|
version 1.41, 2009/10/21 11:59:35
|
version 1.91, 2010/08/09 23:13:10
|
|
Line 1
|
Line 1
|
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><!-- when publishing, change bits marked ZZZ --><html lang="en-US-x-Hixie"><title>Web Database</title><style type="text/css"> |
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"><html lang="en-US-x-Hixie"><title>Web SQL Database</title><style type="text/css"> |
| pre { margin-left: 2em; white-space: pre-wrap; } |
pre { margin-left: 2em; white-space: pre-wrap; } |
| h2 { margin: 3em 0 1em 0; } |
h2 { margin: 3em 0 1em 0; } |
| h3 { margin: 2.5em 0 1em 0; } |
h3 { margin: 2.5em 0 1em 0; } |
|
Line 24
|
Line 24
|
| @media screen { code { color: orangered; } code :link, code :visited { color: inherit; } } |
@media screen { code { color: orangered; } code :link, code :visited { color: inherit; } } |
| var sub { vertical-align: bottom; font-size: smaller; position: relative; top: 0.1em; } |
var sub { vertical-align: bottom; font-size: smaller; position: relative; top: 0.1em; } |
| table { border-collapse: collapse; border-style: hidden hidden none hidden; } |
table { border-collapse: collapse; border-style: hidden hidden none hidden; } |
| table thead { border-bottom: solid; } |
table thead, table tbody { border-bottom: solid; } |
| table tbody th:first-child { border-left: solid; } |
table tbody th:first-child { border-left: solid; } |
| table tbody th { text-align: left; } |
table tbody th { text-align: left; } |
| table td, table th { border-left: solid; border-right: solid; border-bottom: solid thin; vertical-align: top; padding: 0.2em; } |
table td, table th { border-left: solid; border-right: solid; border-bottom: solid thin; vertical-align: top; padding: 0.2em; } |
|
Line 43
|
Line 43
|
| pre.idl :link, pre.idl :visited { color: inherit; background: transparent; } |
pre.idl :link, pre.idl :visited { color: inherit; background: transparent; } |
| pre.css { border: solid thin; background: #FFFFEE; color: black; padding: 0.5em 1em; } |
pre.css { border: solid thin; background: #FFFFEE; color: black; padding: 0.5em 1em; } |
| pre.css:first-line { color: #AAAA50; } |
pre.css:first-line { color: #AAAA50; } |
| dl.domintro { color: green; margin: 2em 0 2em 2em; padding: 0.5em 1em; border: none; background: #EEFFEE; } |
dl.domintro { color: green; margin: 2em 0 2em 2em; padding: 0.5em 1em; border: none; background: #DDFFDD; } |
| hr + dl.domintro, div.impl + dl.domintro { margin-top: 2.5em; margin-bottom: 1.5em; } |
hr + dl.domintro, div.impl + dl.domintro { margin-top: 2.5em; margin-bottom: 1.5em; } |
| dl.domintro dt, dl.domintro dt * { color: black; text-decoration: none; } |
dl.domintro dt, dl.domintro dt * { color: black; text-decoration: none; } |
| dl.domintro dd { margin: 0.5em 0 1em 2em; padding: 0; } |
dl.domintro dd { margin: 0.5em 0 1em 2em; padding: 0; } |
|
Line 71
|
Line 71
|
| div.head .logo { float: right; margin: 0 1em; } |
div.head .logo { float: right; margin: 0 1em; } |
| div.head .logo img { border: none } /* remove border from top image */ |
div.head .logo img { border: none } /* remove border from top image */ |
| div.head dl { margin: 1em 0; } |
div.head dl { margin: 1em 0; } |
| p.copyright { font-size: x-small; font-style: oblique; margin: 0; } |
div.head p.copyright, div.head p.alt { font-size: x-small; font-style: oblique; margin: 0; } |
| |
|
| body > .toc > li { margin-top: 1em; margin-bottom: 1em; } |
body > .toc > li { margin-top: 1em; margin-bottom: 1em; } |
| body > .toc.brief > li { margin-top: 0.35em; margin-bottom: 0.35em; } |
body > .toc.brief > li { margin-top: 0.35em; margin-bottom: 0.35em; } |
|
Line 141
|
Line 141
|
| .example { display: block; color: #222222; background: #FCFCFC; border-left: double; margin-left: 2em; padding-left: 1em; } |
.example { display: block; color: #222222; background: #FCFCFC; border-left: double; margin-left: 2em; padding-left: 1em; } |
| td > .example:only-child { margin: 0 0 0 0.1em; } |
td > .example:only-child { margin: 0 0 0 0.1em; } |
| |
|
| .tall-and-narrow { |
|
| font-size: 0.6em; |
|
| column-width: 25em; |
|
| column-gap: 1em; |
|
| -moz-column-width: 25em; |
|
| -moz-column-gap: 1em; |
|
| -webkit-column-width: 25em; |
|
| -webkit-column-gap: 1em; |
|
| } |
|
| |
|
| ul.domTree, ul.domTree ul { padding: 0 0 0 1em; margin: 0; } |
ul.domTree, ul.domTree ul { padding: 0 0 0 1em; margin: 0; } |
| ul.domTree li { padding: 0; margin: 0; list-style: none; position: relative; } |
ul.domTree li { padding: 0; margin: 0; list-style: none; position: relative; } |
| ul.domTree li li { list-style: none; } |
ul.domTree li li { list-style: none; } |
|
Line 165
|
Line 155
|
| ul.domTree .t7 code, .domTree .t8 code { color: green; } |
ul.domTree .t7 code, .domTree .t8 code { color: green; } |
| ul.domTree .t10 code { color: teal; } |
ul.domTree .t10 code { color: teal; } |
| |
|
| </style><link href="http://www.w3.org/StyleSheets/TR/W3C-WD" rel="stylesheet" type="text/css"><div class="head"> |
