#sqltransaction">SQLTransaction</a></code> |
| objects.<pre class="idl">typedef sequence<any> <dfn id="objectarray">ObjectArray</dfn>; |
objects.<pre class="idl">typedef sequence<any> <dfn id="objectarray">ObjectArray</dfn>; |
| |
|
| interface <dfn id="sqltransaction">SQLTransaction</dfn> { |
interface <dfn id="sqltransaction">SQLTransaction</dfn> { |
| void <a href="#dom-sqltransaction-executesql" title="dom-sqltransaction-executeSql">executeSql</a>(in DOMString sqlStatement, optional in <a href="#objectarray">ObjectArray</a> arguments, optional in <a href="#sqlstatementcallback">SQLStatementCallback</a> callback, optional in <a href="#sqlstatementerrorcallback">SQLStatementErrorCallback</a> errorCallback); |
void <a href="#dom-sqltransaction-executesql" title="dom-sqltransaction-executeSql">executeSql</a>(in DOMString sqlStatement, in optional <a href="#objectarray">ObjectArray</a> arguments, in optional <a href="#sqlstatementcallback">SQLStatementCallback</a> callback, in optional <a href="#sqlstatementerrorcallback">SQLStatementErrorCallback</a> errorCallback); |
| }; |
}; |
| |
|
| [Callback=FunctionOnly, NoInterfaceObject] |
[Callback=FunctionOnly, NoInterfaceObject] |
|
Line 715 interface <dfn id="sqlstatementerrorcall
|
Line 744 interface <dfn id="sqlstatementerrorcall
|
| to the last step. (This is basically a hook for the <code title="dom-database-changeVersion"><a href="#dom-database-changeversion">changeVersion()</a></code> |
to the last step. (This is basically a hook for the <code title="dom-database-changeVersion"><a href="#dom-database-changeversion">changeVersion()</a></code> |
| method.)</li> |
method.)</li> |
| |
|
| <li><p><span>Queue a task</span> to invoke the <i>transaction |
<li><p>If the <i>transaction callback</i> is not null, <span>queue |
| callback</i> with the aforementioned <code><a href="#sqltransaction">SQLTransaction</a></code> |
a task</span> to invoke the <i>transaction callback</i> with the |
| object as its only argument, and wait for that task to be |
aforementioned <code><a href="#sqltransaction">SQLTransaction</a></code> object as its only |
| run.</li> |
argument, and wait for that task to be run.</li> |
| |
|
| <li><p>If the callback couldn't be called (e.g. it was null), or if |
<li><p>If the callback raised an exception, jump to the last |
| the callback was invoked and raised an exception, jump to the last |
|
| step.</li> |
step.</li> |
| <!-- |
|
| <li><p>If the callback could be called and returned false, let |
|
| <i>callback-canceled</i> be true. Otherwise, let it be |
|
| false.</p></li> |
|
| --> |
|
| <li><p>While there are any statements queued up in the transaction, |
<li><p>While there are any statements queued up in the transaction, |
| perform the following steps for each queued up statement in the |
perform the following steps for each queued up statement in the |
| transaction, oldest first. Each statement has a statement, |
transaction, oldest first. Each statement has a statement, |
|
Line 746 interface <dfn id="sqlstatementerrorcall
|
Line 770 interface <dfn id="sqlstatementerrorcall
|
| <li><p>Create a <code><a href="#sqlresultset">SQLResultSet</a></code> object that represents |
<li><p>Create a <code><a href="#sqlresultset">SQLResultSet</a></code> object that represents |
| the result of the statement.</li> |
the result of the statement.</li> |
| |
|
| <li><p>If the statement has a result set callback, <span>queue a |
<li><p>If the statement has a result set callback that is not |
| task</span> to invoke it with the <code><a href="#sqltransaction">SQLTransaction</a></code> |
null, <span>queue a task</span> to invoke it with the |
| object as its first argument and the new |
<code><a href="#sqltransaction">SQLTransaction</a></code> object as its first argument and the |
| <code><a href="#sqlresultset">SQLResultSet</a></code> object as its second argument, and wait |
new <code><a href="#sqlresultset">SQLResultSet</a></code> object as its second argument, and |
| for that task to be run.</li> |
wait for that task to be run.</li> |
| |
|
