+
-
Offline application cache manifests can use absolute paths or even absolute URLs:
+
Realms and their counterparts
+
+
The JavaScript specification introduces the realm
+ concept, representing a global environment in which script is run. Each realm comes with an
+ implementation-defined global object; much of this specification is
+ devoted to defining that global object and its properties.
-
CACHE MANIFEST
+ For web specifications, it is often useful to associate values or algorithms with a
+ realm/global object pair. When the values are specific to a particular type of realm, they are
+ associated directly with the global object in question, e.g., in the definition of the
+ Window or WorkerGlobalScope interfaces. When the values have utility
+ across multiple realms, we use the environment settings object concept.
-/main/home
-/main/app.js
-/settings/home
-/settings/app.js
-https://img.example.com/logo.png
-https://img.example.com/check.png
-https://img.example.com/cross.png
+
Finally, in some cases it is necessary to track associated values before a
+ realm/global object/environment settings object even comes into existence (for example, during
+ navigation). These values are tracked in the
+ environment concept.
-
+
Environments
-
+
An environment is an object that identifies the settings of a current or
+ potential execution environment. An environment has the following fields:
-
The following manifest defines a catch-all error page that is displayed for any page on the
- site while the user is offline. It also specifies that the online safelist wildcard flag is open, meaning that accesses to resources on other sites will not be blocked.
- (Resources on the same site are already not blocked because of the catch-all fallback
- namespace.)
+
+ - An id
+ An opaque string that uniquely identifies this environment.
So long as all pages on the site reference this manifest, they will get cached locally as they
- are fetched, so that subsequent hits to the same page will load the page immediately from the
- cache. Until the manifest is changed, those pages will not be fetched from the server again. When
- the manifest changes, then all the files will be redownloaded.
+ - A creation URL
+ -
+
A URL that represents the location of the resource with which this
+ environment is associated.
- Subresources, such as style sheets, images, etc, would only be cached using the regular HTTP
- caching semantics, however.
+ In the case of an environment settings object, this URL might be
+ distinct from the environment settings object's responsible
+ document's URL, due to mechanisms such as
+ history.pushState().
+
- CACHE MANIFEST
-FALLBACK:
-/ /offline.html
-NETWORK:
-*
+ - A top-level creation URL
+ Null or a URL that represents the creation URL of the "top-level"
+ environment. It is null for workers and worklets.
+
A top-level origin
+
+ A for now implementation-defined value, null,
+ or an origin. For a "top-level" potential execution environment it is null (i.e.,
+ when there is no response yet); otherwise it is the "top-level" environment's origin. For a dedicated worker or worklet it is
+ the top-level origin of its creator. For a shared or service worker it is an
+ implementation-defined value.
+ This is distinct from the top-level creation URL's origin when sandboxing, workers, and worklets are
+ involved.
+
+
A target browsing context
+
Null or a target browsing context for a navigation request.
-
Writing cache manifests
+
An active service worker
+
Null or a service worker that controls the environment.
-
Manifests must be served using the text/cache-manifest MIME type. All
- resources served using the text/cache-manifest MIME type must follow the
- syntax of application cache manifests, as described in this section.
+
An execution ready flag
+
A flag that indicates whether the environment setup is done. It is initially
+ unset.
+
-
An application cache manifest is a text file, whose text is encoded using UTF-8. Data in
- application cache manifests is line-based. Newlines must be represented by U+000A LINE FEED (LF)
- characters, U+000D CARRIAGE RETURN (CR) characters, or U+000D CARRIAGE RETURN (CR) U+000A LINE
- FEED (LF) pairs.
+
Specifications may define environment discarding steps for environments. The
+ steps take an environment as input.
-
This is a willful violation of RFC 2046, which requires all text/* types to only allow CRLF line breaks. This requirement, however, is
- outdated; the use of CR, LF, and CRLF line breaks is commonly supported and indeed sometimes CRLF
- is not supported by text editors.
+
The environment discarding
+ steps are run for only a select few environments: the ones that will
+ never become execution ready because, for example, they failed to load.
-
The first line of an application cache manifest must consist of the string "CACHE", a single
- U+0020 SPACE character, the string "MANIFEST", and either a U+0020 SPACE character, a U+0009
- CHARACTER TABULATION (tab) character, a U+000A LINE FEED (LF) character, or a U+000D CARRIAGE
- RETURN (CR) character. The first line may optionally be preceded by a U+FEFF BYTE ORDER MARK (BOM)
- character. If any other text is found on the first line, it is ignored.