body.dfnEnabled dfn { cursor: pointer; } |
| <p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p> |
.dfnPanel { |
| <h1>Web Database</h1> |
display: inline; |
| <h2 class="no-num no-toc" id="w3c-working-draft-10-september-2009">W3C Working Draft 10 September 2009</h2> <!-- ZZZ --> |
position: absolute; |
| |
z-index: 10; |
| |
height: auto; |
| |
width: auto; |
| |
padding: 0.5em 0.75em; |
| |
font: small sans-serif, Droid Sans Fallback; |
| |
background: #DDDDDD; |
| |
color: black; |
| |
border: outset 0.2em; |
| |
} |
| |
.dfnPanel * { margin: 0; padding: 0; font: inherit; text-indent: 0; } |
| |
.dfnPanel :link, .dfnPanel :visited { color: black; } |
| |
.dfnPanel p { font-weight: bolder; } |
| |
.dfnPanel * + p { margin-top: 0.25em; } |
| |
.dfnPanel li { list-style-position: inside; } |
| |
|
| |
#configUI { position: absolute; z-index: 20; top: 10em; right: 1em; width: 11em; font-size: small; } |
| |
#configUI p { margin: 0.5em 0; padding: 0.3em; background: #EEEEEE; color: black; border: inset thin; } |
| |
#configUI p label { display: block; } |
| |
#configUI #updateUI, #configUI .loginUI { text-align: center; } |
| |
#configUI input[type=button] { display: block; margin: auto; } |
| |
|
| <dl><dt>This Version:</dt> |
</style><link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel="stylesheet" type="text/css"><div class="head"> |
| <dd><a href="http://www.w3.org/TR/2009/WD-webdatabase-20090910/">http://www.w3.org/TR/2009/WD-webdatabase-20090910/</a></dd> <!-- ZZZ date x2 --> |
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p> |
| <dt>Latest Published Version:</dt> |
<h1>Web SQL Database</h1> |
| |
<h2 class="no-num no-toc" id="editor-s-draft-9-august-2010">Editor's Draft 9 August 2010</h2> |
| |
<dl><dt>Latest Published Version:</dt> |
| <dd><a href="http://www.w3.org/TR/webdatabase/">http://www.w3.org/TR/webdatabase/</a></dd> |
<dd><a href="http://www.w3.org/TR/webdatabase/">http://www.w3.org/TR/webdatabase/</a></dd> |
| <dt>Latest Editor's Draft:</dt> |
<dt>Latest Editor's Draft:</dt> |
| <dd><a href="http://dev.w3.org/html5/webdatabase/">http://dev.w3.org/html5/webdatabase/</a></dd> |
<dd><a class="latest-link" href="http://dev.w3.org/html5/webdatabase/">http://dev.w3.org/html5/webdatabase/</a></dd> |
| <!-- ZZZ: add the new version after it has shipped |
<!-- ZZZ: add the new version after it has shipped--> |
| <dt>Previous Versions:</dt> |
<dt>Previous Versions:</dt> |
| <dd><a href="http://www.w3.org/TR/2009/WD-webdatabase-20090423/">http://www.w3.org/TR/2009/WD-webdatabase-20090423/</a> |
<dd><a href="http://www.w3.org/TR/2009/WD-webstorage-20090423/">http://www.w3.org/TR/2009/WD-webstorage-20090423/</a> <!-- yes, storage, not db --> |
| :ZZZ --> |
<dd><a href="http://www.w3.org/TR/2009/WD-webdatabase-20091029/">http://www.w3.org/TR/2009/WD-webdatabase-20091029/</a></dd> |
| |
<!-- :ZZZ --> |
| <dt>Editors:</dt> |
<dt>Editors:</dt> |
| <dd><a href="mailto:ian@hixie.ch">Ian Hickson</a>, Google, Inc.</dd> |
<dd><a href="mailto:ian@hixie.ch">Ian Hickson</a>, Google, Inc.</dd> |
| </dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> |
</dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> |
| © 2009 <a href="http://www.w3.org/"><abbr title="World Wide |
© 2010 <a href="http://www.w3.org/"><abbr title="World Wide |
| Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts |
Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts |
| Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research |
Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research |
| Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C |
Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C |
|
Line 191
|
Line 204
|
| <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> |
<a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> |
| and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document |
and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document |
| use</a> rules apply.</p> |
use</a> rules apply.</p> |
| |
|
| |
|
| </div><hr class="top"><h2 class="no-num no-toc" id="abstract">Abstract</h2><p>This specification defines an API for storing data in databases |
</div><hr class="top"><h2 class="no-num no-toc" id="abstract">Abstract</h2><p>This specification defines an API for storing data in databases |
| that can be queried using a variant of SQL.<h2 class="no-num no-toc" id="status-of-this-document">Status of this document</h2><!-- intro boilerplate (required) --><p><em>This section describes the status of this document at the |
that can be queried using a variant of SQL.<h2 class="no-num no-toc" id="status-of-this-document">Status of This document</h2><!-- intro boilerplate (required) --><p><em>This section describes the status of this document at the |
| time of its publication. Other documents may supersede this |
time of its publication. Other documents may supersede this |
| document. A list of current W3C publications and the most recently |