| <li><p>If the callback was invoked and raised an exception, jump |
<li><p>If the callback was invoked and raised an exception, jump |
| to the last step in the overall steps.</li> |
to the last step in the overall steps.</li> |
|
Line 762 interface <dfn id="sqlstatementerrorcall
|
Line 786 interface <dfn id="sqlstatementerrorcall
|
| say to jump to the "in case of error" steps), run the following |
say to jump to the "in case of error" steps), run the following |
| substeps:</p> |
substeps:</p> |
| |
|
| <ol><li><p>If the statement had an associated error callback, then |
<ol><li><p>If the statement had an associated error callback that is |
| <span>queue a task</span> to invoke that error callback with the |
not null, then <span>queue a task</span> to invoke that error |
| <code><a href="#sqltransaction">SQLTransaction</a></code> object and a newly constructed |
callback with the <code><a href="#sqltransaction">SQLTransaction</a></code> object and a newly |
| <code><a href="#sqlerror">SQLError</a></code> object that represents the error that |
constructed <code><a href="#sqlerror">SQLError</a></code> object that represents the |
| caused these substeps to be run as the two arguments, |
error that caused these substeps to be run as the two arguments, |
| respectively, and wait for the task to be run.</li> |
respectively, and wait for the task to be run.</li> |
| |
|
| <li><p>If the error callback returns false, then move on to the |
<li><p>If the error callback returns false, then move on to the |
|
Line 783 interface <dfn id="sqlstatementerrorcall
|
Line 807 interface <dfn id="sqlstatementerrorcall
|
| |
|
| <p>If a <i>postflight operation</i> was defined for this instance |
<p>If a <i>postflight operation</i> was defined for this instance |
| of the transaction steps, then: as one atomic operation, commit |
of the transaction steps, then: as one atomic operation, commit |
| the transaction and run the <i>postflight operation</i>. If either |
the transaction and, if that succeeds, run the <i>postflight |
| fails, then do neither, and instead jump to the last step. (This |
operation</i>. If the commit fails, then instead jump to the last |
| is basically a hook for the <code title="dom-database-changeVersion"><a href="#dom-database-changeversion">changeVersion()</a></code> |
step. (This is basically a hook for the <code title="dom-database-changeVersion"><a href="#dom-database-changeversion">changeVersion()</a></code> |
| method.)</p> |
method.)</p> |
| |
|
| <p>Otherwise: commit the transaction and run the <i>postflight |
<p>Otherwise: commit the transaction. If an error occurred in the |
| operation</i>. If an error occurred in the committing of the |
committing of the transaction, jump to the last step.</p> |
| transaction, jump to the last step.</p> |
|
| |
|
| </li> |
</li> |
| |
|
| <li><p><span>Queue a task</span> to invoke the <i>success |
<li><p><span>Queue a task</span> to invoke the <i>success |
| callback</i>.</li> |
callback</i>, if it is not null.</li> |
| |
|
| <li><p>End these steps. The next step is only used when something |
<li><p>End these steps. The next step is only used when something |
| goes wrong.</li> |
goes wrong.</li> |
| |
|
| <li><p><span>Queue a task</span> to invoke the <i>error |
<li><p><span>Queue a task</span> to invoke the transaction's |
| callback</i> with a newly constructed <code><a href="#sqlerror">SQLError</a></code> object |
<i>error callback</i>, if it is not null, with a newly constructed |
| that represents the last error to have occurred in this |
<code><a href="#sqlerror">SQLError</a></code> object that represents the last error to have |
| transaction. Rollback the transaction. Any still-pending statements |
occurred in this transaction. Rollback the transaction. Any |
| in the transaction are discarded.</li> |
still-pending statements in the transaction are discarded.</li> |
| |
|
| </ol><p>The <span>task source</span> for these tasks is the <dfn id="database-access-task-source">database |
</ol><p>The <span>task source</span> for these <span title="concept-task">tasks</span> is the <dfn id="database-access-task-source">database access task |