+
Environment settings objects
-
Subsequent lines, if any, must all be one of the following:
+
An environment settings object is an environment that
+ additionally specifies algorithms for:
- - A blank line
-
-
-
Blank lines must consist of zero or more U+0020 SPACE and
- U+0009 CHARACTER TABULATION (tab) characters only.
+ - A realm execution
+ context
- - A comment
-
-
Comment lines must consist of zero or more U+0020 SPACE and U+0009 CHARACTER TABULATION (tab)
- characters, followed by a single U+0023 NUMBER SIGN character (#), followed by zero or more
- characters other than U+000A LINE FEED (LF) and U+000D CARRIAGE RETURN (CR) characters.
+ A JavaScript execution context shared by all
+ scripts that use this settings object, i.e. all scripts in a given
+ JavaScript realm. When we run a classic script or run a module
+ script, this execution context becomes the top of the JavaScript execution context
+ stack, on top of which another execution context specific to the script in question is
+ pushed. (This setup ensures ParseScript and Source
+ Text Module Record's Evaluate know which Realm to
+ use.)
+
- Comments need to be on a line on their own. If they were to be included on a
- line with a URL, the "#" would be mistaken for part of a fragment.
+ - A module map
- - A section header
-
-
Section headers change the current section. There are four possible section headers:
-
-
- CACHE:
- - Switches to the explicit section.
+
A module map that is used when importing JavaScript modules.
+
- FALLBACK:
- - Switches to the fallback section.
+
- A responsible document
- NETWORK:
- - Switches to the online safelist section.
+
-
+
A Document that is assigned responsibility for actions taken by the scripts that
+ use this environment settings object.
- SETTINGS:
- - Switches to the settings section.
-
+ For example, the URL of the
+ responsible document is used to set the URL of the Document after it has been reset
+ using document.open().
- Section header lines must consist of zero or more U+0020 SPACE and U+0009 CHARACTER
- TABULATION (tab) characters, followed by one of the names above (including the U+003A COLON
- character (:)) followed by zero or more U+0020 SPACE and U+0009 CHARACTER TABULATION (tab)
- characters.
+ If the responsible event loop is not a window event loop, then the
+ environment settings object has no responsible document.
+
- Ironically, by default, the current section is the explicit section.
+ - An API URL character encoding
- - Data for the current section
-
-
The format that data lines must take depends on the current section.
+ A character encoding used to encode URLs by APIs called by scripts that use this environment
+ settings object.
+
- When the current section is the explicit
- section, data lines must consist of zero or more U+0020 SPACE and U+0009 CHARACTER
- TABULATION (tab) characters, a valid URL string identifying a resource other than
- the manifest itself, and then zero or more U+0020 SPACE and U+0009 CHARACTER TABULATION (tab)
- characters.
+ - An API base URL
+
+ -
+
A URL used by APIs called by scripts that use this environment settings
+ object to parse URLs.
+
- When the current section is the fallback
- section, data lines must consist of zero or more U+0020 SPACE and U+0009 CHARACTER
- TABULATION (tab) characters, a valid URL string identifying a resource other than
- the manifest itself, one or more U+0020 SPACE and U+0009 CHARACTER TABULATION (tab) characters,
- another valid URL string identifying a resource other than the manifest itself, and
- then zero or more U+0020 SPACE and U+0009 CHARACTER TABULATION (tab) characters.
+ - An origin
- When the current section is the online
- safelist section, data lines must consist of zero or more U+0020 SPACE and U+0009
- CHARACTER TABULATION (tab) characters, either a single U+002A ASTERISK character (*) or a valid URL string identifying a
- resource other than the manifest itself, and then zero or more U+0020 SPACE and U+0009 CHARACTER
- TABULATION (tab) characters.
+ -
+
An origin used in security checks.
+
- When the current section is the settings
- section, data lines must consist of zero or more U+0020 SPACE and U+0009 CHARACTER
- TABULATION (tab) characters, a setting,
- and then zero or more U+0020 SPACE and U+0009 CHARACTER TABULATION (tab) characters.
+ - A referrer policy
- Currently only one setting is
- defined:
+ The default referrer policy for fetches
+ performed using this environment settings object as a request client. [
- ]
- - The cache mode setting
+ - An embedder policy
- - This consists of the string "
prefer-online". It sets the cache mode to prefer-online. (The cache mode defaults to fast.)
-
+ An embedder policy used by cross-origin resource policy checks for fetches
+ performed using this environment settings object as a request client.
Within a settings section, each setting must occur no more than once.
+ - A cross-origin isolated capability
-
+ A boolean representing whether scripts that use this environment settings
+ object are allowed to use APIs that require cross-origin isolation.