document. A list of current W3C publications and the most recently |
| formally published revision of this technical report can be found in |
formally published revision of this technical report can be found in |
|
Line 207
|
Line 222
|
| <a href="http://lists.whatwg.org/pipermail/whatwg-whatwg.org/">archives</a>), |
<a href="http://lists.whatwg.org/pipermail/whatwg-whatwg.org/">archives</a>), |
| <!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING SENTENCE TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --> |
<!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING SENTENCE TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --> |
| |
|
| or submit them using <a href="http://www.w3.org/Bugs/Public/enter_bug.cgi?product=WebAppsWG&component=Web%20Storage">our |
or submit them using <a href="http://www.w3.org/Bugs/Public/enter_bug.cgi?assigned_to=ian%40hixie.ch&blocked=&bug_file_loc=http%3A%2F%2F&bug_severity=normal&bug_status=NEW&comment=&component=Web%20Database%20%28editor%3A%20Ian%20Hickson%29&contenttypeentry=&contenttypemethod=autodetect&contenttypeselection=text%2Fplain&data=&dependson=&description=&form_name=enter_bug&keywords=&maketemplate=Remember%20values%20as%20bookmarkable%20template&op_sys=All&priority=P5&product=WebAppsWG&qa_contact=member-webapi-cvs%40w3.org&rep_platform=All&short_desc=&target_milestone=---&version=unspecified">our |
| public bug database</a>. |
public bug database</a>. |
| |
|
| All feedback is welcome.</p><!-- stability (required) --><p>Implementors should be aware that this specification is not |
All feedback is welcome.</p><!-- stability (required) --><p>Implementors should be aware that this specification is not |
|
Line 216
|
Line 231
|
| under them in incompatible ways.</strong> Vendors interested in |
under them in incompatible ways.</strong> Vendors interested in |
| implementing this specification before it eventually reaches the |
implementing this specification before it eventually reaches the |
| Candidate Recommendation stage should join the aforementioned |
Candidate Recommendation stage should join the aforementioned |
| mailing lists and take part in the discussions.</p><!-- version history or list of changes (required) --><p>The latest stable version of the editor's draft of this |
mailing lists and take part in the discussions.<p class="XXX">This specification has reached an impasse: all |
| |
interested implementors have used the same SQL backend (Sqlite), but |
| |
we need multiple independent implementations to proceed along a |
| |
standardisation path. Until another implementor is interested in |
| |
implementing this spec, the description of the SQL dialect has been |
| |
left as simply a reference to Sqlite, which isn't acceptable for a |
| |
standard. Should you be an implementor interested in implementing an |
| |
independent SQL backend, please contact the editor so that he can |
| |
write a specification for the dialect, thus allowing this |
| |
specification to move forward.</p><!-- version history or list of changes (required) --><p>The latest stable version of the editor's draft of this |
| specification is always available on <a href="http://dev.w3.org/html5/webdatabase/Overview.html">the W3C CVS |
specification is always available on <a href="http://dev.w3.org/html5/webdatabase/Overview.html">the W3C CVS |
| server</a>. Change tracking for this document is available at the |
server</a>. Change tracking for this document is available at the |
| following location:<ul><li>CVS log: <a href="http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html">http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html</a></li> |
following location:<ul><li>CVS log: <a href="http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html">http://dev.w3.org/cvsweb/html5/webdatabase/Overview.html</a></li> |
|
Line 229
|
Line 253
|
| <li>Interactive Web interface: <a href="http://html5.org/tools/web-apps-tracker">http://html5.org/tools/web-apps-tracker</a></li> |
<li>Interactive Web interface: <a href="http://html5.org/tools/web-apps-tracker">http://html5.org/tools/web-apps-tracker</a></li> |
| <li>Commit-Watchers mailing list: <a href="http://lists.whatwg.org/listinfo.cgi/commit-watchers-whatwg.org">http://lists.whatwg.org/listinfo.cgi/commit-watchers-whatwg.org</a></li> |
<li>Commit-Watchers mailing list: <a href="http://lists.whatwg.org/listinfo.cgi/commit-watchers-whatwg.org">http://lists.whatwg.org/listinfo.cgi/commit-watchers-whatwg.org</a></li> |
| <li>Subversion interface: <a href="http://svn.whatwg.org/webapps/">http://svn.whatwg.org/webapps/</a></li> |
<li>Subversion interface: <a href="http://svn.whatwg.org/webapps/">http://svn.whatwg.org/webapps/</a></li> |
| </ul><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING LIST TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- status of document, group responsible (required) --><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Apps |