| access task source</dfn>.<h3 id="synchronous-database-api"><span class="secno">4.4 </span>Synchronous database API</h3><pre class="idl">interface <dfn id="databasesync">DatabaseSync</dfn> { |
source</dfn>.<h3 id="synchronous-database-api"><span class="secno">4.4 </span>Synchronous database API</h3><pre class="idl">interface <dfn id="databasesync">DatabaseSync</dfn> { |
| void <a href="#dom-database-sync-transaction" title="dom-database-sync-transaction">transaction</a>(in <a href="#sqltransactionsynccallback">SQLTransactionSyncCallback</a> callback); |
void <a href="#dom-database-sync-transaction" title="dom-database-sync-transaction">transaction</a>(in <a href="#sqltransactionsynccallback">SQLTransactionSyncCallback</a> callback); |
| void <a href="#dom-database-sync-readtransaction" title="dom-database-sync-readTransaction">readTransaction</a>(in <a href="#sqltransactionsynccallback">SQLTransactionSyncCallback</a> callback); |
void <a href="#dom-database-sync-readtransaction" title="dom-database-sync-readTransaction">readTransaction</a>(in <a href="#sqltransactionsynccallback">SQLTransactionSyncCallback</a> callback); |
| |
|
| readonly attribute DOMString <a href="#dom-database-sync-version" title="dom-database-sync-version">version</a>; |
readonly attribute DOMString <a href="#dom-database-sync-version" title="dom-database-sync-version">version</a>; |
| void <a href="#dom-database-sync-changeversion" title="dom-database-sync-changeVersion">changeVersion</a>(in DOMString oldVersion, in DOMString newVersion, in <a href="#sqltransactionsynccallback">SQLTransactionSyncCallback</a> callback); |
void <a href="#dom-database-sync-changeversion" title="dom-database-sync-changeVersion">changeVersion</a>(in DOMString oldVersion, in DOMString newVersion, in optional <a href="#sqltransactionsynccallback">SQLTransactionSyncCallback</a> callback); |
| }; |
}; |
| |
|
| [Callback=FunctionOnly, NoInterfaceObject] |
[Callback=FunctionOnly, NoInterfaceObject] |
|
Line 866 interface <dfn id="sqltransactionsynccal
|
Line 889 interface <dfn id="sqltransactionsynccal
|
| these steps. (<a href="#dom-sqlerror-code-2" title="dom-sqlerror-code-2">Error code |
these steps. (<a href="#dom-sqlerror-code-2" title="dom-sqlerror-code-2">Error code |
| 2</a>.)</li> |
2</a>.)</li> |
| |
|
| <li><p>If the third argument is null, rollback the transaction, |
<li><p>If the third argument is not null, invoke the callback given |
| throw a <code><a href="#sqlexception">SQLException</a></code> exception, and abort these steps. |
by the third argument, passing it the <var title="">transaction</var> object as its only argument.</li> |
| (<a href="#dom-sqlerror-code-0" title="dom-sqlerror-code-0">Error code |
|
| 0</a>.)</li> |
|
| |
|
| <li><p>Invoke the callback given by the third argument, passing it |
|
| the <var title="">transaction</var> object as its only |
|
| argument.</li> |
|
| |
|
| <li><p>Mark the <code><a href="#sqltransactionsync">SQLTransactionSync</a></code> object as <i title="">stale</i>.</p> |
<li><p>Mark the <code><a href="#sqltransactionsync">SQLTransactionSync</a></code> object as <i title="">stale</i>.</p> |
| |
|
|
Line 916 interface <dfn id="sqltransactionsynccal
|
Line 933 interface <dfn id="sqltransactionsynccal
|
| |
|
| </ol><h4 id="executing-sql-statements-0"><span class="secno">4.4.1 </span>Executing SQL statements</h4><p>The <code title="dom-database-sync-transaction"><a href="#dom-database-sync-transaction">transaction()</a></code>, <code title="dom-database-sync-readTransaction"><a href="#dom-database-sync-readtransaction">readTransaction()</a></code>, |
</ol><h4 id="executing-sql-statements-0"><span class="secno">4.4.1 </span>Executing SQL statements</h4><p>The <code title="dom-database-sync-transaction"><a href="#dom-database-sync-transaction">transaction()</a></code>, <code title="dom-database-sync-readTransaction"><a href="#dom-database-sync-readtransaction">readTransaction()</a></code>, |