-
Manifests may contain sections more than once. Sections may be empty.
-
-
URLs that are to be fallback pages associated with fallback namespaces, and those namespaces themselves,
- must be given in fallback sections, with
- the namespace being the first URL of the data line, and the corresponding fallback page being the
- second URL. All the other pages to be cached must be listed in explicit sections.
+
An environment settings object also has an outstanding rejected promises
+ weak set and an about-to-be-notified rejected promises list, used to track
+ unhandled promise rejections. The outstanding
+ rejected promises weak set must not create strong references to any of its members, and
+ implementations are free to limit its size, e.g. by removing old entries from it when new ones
+ are added.
-
Fallback namespaces and fallback entries must have the same origin
- as the manifest itself. Fallback namespaces
- must also be in the same path as the manifest's URL.
+
An environment settings object's responsible event loop is its global
+ object's relevant agent's event
+ loop.
-
A fallback namespace must not be listed more
- than once.
+
Realms, settings objects, and global objects
-
Namespaces that the user agent is to put into the online safelist must all be specified in online safelist sections. (This is needed for
- any URL that the page is intending to use to communicate back to the server.) To specify that all
- URLs are automatically safelisted in this way, a U+002A ASTERISK character (*) may be specified
- as one of the URLs.
+
A global object is a JavaScript object that is the [[GlobalObject]] field of
+ a JavaScript realm.
-
Authors should not include namespaces in the online safelist for which another namespace in
- the online safelist is a prefix
- match.
+
In this specification, all JavaScript
+ realms are created with global objects that are either Window or
+ WorkerGlobalScope objects.
-
Relative URLs must be given relative to the manifest's own
- URL. All URLs in the manifest must have the same scheme as
- the manifest itself (either explicitly or implicitly, through the use of relative URLs).
+
There is always a 1-to-1-to-1 mapping between JavaScript
+ realms, global objects, and environment settings objects:
-
URLs in manifests must not have fragments (i.e. the
- U+0023 NUMBER SIGN character isn't allowed in URLs in manifests).
+
+ A JavaScript realm has a [[HostDefined]] field, which contains the Realm's
+ settings object.
Fallback namespaces and namespaces in the
- online safelist are matched by prefix
- match.
+ A JavaScript realm has a [[GlobalObject]] field, which contains the Realm's global
+ object.
Each global object in this specification is created during the creation of a corresponding JavaScript
+ realm, known as the global object's Realm.
+
Each global object in this
+ specification is created alongside a corresponding environment settings object,
+ known as its relevant settings object.
- Parsing cache manifests
+ An environment settings object's realm execution context's
+ Realm component is the environment settings object's Realm.
-
When a user agent is to parse a manifest, it means that the user agent must run the
- following steps:
-
-
- -
-
UTF-8 decode the byte stream corresponding with the manifest to be parsed.
-
- The UTF-8 decode algorithm strips a leading BOM, if any.
-
-
-
-
- Let base URL be the absolute URL representing the
- manifest.
Apply the URL parser to base URL, and let manifest path
- be the path component thus obtained.
Remove all the characters in manifest path after the last U+002F SOLIDUS
- character (/), if any. (The first character and the last character in manifest path
- after this step will both be slashes, the URL path separator character.)
Apply the URL parser steps to the base URL, so that the
- components from its URL record can be used by the subsequent steps of this
- algorithm.
Let explicit URLs be an initially empty list of absolute URLs for explicit
- entries.
Let fallback URLs be an initially empty mapping of fallback namespaces to absolute URLs for fallback
- entries.
Let online safelist namespaces be an initially empty list of absolute URLs for an online safelist.
Let online safelist wildcard flag be blocking.
Let cache mode flag be fast.
Let input be the decoded text of the manifest's byte stream.
Let position be a pointer into input, initially
- pointing at the first character.
If the characters starting from position are "CACHE", followed by a
- U+0020 SPACE character, followed by "MANIFEST", then advance position to the
- next character after those. Otherwise, this isn't a cache manifest; return with a
- failure while checking for the magic signature.
If the character at position is neither a U+0020 SPACE character, a
- U+0009 CHARACTER TABULATION (tab) character, U+000A LINE FEED (LF) character, nor a U+000D
- CARRIAGE RETURN (CR) character, then this isn't a cache manifest; return with a
- failure while checking for the magic signature.
This is a cache manifest. The algorithm cannot fail beyond
- this point (though bogus lines can get ignored).
Collect a sequence of code points that are not U+000A LINE FEED (LF)
- or U+000D CARRIAGE RETURN (CR) characters from input given position, and
- ignore those characters. (Extra text on the first line, after the signature, is
- ignored.)