</ul><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING LIST TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- status of document, group responsible (required) --><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Applications |
| Working Group</a> is the W3C working group responsible for this |
Working Group</a> is the W3C working group responsible for this |
| specification's progress along the W3C Recommendation track. |
specification's progress along the W3C Recommendation track. |
| This specification is the 10 September 2009 First Public Working Draft. <!--ZZZ (date and remove 'first public'--> |
This specification is the 9 August 2010 Editor's Draft. |
| |
|
| </p><!-- required patent boilerplate --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 |
</p><!-- required patent boilerplate --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 |
| February 2004 W3C Patent Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of |
February 2004 W3C Patent Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of |
| any patent disclosures</a> made in connection with the deliverables |
any patent disclosures</a> made in connection with the deliverables |
|
Line 241
|
Line 264
|
| patent. An individual who has actual knowledge of a patent which the |
patent. An individual who has actual knowledge of a patent which the |
| individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential |
individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential |
| Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section |
Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section |
| 6 of the W3C Patent Policy</a>.<h2 class="no-num no-toc" id="contents">Table of contents</h2> |
6 of the W3C Patent Policy</a>.<h2 class="no-num no-toc" id="contents">Table of Contents</h2> |
| <!--begin-toc--> |
<!--begin-toc--> |
| <ol class="toc"> |
<ol class="toc"> |
| <li><a href="#introduction"><span class="secno">1 </span>Introduction</a></li> |
<li><a href="#introduction"><span class="secno">1 </span>Introduction</a></li> |
|
Line 268
|
Line 291
|
| <ol> |
<ol> |
| <li><a href="#user-tracking"><span class="secno">7.1 </span>User tracking</a></li> |
<li><a href="#user-tracking"><span class="secno">7.1 </span>User tracking</a></li> |
| <li><a href="#sensitivity-of-data"><span class="secno">7.2 </span>Sensitivity of data</a></ol></li> |
<li><a href="#sensitivity-of-data"><span class="secno">7.2 </span>Sensitivity of data</a></ol></li> |
| <li><a href="#security"><span class="secno">8 </span>Security</a> |
<li><a href="#security-storage"><span class="secno">8 </span>Security</a> |
| <ol> |
<ol> |
| <li><a href="#dns-spoofing-attacks"><span class="secno">8.1 </span>DNS spoofing attacks</a></li> |
<li><a href="#dns-spoofing-attacks"><span class="secno">8.1 </span>DNS spoofing attacks</a></li> |
| <li><a href="#cross-directory-attacks"><span class="secno">8.2 </span>Cross-directory attacks</a></li> |
<li><a href="#cross-directory-attacks"><span class="secno">8.2 </span>Cross-directory attacks</a></li> |
|
Line 353 prepareDatabase(function(db) {
|
Line 376 prepareDatabase(function(db) {
|
| agents.<p>User agents may impose implementation-specific limits on |
agents.<p>User agents may impose implementation-specific limits on |
| otherwise unconstrained inputs, e.g. to prevent denial of service |
otherwise unconstrained inputs, e.g. to prevent denial of service |
| attacks, to guard against running out of memory, or to work around |
attacks, to guard against running out of memory, or to work around |
| platform-specific limitations.<h3 id="dependencies"><span class="secno">2.1 </span>Dependencies</h3><p>This specification relies on several other underlying |
platform-specific limitations.<p>When support for a feature is disabled (e.g. as an emergency |
| specifications.<dl><dt>HTML5</dt> |
measure to mitigate a security problem, or to aid in development, or |
| |
for performance reasons), user agents must act as if they had no |
| |
support for the feature whatsoever, and as if the feature was not |
| |
mentioned in this specification. For example, if a particular |
| |
feature is accessed via an attribute in a Web IDL interface, the |
| |
attribute itself would be omitted from the objects that implement |
| |
that interface — leaving the attribute on the object but |
| |
making it return null or throw an exception is insufficient.<h3 id="dependencies"><span class="secno">2.1 </span>Dependencies</h3><p>This specification relies on several other underlying |
| |
specifications.<dl><dt>HTML</dt> |
| |
|
| <dd> |
<dd> |
| |
|
| <p>Many fundamental concepts from HTML5 are used by this |
<p>Many fundamental concepts from HTML are used by this |
| specification. <a href="#refsHTML5">[HTML5]</a></p> |
specification. <a href="#refsHTML">[HTML]</a></p> |
| |
|
| </dd> |
</dd> |
| |
|
|
Line 442 interface <dfn id="databasecallback">Dat
|
Line 473 interface <dfn id="databasecallback">Dat
|
| |
|
| </li> |
</li> |
| |
|
| |