| and <code title="dom-database-sync-changeVersion"><a href="#dom-database-sync-changeversion">changeVersion()</a></code> |
and <code title="dom-database-sync-changeVersion"><a href="#dom-database-sync-changeversion">changeVersion()</a></code> |
| methods return <code><a href="#sqltransactionsync">SQLTransactionSync</a></code> objects.<pre class="idl">// typedef sequence<any> <a href="#objectarray">ObjectArray</a>; |
methods invoke callbacks that are passed |
| |
<code><a href="#sqltransactionsync">SQLTransactionSync</a></code> objects.<pre class="idl">// typedef sequence<any> <a href="#objectarray">ObjectArray</a>; |
| |
|
| interface <dfn id="sqltransactionsync">SQLTransactionSync</dfn> { |
interface <dfn id="sqltransactionsync">SQLTransactionSync</dfn> { |
| <a href="#sqlresultset">SQLResultSet</a> <a href="#dom-sqltransaction-sync-executesql" title="dom-sqltransaction-sync-executeSql">executeSql</a>(in DOMString sqlStatement, optional in <a href="#objectarray">ObjectArray</a> arguments); |
<a href="#sqlresultset">SQLResultSet</a> <a href="#dom-sqltransaction-sync-executesql" title="dom-sqltransaction-sync-executeSql">executeSql</a>(in DOMString sqlStatement, in optional <a href="#objectarray">ObjectArray</a> arguments); |
| };</pre><p>A <code><a href="#sqltransactionsync">SQLTransactionSync</a></code> object is initially <i title="">fresh</i>, but it will be marked as <i title="">stale</i> |
};</pre><p>A <code><a href="#sqltransactionsync">SQLTransactionSync</a></code> object is initially <i title="">fresh</i>, but it will be marked as <i title="">stale</i> |
| once it has been committed or rolled back.<p>When the <dfn id="dom-sqltransaction-sync-executesql" title="dom-sqltransaction-sync-executeSql"><code>executeSql(<var title="">sqlStatement</var>, <var title="">arguments</var>)</code></dfn> method is invoked, the user |
once it has been committed or rolled back.<p>When the <dfn id="dom-sqltransaction-sync-executesql" title="dom-sqltransaction-sync-executeSql"><code>executeSql(<var title="">sqlStatement</var>, <var title="">arguments</var>)</code></dfn> method is invoked, the user |
| agent must run the following algorithm:<ol><li><p>If the <code><a href="#sqltransactionsync">SQLTransactionSync</a></code> object is <i title="">stale</i>, then throw an <code>INVALID_STATE_ERR</code> |
agent must run the following algorithm:<ol><li><p>If the <code><a href="#sqltransactionsync">SQLTransactionSync</a></code> object is <i title="">stale</i>, then throw an <code>INVALID_STATE_ERR</code> |
|
Line 970 interface <dfn id="sqltransactionsync">S
|
Line 988 interface <dfn id="sqltransactionsync">S
|
| zero (querying the database doesn't affect any rows).<p>The <dfn id="dom-sqlresultset-rows" title="dom-SQLResultSet-rows"><code>rows</code></dfn> |
zero (querying the database doesn't affect any rows).<p>The <dfn id="dom-sqlresultset-rows" title="dom-SQLResultSet-rows"><code>rows</code></dfn> |
| attribute must return a <code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> |
attribute must return a <code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> |
| representing the rows returned, in the order returned by the |
representing the rows returned, in the order returned by the |
| database. If no rows were returned, then the object will be empty |
database. The same object must be returned each time. If no rows |
| (its <code title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></code> will |
were returned, then the object will be empty (its <code title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></code> will be |
| be zero).<pre class="idl">interface <dfn id="sqlresultsetrowlist">SQLResultSetRowList</dfn> { |
zero).<pre class="idl">interface <dfn id="sqlresultsetrowlist">SQLResultSetRowList</dfn> { |
| readonly attribute unsigned long <a href="#dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length">length</a>; |
readonly attribute unsigned long <a href="#dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length">length</a>; |
| getter <span>any</span> <a href="#dom-sqlresultsetrowlist-item" title="dom-SQLResultSetRowList-item">item</a>(in unsigned long index); |