Let mode be "explicit".
Start of line: If position is past the end of input, then
- jump to the last step. Otherwise, collect a sequence of code points that are U+000A
- LINE FEED (LF), U+000D CARRIAGE RETURN (CR), U+0020 SPACE, or U+0009 CHARACTER TABULATION (tab)
- characters from input given position.
Now, collect a sequence of code points that are not U+000A LINE FEED
- (LF) or U+000D CARRIAGE RETURN (CR) characters from input given position,
- and let the result be line.
Drop any trailing U+0020 SPACE and U+0009 CHARACTER TABULATION (tab) characters at the end
- of line.
If line is the empty string, then jump back to the step labeled start
- of line.
If the first character in line is a U+0023 NUMBER SIGN character (#),
- then jump back to the step labeled start of line.
If line equals "CACHE:" (the word "CACHE" followed by a U+003A COLON
- character (:)), then set mode to "explicit" and jump back to the step labeled
- start of line.
If line equals "FALLBACK:" (the word "FALLBACK" followed by a U+003A
- COLON character (:)), then set mode to "fallback" and jump back to the step
- labeled start of line.
If line equals "NETWORK:" (the word "NETWORK" followed by a U+003A
- COLON character (:)), then set mode to "online safelist" and jump back to
- the step labeled start of line.
If line equals "SETTINGS:" (the word "SETTINGS" followed by a U+003A
- COLON character (:)), then set mode to "settings" and jump back to the step
- labeled start of line.
If line ends with a U+003A COLON character (:), then set mode to "unknown" and jump back to the step labeled start of line.
This is either a data line or it is syntactically incorrect.
Let position be a pointer into line, initially
- pointing at the start of the string.
Let tokens be a list of strings, initially empty.
-
-
While position doesn't point past the end of line:
-
-
- Let current token be an empty string.
While position doesn't point past the end of line and the character at position is neither a U+0020 SPACE
- nor a U+0009 CHARACTER TABULATION (tab) character, add the character at position to current token and advance position to the next character in input.
Add current token to the tokens list.
While position doesn't point past the end of line and the character at position is either a U+0020 SPACE
- or a U+0009 CHARACTER TABULATION (tab) character, advance position to the
- next character in input.
-
-
- -
-
Process tokens as follows:
-
-
-
- - If mode is "explicit"
-
- -
-
Let urlRecord be the result of parsing the
- first item in tokens with base URL; ignore the rest.
-
- If urlRecord is failure, then jump back to the step labeled start of
- line.
-
- If urlRecord has a different scheme
- component than base URL (the manifest's URL), then jump back to the step labeled
- start of line.
-
- Let new URL be the result of applying the URL serializer algorithm to urlRecord, with
- the exclude fragment flag set.
-
- Add new URL to the explicit URLs.
-
-
- - If mode is "fallback"
-
- -
-
Let part one be the first token in tokens, and let
- part two be the second token in tokens.
-
- Let urlRecordOne be the result of parsing
- part one with base URL.
-
- Let urlRecordTwo be the result of parsing
- part two with base URL.
-
- If either urlRecordOne or urlRecordTwo are failure, then jump back to
- the step labeled start of line.
-
- If the origin of either urlRecordOne or
- urlRecordTwo is not same origin with the manifest's URL origin, then jump back to the step labeled start of
- line.
-
- Let part one path be the path component
- of urlRecordOne.
-
- If manifest path is not a prefix match for part one
- path, then jump back to the step labeled start of line.
-
-
- Let part one be the result of applying the URL serializer algorithm to urlRecordOne,
- with the exclude fragment flag set.
-
- Let part two be the result of applying the URL serializer algorithm to urlRecordTwo,
- with the exclude fragment flag set.
-
- If part one is already in the fallback URLs mapping
- as a fallback namespace, then jump back to
- the step labeled start of line.
-
- Otherwise, add part one to the fallback URLs
- mapping as a fallback namespace, mapped to
- part two as the fallback
- entry.
-
-
- - If mode is "online safelist"
-
- -
-
If the first item in tokens is a U+002A ASTERISK character (*), then
- set online safelist wildcard flag to open and jump back
- to the step labeled start of line.
-
- Otherwise, let urlRecord be the result of parsing the first item in tokens with base URL.
-
- If urlRecord is failure, then jump back to the step labeled start of
- line.
-
- If urlRecord has a different scheme
- component than base URL (the manifest's URL), then jump back to the step labeled
- start of line.
-
- Let new URL be the result of applying the URL serializer algorithm to urlRecord, with
- the exclude fragment flag set.
-
- Add new URL to the online safelist namespaces.