<li><p>If <var title="">origin</var> is not a scheme/host/port |
| |
tuple, then throw a <code>SECURITY_ERR</code> exception and abort |
| |
these steps.</li> |
| |
|
| <li><p>If the database version provided is not the empty string, |
<li><p>If the database version provided is not the empty string, |
| and there is already a database with the given name from the origin |
and there is already a database with the given name from the origin |
| <var title="">origin</var>, but the database has a different |
<var title="">origin</var>, but the database has a different |
|
Line 519 interface <dfn id="databasecallback">Dat
|
Line 554 interface <dfn id="databasecallback">Dat
|
| |
|
| <li> |
<li> |
| |
|
| <p>Replace each <code title="">?</code> placeholder with the value |
<p>Bind each <code title="">?</code> placeholder with the value of |
| of the argument in the <var title="">arguments</var> array with |
the argument in the <var title="">arguments</var> array with the |
| the same position. (So the first <code title="">?</code> |
same position. (So the first <code title="">?</code> placeholder |
| placeholder gets replaced by the first value in the <var title="">arguments</var> array, and generally the <var title="">n</var>th <code title="">?</code> placeholder gets |
gets bound to the first value in the <var title="">arguments</var> |
| replaced by the <var title="">n</var>th value in the <var title="">arguments</var> array.)</p> |
array, and generally the <var title="">n</var>th <code title="">?</code> placeholder gets bound to the <var title="">n</var>th value in the <var title="">arguments</var> |
| |
array.)</p> |
| <p class="note">Substitutions for <code title="">?</code> |
|
| placeholders are done at the literal level, not as string |
<p class="note">Binding the <code title="">?</code> placeholders |
| concatenations, so this provides a way to dynamically insert |
is done at the literal level, not as string concatenations, so |
| parameters into a statement without risk of a SQL injection |
this provides a way to dynamically insert parameters into a |
| attack.</p> |
statement without risk of a SQL injection attack.</p> |
| |
|
| <p>The result is <var title="">the statement</var>.</p> |
<p>The result is <var title="">the statement</var>.</p> |
| |
|
|
Line 772 interface <dfn id="sqlstatementerrorcall
|
Line 807 interface <dfn id="sqlstatementerrorcall
|
| |
|
| <p>If a <i>postflight operation</i> was defined for this instance |
<p>If a <i>postflight operation</i> was defined for this instance |
| of the transaction steps, then: as one atomic operation, commit |
of the transaction steps, then: as one atomic operation, commit |
| the transaction and run the <i>postflight operation</i>. If either |
the transaction and, if that succeeds, run the <i>postflight |
| fails, then do neither, and instead jump to the last step. (This |
operation</i>. If the commit fails, then instead jump to the last |
| is basically a hook for the <code title="dom-database-changeVersion"><a href="#dom-database-changeversion">changeVersion()</a></code> |
step. (This is basically a hook for the <code title="dom-database-changeVersion"><a href="#dom-database-changeversion">changeVersion()</a></code> |
| method.)</p> |
method.)</p> |
| |
|
| <p>Otherwise: commit the transaction and run the <i>postflight |
<p>Otherwise: commit the transaction. If an error occurred in the |
| operation</i>. If an error occurred in the committing of the |
committing of the transaction, jump to the last step.</p> |
| transaction, jump to the last step.</p> |
|
| |
|
| </li> |
</li> |
| |
|
|
Line 789 interface <dfn id="sqlstatementerrorcall
|
Line 823 interface <dfn id="sqlstatementerrorcall
|
| <li><p>End these steps. The next step is only used when something |
<li><p>End these steps. The next step is only used when something |
| goes wrong.</li> |
goes wrong.</li> |
| |
|
| <li><p><span>Queue a task</span> to invoke the <i>error |
<li><p><span>Queue a task</span> to invoke the transaction's |
| callback</i>, if it is not null, with a newly constructed |
<i>error callback</i>, if it is not null, with a newly constructed |
| <code><a href="#sqlerror">SQLError</a></code> object that represents the last error to have |
<code><a href="#sqlerror">SQLError</a></code> object that represents the last error to have |
| occurred in this transaction. Rollback the transaction. Any |
occurred in this transaction. Rollback the transaction. Any |
| still-pending statements in the transaction are discarded.</li> |
still-pending statements in the transaction are discarded.</li> |
|
Line 954 interface <dfn id="sqltransactionsync">S
|
Line 988 interface <dfn id="sqltransactionsync">S
|
| zero (querying the database doesn't affect any rows).<p>The <dfn id="dom-sqlresultset-rows" title="dom-SQLResultSet-rows"><code>rows</code></dfn> |
zero (querying the database doesn't affect any rows).<p>The <dfn id="dom-sqlresultset-rows" title="dom-SQLResultSet-rows"><code>rows</code></dfn> |