getter <span>any</span> <a href="#dom-sqlresultsetrowlist-item" title="dom-SQLResultSetRowList-item">item</a>(in unsigned long index); |
| };</pre><p class="note">Implementors are encouraged to implement |
};</pre><p class="note">For the asynchronous API, implementors are |
| <code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects lazily, or at least |
encouraged to prefetch all the data for |
| asynchronously, for better performance.<p><code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects have a <dfn id="dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length"><code>length</code></dfn> |
<code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects when the object is |
| |
constructed (before the result set callback is invoked), rather than |
| |
on-demand, for better responsiveness. For the synchronous API, an |
| |
on-demand lazy evaluation implementation strategy is encouraged |
| |
instead, for better performance.<p><code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects have a <dfn id="dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length"><code>length</code></dfn> |
| attribute that must return the number of rows it represents (the |
attribute that must return the number of rows it represents (the |
| number of rows returned by the database). This is the <var title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></var>.<p class="note">Fetching the <code title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></code> might be |
number of rows returned by the database). This is the <var title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></var>.<p class="note">Fetching the <code title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></code> might be |
| expensive, and authors are thus encouraged to avoid using it (or |
expensive, and authors are thus encouraged to avoid using it (or |
|
Line 1085 interface <dfn id="sqltransactionsync">S
|
Line 1107 interface <dfn id="sqltransactionsync">S
|
| <td>A lock for the transaction could not be obtained in a |
<td>A lock for the transaction could not be obtained in a |
| reasonable time. |
reasonable time. |
| |
|
| </table><h2 id="web-sql"><span class="secno">5 </span>Web SQL</h2><p class="XXX">Need to define the SQL dialect.<h2 id="disk-space"><span class="secno">6 </span>Disk space</h2><p>User agents should limit the total amount of space allowed for |
</table><h2 id="web-sql"><span class="secno">5 </span>Web SQL</h2><p>User agents must implement the SQL dialect supported by Sqlite 3.6.19.<p>When converting bound arguments to SQL data types, the JavaScript |
| |
ToPrimitive abstract operation must be applied to obtain the raw |
| |
value to be processed. <a href="#refsECMA262">[ECMA262]</a>.<h2 id="disk-space"><span class="secno">6 </span>Disk space</h2><p>User agents should limit the total amount of space allowed for |
| databases. |
databases. |
| |
|
| <p>User agents should guard against sites storing data under the |
<p>User agents should guard against sites storing data under the |
|
Line 1101 interface <dfn id="sqltransactionsync">S
|
Line 1125 interface <dfn id="sqltransactionsync">S
|
| future.<h2 id="privacy"><span class="secno">7 </span>Privacy</h2><h3 id="user-tracking"><span class="secno">7.1 </span>User tracking</h3><p>A third-party advertiser (or any entity capable of getting |
future.<h2 id="privacy"><span class="secno">7 </span>Privacy</h2><h3 id="user-tracking"><span class="secno">7.1 </span>User tracking</h3><p>A third-party advertiser (or any entity capable of getting |
| content distributed to multiple sites) could use a unique identifier |
content distributed to multiple sites) could use a unique identifier |
| stored in its |
stored in its |
| client-side database |
client-side databases |
| |
|
| |
|
| to track a user across multiple sessions, building a profile of the |
to track a user across multiple sessions, building a profile of the |
| user's interests to allow for highly targeted advertising. In |
user's interests to allow for highly targeted advertising. In |
|