-
-
- - If mode is "settings"
-
- -
-
If tokens contains a single token, and that token is "prefer-online", then set cache mode flag to prefer-online
- and jump back to the step labeled start of line.
-
- Otherwise, the line is an unsupported setting: do nothing; the line is ignored.
-
-
- - If mode is "unknown"
-
- -
-
Do nothing. The line is ignored.
-
-
-
-
- Jump back to the step labeled start of line. (That step jumps to the next, and last,
- step when the end of the file is reached.)
Return the explicit URLs list, the fallback URLs
- mapping, the online safelist namespaces, the online safelist
- wildcard flag, and the cache mode flag.
-
-
-
-
The resource that declares the manifest (with the manifest attribute) will always get taken from the cache,
- whether it is listed in the cache or not, even if it is listed in an online safelist namespace.
-
-
If a resource is listed in the explicit
- section or as a fallback entry in the fallback section, the resource will always be
- taken from the cache, regardless of any other matching entries in the fallback namespaces or online safelist namespaces.
-
-
When a fallback namespace and an online safelist namespace overlap, the online safelist namespace has priority.
-
-
The online safelist wildcard
- flag is applied last, only for URLs that match neither the online safelist namespace nor the fallback namespace and that are not listed in the
- explicit section.
-
-
-
-
-
Downloading or updating an application cache
-
-
When the user agent is required (by other parts of this specification) to start the
- application cache download process for an absolute URL purported to
- identify a manifest, or for an application
- cache group, potentially given a particular cache host, and potentially given
- a primary resource, the user agent must run the steps
- below. These steps are always run in parallel with the event loop
- tasks.
-
-
Some of these steps have requirements that only apply if the user agent shows caching
- progress. Support for this is optional. Caching progress UI could consist of a progress bar
- or message panel in the user agent's interface, or an overlay, or something else. Certain events
- fired during the application cache download process allow the script to override the
- display of such an interface. (Such events are delayed until after the load event has fired.)
-
- The goal of this is to allow web applications to provide more
- seamless update mechanisms, hiding from the user the mechanics of the application cache mechanism.
- User agents may display user interfaces independent of this, but are encouraged to not show
- prominent update progress notifications for applications that cancel the relevant events.
-
-
The application cache download process steps are as follows:
-
-
- Optionally, wait until the permission to start the application cache download
- process has been obtained from the user and until the user agent is confident that the
- network is available. This could include doing nothing until the user explicitly opts-in to
- caching the site, or could involve prompting the user for permission. The algorithm might never
- get past this point. (This step is particularly intended to be used by user agents running on
- severely space-constrained devices or in highly privacy-sensitive environments).
-
-
Atomically, so as to avoid race conditions, perform the following substeps:
-
-
- -
-
Pick the appropriate substeps:
-
-
-
- - If these steps were invoked with an absolute URL purported to identify a
- manifest
-
- -
-
Let manifest URL be that absolute URL.
-
- If there is no application cache group identified by manifest
- URL, then create a new application cache group identified by manifest URL. Initially, it has no application caches. One will be created later in this algorithm.
-
-
-
- - If these steps were invoked with an application cache group
-
- -
-
Let manifest URL be the absolute URL of the manifest used to identify the application
- cache group to be updated.
-
- If that application cache group is obsolete, then abort this instance of the
- application cache download process. This can happen if another instance of this
- algorithm found the manifest to be 404 or 410 while this algorithm was waiting in the first
- step above.
-
-
-
-
- Let cache group be the application cache group
- identified by manifest URL.
If these steps were invoked with a primary
- resource, then add the resource, along with the resource's Document, to cache group's list of pending
- primary entries.
-
-
If these steps were invoked with a cache host, and the status of cache group is
- checking or downloading, then queue a post-load task to run these
- steps:
-
-
- Let showProgress be the result of firing
- an event named checking at the
- ApplicationCache singleton of that cache host, with the cancelable attribute initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that the
- user agent is checking to see if it can download the application.
-
-
- -
-
If these steps were invoked with a cache host, and the status of cache group is
- downloading, then also queue a post-load task to run these steps:
-
-
- Let showProgress be the result of firing
- an event named downloading at the
- ApplicationCache singleton of that cache host, with the cancelable attribute initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user the
- application is being downloaded.
-
-
- If the status of the cache
- group is either checking or downloading, then abort this instance of the
- application cache download process, as an update is already in progress.
Set the status of cache
- group to checking.
-
- -
-
For each cache host associated with an application cache in
- cache group, queue a post-load task run these steps:
-
-
- Let showProgress be the result of firing
- an event named checking at the
- ApplicationCache singleton of the cache host, with the cancelable attribute initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that the
- user agent is checking for the availability of updates.