| attribute must return a <code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> |
attribute must return a <code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> |
| representing the rows returned, in the order returned by the |
representing the rows returned, in the order returned by the |
| database. If no rows were returned, then the object will be empty |
database. The same object must be returned each time. If no rows |
| (its <code title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></code> will |
were returned, then the object will be empty (its <code title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></code> will be |
| be zero).<pre class="idl">interface <dfn id="sqlresultsetrowlist">SQLResultSetRowList</dfn> { |
zero).<pre class="idl">interface <dfn id="sqlresultsetrowlist">SQLResultSetRowList</dfn> { |
| readonly attribute unsigned long <a href="#dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length">length</a>; |
readonly attribute unsigned long <a href="#dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length">length</a>; |
| getter <span>any</span> <a href="#dom-sqlresultsetrowlist-item" title="dom-SQLResultSetRowList-item">item</a>(in unsigned long index); |
getter <span>any</span> <a href="#dom-sqlresultsetrowlist-item" title="dom-SQLResultSetRowList-item">item</a>(in unsigned long index); |
| };</pre><p class="note">Implementors are encouraged to implement |
};</pre><p class="note">For the asynchronous API, implementors are |
| <code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects lazily, or at least |
encouraged to prefetch all the data for |
| asynchronously, for better performance.<p><code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects have a <dfn id="dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length"><code>length</code></dfn> |
<code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects when the object is |
| |
constructed (before the result set callback is invoked), rather than |
| |
on-demand, for better responsiveness. For the synchronous API, an |
| |
on-demand lazy evaluation implementation strategy is encouraged |
| |
instead, for better performance.<p><code><a href="#sqlresultsetrowlist">SQLResultSetRowList</a></code> objects have a <dfn id="dom-sqlresultsetrowlist-length" title="dom-SQLResultSetRowList-length"><code>length</code></dfn> |
| attribute that must return the number of rows it represents (the |
attribute that must return the number of rows it represents (the |
| number of rows returned by the database). This is the <var title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></var>.<p class="note">Fetching the <code title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></code> might be |
number of rows returned by the database). This is the <var title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></var>.<p class="note">Fetching the <code title="dom-SQLResultSetRowList-length"><a href="#dom-sqlresultsetrowlist-length">length</a></code> might be |
| expensive, and authors are thus encouraged to avoid using it (or |
expensive, and authors are thus encouraged to avoid using it (or |
|
Line 1069 interface <dfn id="sqltransactionsync">S
|
Line 1107 interface <dfn id="sqltransactionsync">S
|
| <td>A lock for the transaction could not be obtained in a |
<td>A lock for the transaction could not be obtained in a |
| reasonable time. |
reasonable time. |
| |
|
| </table><h2 id="web-sql"><span class="secno">5 </span>Web SQL</h2><p class="XXX">Need to define the SQL dialect.<h2 id="disk-space"><span class="secno">6 </span>Disk space</h2><p>User agents should limit the total amount of space allowed for |
</table><h2 id="web-sql"><span class="secno">5 </span>Web SQL</h2><p>User agents must implement the SQL dialect supported by Sqlite 3.6.19.<p>When converting bound arguments to SQL data types, the JavaScript |
| |
ToPrimitive abstract operation must be applied to obtain the raw |
| |
value to be processed. <a href="#refsECMA262">[ECMA262]</a>.<h2 id="disk-space"><span class="secno">6 </span>Disk space</h2><p>User agents should limit the total amount of space allowed for |
| databases. |
databases. |
| |
|
| <p>User agents should guard against sites storing data under the |
<p>User agents should guard against sites storing data under the |
|
Line 1088 interface <dfn id="sqltransactionsync">S
|
Line 1127 interface <dfn id="sqltransactionsync">S
|
| stored in its |
stored in its |
| client-side databases |
client-side databases |
| |
|
| |
|
| to track a user across multiple sessions, building a profile of the |
to track a user across multiple sessions, building a profile of the |
| user's interests to allow for highly targeted advertising. In |
user's interests to allow for highly targeted advertising. In |
| conjunction with a site that is aware of the user's real identity |
conjunction with a site that is aware of the user's real identity |
|
Line 1101 interface <dfn id="sqltransactionsync">S