Line 1116 interface <dfn id="sqltransactionsync">S
|
Line 1141 interface <dfn id="sqltransactionsync">S
|
| <p>User agents may restrict access to |
<p>User agents may restrict access to |
| the database objects |
the database objects |
| |
|
| |
|
| to scripts originating at the domain of the top-level document of |
to scripts originating at the domain of the top-level document of |
| the <span>browsing context</span>, for instance denying access to |
the <span>browsing context</span>, for instance denying access to |
| the API for pages from other domains running in |
the API for pages from other domains running in |
|
Line 1126 interface <dfn id="sqltransactionsync">S
|
Line 1152 interface <dfn id="sqltransactionsync">S
|
| <dt>Expiring stored data</dt> |
<dt>Expiring stored data</dt> |
| <dd> |
<dd> |
| |
|
| <p>User agents may automatically delete stored data after a period |
<p>User agents may, if so configured by the user, automatically |
| of time.</p> |
delete stored data after a period of time.</p> |
| |
|
| |
|
| <p>This can restrict the ability of a site to track a user, as the |
<p>This can restrict the ability of a site to track a user, as the |
|
Line 1135 interface <dfn id="sqltransactionsync">S
|
Line 1161 interface <dfn id="sqltransactionsync">S
|
| sessions when he authenticates with the site itself (e.g. by |
sessions when he authenticates with the site itself (e.g. by |
| making a purchase or logging in to a service).</p> |
making a purchase or logging in to a service).</p> |
| |
|
| <p>However, this also puts the user's data at risk.</p> |
<p>However, this also reduces the usefulness of the API as a |
| |
long-term storage mechanism. It can also put the user's data at |
| |
risk, if the user does not fully understand the implications of |
| |
data expiration.</p> |
| |
|
| <!--v2 consider adding an explicit way for sites to state when |
|
| data should expire, as in localStorage.expireData(365); --> |
|
| |
|
| </dd> |
</dd> |
| |
|
| <dt>Treating persistent storage as cookies</dt> |
<dt>Treating persistent storage as cookies</dt> |
| <dd> |
<dd> |
| |
|
| <p>User agents should present the |
<p>If users attempt to protect their privacy by clearing cookies |
| database feature |
without also clearing data stored in the |
| |
relevant databases, |
| |
|
| to the user in a way that does not distinguish them from HTTP |
sites can defeat those attempts by using the two features as |
| session cookies. <a href="#refsRFC2109">[RFC2109]</a> <a href="#refsCOOKIES">[COOKIES]</a></p> |
redundant backup for each other. User agents should present the |
| |
interfaces for clearing these in a way that helps users to |
| <p>This might encourage users to view such storage with healthy |
understand this possibility and enables them to delete data in all |
| suspicion.</p> |
persistent storage features simultaneously. <a href="#refsCOOKIES">[COOKIES]</a></p> |
| |
|
| </dd> |
</dd> |
| |
|
| <dt>Site-specific white-listing of access to |
<dt>Site-specific white-listing of access to |
| databases |
databases |
| |
|
| |
|
| </dt> |
</dt> |
| <dd> |
<dd> |
| |
|
| <p>User agents may require the user to authorize access to |
<p>User agents may require the user to authorize access to |
| databases before a site can use the feature.</p> |
databases before a site can use the feature.</p> |
| |
|
| |
|
| |
|
| </dd> |
</dd> |
| |
|
|
Line 1209 interface <dfn id="sqltransactionsync">S
|
Line 1239 interface <dfn id="sqltransactionsync">S
|
| retroactively). This information can then be shared with other |
retroactively). This information can then be shared with other |
| sites, using using visitors' IP addresses and other user-specific |
sites, using using visitors' IP addresses and other user-specific |
| data (e.g. user-agent headers and configuration settings) to combine |
data (e.g. user-agent headers and configuration settings) to combine |
| separate sessions into coherent user profiles.<h3 id="cookie-resurrection"><span class="secno">7.2 </span>Cookie resurrection</h3><p>If the user interface for persistent storage presents data in the |