-
-
-
- The remainder of the steps run in parallel.
-
- If cache group already has an application cache in it, then
- this is an upgrade attempt. Otherwise, this is a
- cache attempt.
-
-
- -
-
If this is a cache attempt, then this algorithm
- was invoked with a cache host; queue a post-load task to run these
- steps:
-
-
- Let showProgress be the result of firing an
- event named checking at the
- ApplicationCache singleton of that cache host, with the cancelable attribute initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that the user
- agent is checking for the availability of updates.
-
-
- Let request be a new request whose
- url is manifest URL, client is null, destination is the empty string, referrer is "no-referrer",
- synchronous flag is set, credentials
- mode is "include", and whose use-URL-credentials
- flag is set.
-
-
Fetching the manifest: Let manifest be the result of fetching request. HTTP caching semantics should be
- honored for this request.
-
- Parse manifest's body according to the
- rules for parsing manifests, obtaining a list of
- explicit entries, fallback entries and the fallback namespaces that map to them, entries for
- the online safelist, and values for the
- online safelist wildcard flag
- and the cache mode flag.
-
- The MIME type of the resource is ignored — it is assumed to
- be text/cache-manifest. In the future, if new manifest formats are supported, the
- different types will probably be distinguished on the basis of the file signatures (for the
- current format, that is the "CACHE MANIFEST" string at the top of the
- file).
-
-
- -
-
If fetching the manifest fails due to a 404 or 410 response status, then run these
- substeps:
-
-
- Mark cache group as obsolete. This cache group no
- longer exists for any purpose other than the processing of Document objects
- already associated with an application cache in the cache
- group.
Let task list be an empty list of tasks.
-
- -
-
For each cache host associated with an application cache in
- cache group, create a task to run these
- steps and append it to task list:
-
-
- Let showProgress be the result of firing
- an event named obsolete at the
- ApplicationCache singleton of the cache host, with the cancelable attribute initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that the
- application is no longer available for offline use.
-
-
- -
-
For each entry in cache group's list of pending primary entries, create a
- task to run these steps and append it to task
- list:
-
-
- Let showProgress be the result of firing
- an event named error (not obsolete!) at the ApplicationCache
- singleton of the Document for this entry, if there still is one, with the cancelable attribute initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that the
- user agent failed to save the application for offline use.
-
-
- If cache group has an application cache whose completeness flag is incomplete, then
- discard that application cache.
-
- If appropriate, remove any user interface indicating that an update for this cache is in
- progress.
Let the status of cache
- group be idle.
For each task in task list, queue that task as a post-load task.
Abort the application cache download process.
-
-
- -
-
Otherwise, if fetching the manifest fails in some other way (e.g. the server returns
- another 4xx or 5xx response, or there is a DNS error, or the connection times out, or the user
- cancels the download, or the parser for manifests fails when checking the magic signature), or
- if the server returned a redirect, then run the cache failure steps.
-
-
- -
-
If this is an upgrade attempt and the newly
- downloaded manifest is byte-for-byte identical to the manifest found in the
- newest application cache in cache
- group, or the response status is 304, then run these substeps:
-
-
- Let cache be the newest
- application cache in cache group.
Let task list be an empty list of tasks.
-
- -
-
For each entry in cache group's list of pending primary entries, wait for the
- resource for this entry to have either completely downloaded or failed.
-
- If the download failed (e.g. the server returns a 4xx or 5xx response, or there is a DNS
- error, the connection times out, or the user cancels the download), or if the resource is
- labeled with the "no-store" cache directive, then create a task to run these steps and append it to task
- list:
-
-
- Let showProgress be the result of firing
- an event named error at the
- ApplicationCache singleton of the Document for this entry, if there
- still is one, with the cancelable attribute
- initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that the
- user agent failed to save the application for offline use.
-
- Otherwise, associate the Document for this entry with cache; store the resource for this entry in cache, if it
- isn't already there, and categorize its entry as a primary entry. If applying the URL parser
- algorithm to the resource's URL results in a URL record that has a
- non-null fragment component, the URL
- used for the entry in cache must instead be the absolute URL
- obtained from applying the URL serializer
- algorithm to the URL record with the exclude fragment flag set
- (application caches never include fragments).
-
-
- -
-
For each cache host associated with an application cache in
- cache group, create a task to run these steps
- and append it to task list:
-
-
- Let showProgress be the result of firing
- an event named noupdate at the
- ApplicationCache singleton of the cache host, with the cancelable attribute initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that the
- application is up to date.