|
Line 1141 interface <dfn id="sqltransactionsync">S
|
| <p>User agents may restrict access to |
<p>User agents may restrict access to |
| the database objects |
the database objects |
| |
|
| |
|
| to scripts originating at the domain of the top-level document of |
to scripts originating at the domain of the top-level document of |
| the <span>browsing context</span>, for instance denying access to |
the <span>browsing context</span>, for instance denying access to |
| the API for pages from other domains running in |
the API for pages from other domains running in |
|
Line 1133 interface <dfn id="sqltransactionsync">S
|
Line 1174 interface <dfn id="sqltransactionsync">S
|
| |
|
| <p>If users attempt to protect their privacy by clearing cookies |
<p>If users attempt to protect their privacy by clearing cookies |
| without also clearing data stored in the |
without also clearing data stored in the |
| |
|
| relevant databases, |
relevant databases, |
| |
|
| sites can defeat those attempts by using the two features as |
sites can defeat those attempts by using the two features as |
|
Line 1147 interface <dfn id="sqltransactionsync">S
|
Line 1187 interface <dfn id="sqltransactionsync">S
|
| <dt>Site-specific white-listing of access to |
<dt>Site-specific white-listing of access to |
| databases |
databases |
| |
|
| |
|
| </dt> |
</dt> |
| <dd> |
<dd> |
| |
|
| <p>User agents may require the user to authorize access to |
<p>User agents may require the user to authorize access to |
| databases before a site can use the feature.</p> |
databases before a site can use the feature.</p> |
| |
|
| |
|
| |
|
| </dd> |
</dd> |
| |
|
|
Line 1201 interface <dfn id="sqltransactionsync">S
|
Line 1243 interface <dfn id="sqltransactionsync">S
|
| sensitive; it's quite possible for e-mails, calendar appointments, |
sensitive; it's quite possible for e-mails, calendar appointments, |
| health records, or other confidential documents to be stored in this |
health records, or other confidential documents to be stored in this |
| mechanism.<p>To this end, user agents should ensure that when deleting data, |
mechanism.<p>To this end, user agents should ensure that when deleting data, |
| it is promptly deleted from the underlying storage.<h2 id="security"><span class="secno">8 </span>Security</h2><h3 id="dns-spoofing-attacks"><span class="secno">8.1 </span>DNS spoofing attacks</h3><p>Because of the potential for DNS spoofing attacks, one cannot |
it is promptly deleted from the underlying storage.<h2 id="security-storage"><span class="secno">8 </span>Security</h2><h3 id="dns-spoofing-attacks"><span class="secno">8.1 </span>DNS spoofing attacks</h3><p>Because of the potential for DNS spoofing attacks, one cannot |
| guarantee that a host claiming to be in a certain domain really is |
guarantee that a host claiming to be in a certain domain really is |
| from that domain. To mitigate this, pages can use SSL. Pages using |
from that domain. To mitigate this, pages can use TLS. Pages using |
| SSL can be sure that only pages using SSL that have certificates |
TLS can be sure that only pages using TLS that have certificates |
| identifying them as being from the same domain can access their |
identifying them as being from the same domain can access their |
| |
|
| databases. |
databases. |
| |
|
| <h3 id="cross-directory-attacks"><span class="secno">8.2 </span>Cross-directory attacks</h3><p>Different authors sharing one host name, for example users |
<h3 id="cross-directory-attacks"><span class="secno">8.2 </span>Cross-directory attacks</h3><p>Different authors sharing one host name, for example users |
| hosting content on <code>geocities.com</code>, all share one |
hosting content on <code>geocities.com</code>, all share one |
| |
|
| set of databases. |
set of databases. |
| |
|
| There is no feature to restrict the access by pathname. Authors on |
There is no feature to restrict the access by pathname. Authors on |
|
Line 1242 interface <dfn id="sqltransactionsync">S
|
Line 1282 interface <dfn id="sqltransactionsync">S
|
| there is little reason to allow Web authors to control the character |
there is little reason to allow Web authors to control the character |
| encoding used in the disk representation of the data, as all data in |
encoding used in the disk representation of the data, as all data in |
| JavaScript is implicitly UTF-16.<h3 id="sql-injection"><span class="secno">8.5 </span>SQL injection</h3><p>Authors are strongly recommended to make use of the <code title="">?</code> placeholder feature of the <code title="dom-sqltransaction-executeSql"><a href="#dom-sqltransaction-executesql">executeSql()</a></code> method, |
JavaScript is implicitly UTF-16.<h3 id="sql-injection"><span class="secno">8.5 </span>SQL injection</h3><p>Authors are strongly recommended to make use of the <code title="">?</code> placeholder feature of the <code title="dom-sqltransaction-executeSql"><a href="#dom-sqltransaction-executesql">executeSql()</a></code> method, |