separate sessions into coherent user profiles.<h3 id="sensitivity-of-data"><span class="secno">7.2 </span>Sensitivity of data</h3><p>User agents should treat persistently stored data as potentially |
| persistent storage features described in this specification |
|
| separately from data in HTTP session cookies, then users are likely |
|
| to delete data in one and not the other. This would allow sites to |
|
| use the two features as redundant backup for each other, defeating a |
|
| user's attempts to protect his privacy.<h3 id="sensitivity-of-data"><span class="secno">7.3 </span>Sensitivity of data</h3><p>User agents should treat persistently stored data as potentially |
|
| sensitive; it's quite possible for e-mails, calendar appointments, |
sensitive; it's quite possible for e-mails, calendar appointments, |
| health records, or other confidential documents to be stored in this |
health records, or other confidential documents to be stored in this |
| mechanism.<p>To this end, user agents should ensure that when deleting data, |
mechanism.<p>To this end, user agents should ensure that when deleting data, |
| it is promptly deleted from the underlying storage.<h2 id="security"><span class="secno">8 </span>Security</h2><h3 id="dns-spoofing-attacks"><span class="secno">8.1 </span>DNS spoofing attacks</h3><p>Because of the potential for DNS spoofing attacks, one cannot |
it is promptly deleted from the underlying storage.<h2 id="security-storage"><span class="secno">8 </span>Security</h2><h3 id="dns-spoofing-attacks"><span class="secno">8.1 </span>DNS spoofing attacks</h3><p>Because of the potential for DNS spoofing attacks, one cannot |
| guarantee that a host claiming to be in a certain domain really is |
guarantee that a host claiming to be in a certain domain really is |
| from that domain. To mitigate this, pages can use SSL. Pages using |
from that domain. To mitigate this, pages can use TLS. Pages using |
| SSL can be sure that only pages using SSL that have certificates |
TLS can be sure that only pages using TLS that have certificates |
| identifying them as being from the same domain can access their |
identifying them as being from the same domain can access their |
| databases. |
databases. |
| |
|
|
Line 1257 interface <dfn id="sqltransactionsync">S
|
Line 1282 interface <dfn id="sqltransactionsync">S
|
| there is little reason to allow Web authors to control the character |
there is little reason to allow Web authors to control the character |
| encoding used in the disk representation of the data, as all data in |
encoding used in the disk representation of the data, as all data in |
| JavaScript is implicitly UTF-16.<h3 id="sql-injection"><span class="secno">8.5 </span>SQL injection</h3><p>Authors are strongly recommended to make use of the <code title="">?</code> placeholder feature of the <code title="dom-sqltransaction-executeSql"><a href="#dom-sqltransaction-executesql">executeSql()</a></code> method, |
JavaScript is implicitly UTF-16.<h3 id="sql-injection"><span class="secno">8.5 </span>SQL injection</h3><p>Authors are strongly recommended to make use of the <code title="">?</code> placeholder feature of the <code title="dom-sqltransaction-executeSql"><a href="#dom-sqltransaction-executesql">executeSql()</a></code> method, |
| and to never construct SQL statements on the fly.<h2 class="no-num" id="references">References</h2><!--REFS--><p>All references are normative unless marked "Non-normative".<dl><dt id="refsCOOKIES">[COOKIES]</dt> |
and to never construct SQL statements on the fly.<h2 class="no-num" id="references">References</h2><!--REFS--><p>All references are normative unless marked "Non-normative".</p><!-- Dates are only included for standards older than the Web, because the newer ones keep changing. --><dl><dt id="refsCOOKIES">[COOKIES]</dt> |
| <!-- |
<!-- |
| |
<dd><cite><a href="http://www.ietf.org/rfc/rfc2109.txt">HTTP State |
| |
Management Mechanism</a></cite>, D. Kristol, L. Montulli. IETF.</dd> |
| <dd><cite><a href="http://www.ietf.org/rfc/rfc2965.txt">HTTP State Management |