-
-
- Empty cache group's list of pending primary entries.
If appropriate, remove any user interface indicating that an update for this cache is in
- progress.
Let the status of cache
- group be idle.
For each task in task list, queue that task as a post-load task.
Abort the application cache download process.
-
-
- Let new cache be a newly created application cache in
- cache group. Set its completeness
- flag to incomplete.
For each entry in cache group's list of pending primary entries, associate the
- Document for this entry with new cache.
Set the status of cache
- group to downloading.
-
-
For each cache host associated with an application cache in
- cache group, queue a post-load task to run these steps:
-
-
- Let showProgress be the result of firing an
- event named downloading at the
- ApplicationCache singleton of the cache host, with the cancelable attribute initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that a new
- version is being downloaded.
-
-
- Let file list be an empty list of URLs with flags.
Add all the URLs in the list of explicit
- entries obtained by parsing manifest to file list,
- each flagged with "explicit entry".
Add all the URLs in the list of fallback
- entries obtained by parsing manifest to file list,
- each flagged with "fallback entry".
If this is an upgrade attempt, then add all
- the URLs of primary entries in the newest application cache in cache group whose completeness
- flag is complete to file list, each flagged with "primary
- entry".
If any URL is in file list more than once, then merge the entries into
- one entry for that URL, that entry having all the flags that the original entries had.
-
-
For each URL in file list, run the following steps. These steps may be
- run in parallel for two or more of the URLs at a time. If, while running these steps, the
- ApplicationCache object's abort() method
- sends a signal to this instance of the application
- cache download process algorithm, then run the cache failure steps
- instead.
-
-
- -
-
If the resource URL being processed was flagged as neither an "explicit entry" nor or a
- "fallback entry", then the user agent may skip this URL.
-
- This is intended to allow user agents to expire resources not listed in the
- manifest from the cache. Generally, implementers are urged to use an approach that expires
- lesser-used resources first.
-
-
- -
-
For each cache host associated with an application cache in
- cache group, queue a progress post-load task to run these steps:
-
-
- Let showProgress be the result of firing
- an event named progress at the
- ApplicationCache singleton of the cache host, using
- ProgressEvent, with the cancelable
- attribute initialized to true, the lengthComputable attribute initialized to
- true, the total attribute initialized to the
- number of files in file list, and the loaded attribute initialized to the number of files
- in file list that have been either downloaded or skipped so far.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that a file
- is being downloaded in preparation for updating the application.
-
-
- Let request be a new request whose
- url is URL, client is null, destination is the empty string,
- origin is
- manifest URL's origin, referrer is "no-referrer",
- synchronous flag is set, credentials mode is "include", use-URL-credentials flag is set, and redirect mode is "manual".
Fetch request. If this is an
- upgrade attempt, then use the newest application cache in cache
- group as an HTTP cache, and honor HTTP caching semantics (such as expiration, ETags, and
- so forth) with respect to that cache. User agents may also have other caches in place that are
- also honored.
-
-
If the previous step fails (e.g. the server returns a 4xx or 5xx response, or there is a
- DNS error, or the connection times out, or the user cancels the download), or if the server
- returned a redirect, or if the resource is labeled with the "no-store" cache directive, then
- run the first appropriate step from the following list:
-
-
-
- - If the URL being processed was flagged as an "explicit entry" or a "fallback entry"
-
- -
-
If these steps are being run in parallel for any other URLs in file
- list, then abort this algorithm for those other URLs. Run the cache failure
- steps.
-
- Redirects are fatal because they are either indicative of a network problem
- (e.g. a captive portal); or would allow resources to be added to the cache under URLs that
- differ from any URL that the networking model will allow access to, leaving orphan entries;
- or would allow resources to be stored under URLs different than their true URLs. All of
- these situations are bad.
-
-
- - If the error was a 404 or 410 HTTP response
-
- - If the resource was labeled with the "no-store" cache directive
-
- -
-
Skip this resource. It is dropped from the cache.
-
-
- - Otherwise
-
- -
-
Copy the resource and its metadata from the newest application cache in cache group whose completeness
- flag is complete, and act as if that was the fetched resource, ignoring the
- resource obtained from the network.
-
-
-
- User agents may warn the user of these errors as an aid to development.
-
- These rules make errors for resources listed in the manifest fatal, while
- making it possible for other resources to be removed from caches when they are removed from
- the server, without errors, and making non-manifest resources survive server-side errors.
-
- Except for the "no-store" directive, HTTP caching rules that would cause a
- file to be expired or otherwise not cached are ignored for the purposes of the
- application cache download process.