| and to never construct SQL statements on the fly.</p><!--START vCard--><!--START vEvent--><h2 class="no-num" id="references">References</h2><!--REFS--><!--END vCard--><!--END vEvent--><p>All references are normative unless marked "Non-normative".</p><!--START vCard--><!--START vEvent--><dl><dt id="refsCOOKIES">[COOKIES]</dt> |
and to never construct SQL statements on the fly.<h2 class="no-num" id="references">References</h2><!--REFS--><p>All references are normative unless marked "Non-normative".</p><!-- Dates are only included for standards older than the Web, because the newer ones keep changing. --><dl><dt id="refsCOOKIES">[COOKIES]</dt> |
| <!-- |
<!-- |
| <dd><cite><a href="http://www.ietf.org/rfc/rfc2109.txt">HTTP State |
<dd><cite><a href="http://www.ietf.org/rfc/rfc2109.txt">HTTP State |
| Management Mechanism</a></cite>, D. Kristol, L. Montulli. IETF, |
Management Mechanism</a></cite>, D. Kristol, L. Montulli. IETF.</dd> |
| February 1997.</dd> |
|
| <dd><cite><a href="http://www.ietf.org/rfc/rfc2965.txt">HTTP State Management |
<dd><cite><a href="http://www.ietf.org/rfc/rfc2965.txt">HTTP State Management |
| Mechanism</a></cite>, D. Kristol, L. Montulli. IETF, October 2000.</dd> |
Mechanism</a></cite>, D. Kristol, L. Montulli. IETF.</dd> |
| --> |
--> |
| <dd><cite><a href="http://tools.ietf.org/html/draft-abarth-cookie">HTTP State |
<dd><cite><a href="http://tools.ietf.org/html/draft-ietf-httpstate-cookie">HTTP State |
| Management Mechanism</a></cite>, A. Barth. IETF, August 2009.</dd> |
Management Mechanism</a></cite>, A. Barth. IETF.</dd> |
| |
|
| <dt id="refsDOMCORE">[DOMCORE]</dt> |
<dt id="refsDOMCORE">[DOMCORE]</dt> |
| <dd><cite><a href="http://www.w3.org/TR/DOM-Level-3-Core/">Document |
<dd><cite><a href="http://www.w3.org/TR/DOM-Level-3-Core/">Document |
| Object Model (DOM) Level 3 Core Specification</a></cite>, A. Le |
Object Model (DOM) Level 3 Core Specification</a></cite>, A. Le |
| Hors, P. Le Hegaret, L. Wood, G. Nicol, J. Robie, M. Champion, |
Hors, P. Le Hegaret, L. Wood, G. Nicol, J. Robie, M. Champion, |
| S. Byrnes. W3C, April 2004.</dd> |
S. Byrnes. W3C.</dd> |
| <!-- |
<!-- |
| <dd><cite><a href="http://simon.html5.org/specs/web-dom-core">Web |
<dd><cite><a href="http://simon.html5.org/specs/web-dom-core">Web |
| DOM Core</a></cite>, S. Pieters. W3C, June 2009.</dd> |
DOM Core</a></cite>, S. Pieters. W3C.</dd> |
| --> |
--> |
| |
|
| <dt id="refsECMA262">[ECMA262]</dt> |
<dt id="refsECMA262">[ECMA262]</dt> |
| <dd><cite><a href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">ECMAScript |
<dd><cite><a href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">ECMAScript |
| Language Specification</a></cite>. ECMA, December 1999.</dd> |
Language Specification</a></cite>. ECMA.</dd> |
| |
|
| <dt id="refsHTML5">[HTML5]</dt> |
<dt id="refsHTML">[HTML]</dt> |
| <!-- |
<dd><cite><a href="http://www.whatwg.org/specs/web-apps/current-work/">HTML</a></cite>, |
| <dd><cite><a href="http://www.w3.org/TR/html5/">HTML5</a></cite>, |
I. Hickson. WHATWG.</dd> |
| I. Hickson, D. Hyatt. W3C, April 2009.</dd> |
|
| <dd><cite><a |
|
| href="http://www.w3.org/html/wg/html5/">HTML5</a></cite>, |
|
| I. Hickson, D. Hyatt. W3C, August 2009.</dd> |
|
| --> |
|
| <dd><cite><a href="http://www.whatwg.org/specs/web-apps/current-work/">HTML5</a></cite>, |
|
| I. Hickson. WHATWG, August 2009.</dd> |
|
| |
|
| <dt id="refsRFC2119">[RFC2119]</dt> |
<dt id="refsRFC2119">[RFC2119]</dt> |
| <dd><cite><a href="http://www.ietf.org/rfc/rfc2119.txt">Key words for use in |
<dd><cite><a href="http://www.ietf.org/rfc/rfc2119.txt">Key words for use in |
| RFCs to Indicate Requirement Levels</a></cite>, S. Bradner. IETF, March |
RFCs to Indicate Requirement Levels</a></cite>, S. Bradner. IETF.</dd> |
| 1997.</dd> |
|
| |
|
| <dt id="refsSQL">[SQL]</dt> |
<dt id="refsSQL">[SQL]</dt> |
| <dd>The precise dialect has not yet been specified.</dd> |
<dd>The precise dialect has not yet been specified.</dd> |
|
Line 1289 interface <dfn id="sqltransactionsync">S
|
Line 1320 interface <dfn id="sqltransactionsync">S
|
| <dt id="refsWEBIDL">[WEBIDL]</dt> |
<dt id="refsWEBIDL">[WEBIDL]</dt> |
| <!-- |
<!-- |
| <dd><cite><a href="http://www.w3.org/TR/WebIDL/">Web |
<dd><cite><a href="http://www.w3.org/TR/WebIDL/">Web |
| IDL</a></cite>, C. McCormack. W3C, December 2008.</dd> |
IDL</a></cite>, C. McCormack. W3C.</dd> |
| --> |
--> |
| <dd><cite><a href="http://dev.w3.org/2006/webapi/WebIDL/">Web |
<dd><cite><a href="http://dev.w3.org/2006/webapi/WebIDL/">Web |
| IDL</a></cite>, C. McCormack. W3C, July 2009.</dd> |
IDL</a></cite>, C. McCormack. W3C.</dd> |
| |
|
| </dl><!--END vCard--><!--END vEvent--> |
</dl> |
![[BACK]](/https/dev.w3.org/cvsweb/icons/back.gif){kind=icon}
Return to Overview.html CVS log ![[TXT]](/https/dev.w3.org/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/https/dev.w3.org/cvsweb/icons/dir.gif){kind=icon}
Up to [Public] / html5 / webdatabase