<dd><cite><a href="http://www.ietf.org/rfc/rfc2965.txt">HTTP State Management |
| Mechanism</a></cite>, D. Kristol, L. Montulli. IETF, October 2000.</dd> |
Mechanism</a></cite>, D. Kristol, L. Montulli. IETF.</dd> |
| --> |
--> |
| <dd><cite><a href="http://tools.ietf.org/html/draft-abarth-cookie">HTTP State |
<dd><cite><a href="http://tools.ietf.org/html/draft-ietf-httpstate-cookie">HTTP State |
| Management Mechanism</a></cite>, A. Barth. IETF, August 2009.</dd> |
Management Mechanism</a></cite>, A. Barth. IETF.</dd> |
| |
|
| <dt id="refsDOMCORE">[DOMCORE]</dt> |
<dt id="refsDOMCORE">[DOMCORE]</dt> |
| <dd><cite><a href="http://www.w3.org/TR/DOM-Level-3-Core/">Document |
<dd><cite><a href="http://www.w3.org/TR/DOM-Level-3-Core/">Document |
| Object Model (DOM) Level 3 Core Specification</a></cite>, A. Le |
Object Model (DOM) Level 3 Core Specification</a></cite>, A. Le |
| Hors, P. Le Hegaret, L. Wood, G. Nicol, J. Robie, M. Champion, |
Hors, P. Le Hegaret, L. Wood, G. Nicol, J. Robie, M. Champion, |
| S. Byrnes. W3C, April 2004.</dd> |
S. Byrnes. W3C.</dd> |
| <!-- |
<!-- |
| <dd><cite><a href="http://simon.html5.org/specs/web-dom-core">Web |
<dd><cite><a href="http://simon.html5.org/specs/web-dom-core">Web |
| DOM Core</a></cite>, S. Pieters. W3C, June 2009.</dd> |
DOM Core</a></cite>, S. Pieters. W3C.</dd> |
| --> |
--> |
| |
|
| <dt id="refsECMA262">[ECMA262]</dt> |
<dt id="refsECMA262">[ECMA262]</dt> |
| <dd><cite><a href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">ECMAScript |
<dd><cite><a href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">ECMAScript |
| Language Specification</a></cite>. ECMA, December 1999.</dd> |
Language Specification</a></cite>. ECMA.</dd> |
| |
|
| <dt id="refsHTML5">[HTML5]</dt> |
|
| <!-- |
|
| <dd><cite><a href="http://www.w3.org/TR/html5/">HTML5</a></cite>, |
|
| I. Hickson, D. Hyatt. W3C, April 2009.</dd> |
|
| <dd><cite><a |
|
| href="http://www.w3.org/html/wg/html5/">HTML5</a></cite>, |
|
| I. Hickson, D. Hyatt. W3C, August 2009.</dd> |
|
| --> |
|
| <dd><cite><a href="http://www.whatwg.org/specs/web-apps/current-work/">HTML5</a></cite>, |
|
| I. Hickson. WHATWG, August 2009.</dd> |
|
| |
|
| <dt id="refsRFC2109">[RFC2109]</dt> |
<dt id="refsHTML">[HTML]</dt> |
| <dd><cite><a href="http://www.ietf.org/rfc/rfc2109.txt">HTTP State Management |
<dd><cite><a href="http://www.whatwg.org/specs/web-apps/current-work/">HTML</a></cite>, |
| Mechanism</a></cite>, D. Kristol, L. Montulli. IETF, February 1997.</dd> |
I. Hickson. WHATWG.</dd> |
| |
|
| <dt id="refsRFC2119">[RFC2119]</dt> |
<dt id="refsRFC2119">[RFC2119]</dt> |
| <dd><cite><a href="http://www.ietf.org/rfc/rfc2119.txt">Key words for use in |
<dd><cite><a href="http://www.ietf.org/rfc/rfc2119.txt">Key words for use in |
| RFCs to Indicate Requirement Levels</a></cite>, S. Bradner. IETF, March |
RFCs to Indicate Requirement Levels</a></cite>, S. Bradner. IETF.</dd> |
| 1997.</dd> |
|
| |
|
| <dt id="refsSQL">[SQL]</dt> |
<dt id="refsSQL">[SQL]</dt> |
| <dd>The precise dialect has not yet been specified.</dd> |
<dd>The precise dialect has not yet been specified.</dd> |
|
Line 1305 interface <dfn id="sqltransactionsync">S
|
Line 1320 interface <dfn id="sqltransactionsync">S
|
| <dt id="refsWEBIDL">[WEBIDL]</dt> |
<dt id="refsWEBIDL">[WEBIDL]</dt> |
| <!-- |
<!-- |
| <dd><cite><a href="http://www.w3.org/TR/WebIDL/">Web |
<dd><cite><a href="http://www.w3.org/TR/WebIDL/">Web |
| IDL</a></cite>, C. McCormack. W3C, December 2008.</dd> |
IDL</a></cite>, C. McCormack. W3C.</dd> |
| --> |
--> |
| <dd><cite><a href="http://dev.w3.org/2006/webapi/WebIDL/">Web |
<dd><cite><a href="http://dev.w3.org/2006/webapi/WebIDL/">Web |
| IDL</a></cite>, C. McCormack. W3C, July 2009.</dd> |
IDL</a></cite>, C. McCormack. W3C.</dd> |
| |
|
| </dl> |
</dl> |
![[BACK]](/https/dev.w3.org/cvsweb/icons/back.gif){kind=icon}
Return to Overview.html CVS log ![[TXT]](/https/dev.w3.org/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/https/dev.w3.org/cvsweb/icons/dir.gif){kind=icon}
Up to [Public] / html5 / webdatabase