-
-
- -
-
Otherwise, the fetching succeeded. Store the resource in the new
- cache.
-
- If the user agent is not able to store the resource (e.g. because of quota restrictions),
- the user agent may prompt the user or try to resolve the problem in some other manner (e.g.
- automatically pruning content in other caches). If the problem cannot be resolved, the user
- agent must run the cache failure steps.
-
-
- If the URL being processed was flagged as an "explicit entry" in file
- list, then categorize the entry as an explicit
- entry.
If the URL being processed was flagged as a "fallback entry" in file
- list, then categorize the entry as a fallback
- entry.
If the URL being processed was flagged as a "primary entry" in file
- list, then categorize the entry as a primary
- entry.
As an optimization, if the resource is an HTML or XML file whose document
- element is an html element with a manifest attribute whose value doesn't match the manifest
- URL of the application cache being processed, then the user agent should mark the entry as
- being foreign.
-
-
-
- -
-
For each cache host associated with an application cache in
- cache group, queue a progress post-load task to run these steps:
-
-
- Let showProgress be the result of firing an
- event named progress at the
- ApplicationCache singleton of the cache host, using
- ProgressEvent, with the cancelable
- attribute initialized to true, the lengthComputable attribute initialized to
- true, and the total and loaded attributes initialized to the number of files
- in file list.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that all the
- files have been downloaded.
-
-
- Store the list of fallback namespaces,
- and the URLs of the fallback entries that they map
- to, in new cache.
Store the URLs that form the new online
- safelist in new cache.
Store the value of the new online
- safelist wildcard flag in new cache.
Store the value of the new cache mode flag in
- new cache.
-
-
For each entry in cache group's list of pending primary entries, wait for the
- resource for this entry to have either completely downloaded or failed.
-
- If the download failed (e.g. the server returns a 4xx or 5xx response, or there is a DNS
- error, the connection times out, or the user cancels the download), or if the resource is
- labeled with the "no-store" cache directive, then run these substeps:
-
-
- Unassociate the Document for this entry from new
- cache.
-
-
Queue a post-load task to run these steps:
-
-
- Let showProgress be the result of firing
- an event named error at the
- ApplicationCache singleton of the Document for this entry, if there
- still is one, with the cancelable attribute
- initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that the
- user agent failed to save the application for offline use.
-
-
- -
-
If this is a cache attempt and this entry is
- the last entry in cache group's list of pending primary entries, then run these
- further substeps:
-
-
- Discard cache group and its only application cache,
- new cache.
-
- If appropriate, remove any user interface indicating that an update for this cache is
- in progress.
Abort the application cache download process.
-
-
- Otherwise, remove this entry from cache group's list of pending primary entries.
-
- Otherwise, store the resource for this entry in new cache, if it isn't
- already there, and categorize its entry as a primary
- entry.
-
-
- Let request be a new request whose
- url is manifest URL, client is null, destination is the empty string,
- referrer is "no-referrer",
- synchronous flag is set, credentials
- mode is "include", and whose use-URL-credentials
- flag is set.
-
-
Let second manifest be the result of fetching request. HTTP caching semantics should again
- be honored for this request.
-
- Since caching can be honored, authors are encouraged to avoid setting the cache
- headers on the manifest in such a way that the user agent would simply not contact the network
- for this second request; otherwise, the user agent would not notice if the cache had changed
- during the cache update process.
-
-
- -
-
If the previous step failed for any reason, or if the fetching attempt involved a redirect,
- or if second manifest and manifest are not byte-for-byte
- identical, then schedule a rerun of the entire algorithm with the same parameters after a short
- delay, and run the cache failure steps.
-
-
- -
-
Otherwise, store manifest in new cache, if it's not
- there already, and categorize its entry as the
- manifest.
-
-
- Set the completeness flag of new cache to complete.
Let task list be an empty list of tasks.
-
- -
-
If this is a cache attempt, then for each
- cache host associated with an application cache in cache
- group, create a task to run these steps and append it
- to task list:
-
-
- Let showProgress be the result of firing an
- event named cached at the
- ApplicationCache singleton of the cache host, with the cancelable attribute initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that the
- application has been cached and that they can now use it offline.
-
- Otherwise, it is an upgrade attempt. For each
- cache host associated with an application cache in cache
- group, create a task to run these steps and append it
- to task list:
-
-
- Let showProgress be the result of firing an
- event named updateready at the
- ApplicationCache singleton of the cache host, with the cancelable attribute initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that a new
- version is available and that they can activate it by reloading the page.
-
-
- If appropriate, remove any user interface indicating that an update for this cache is in
- progress.
Set the update status of cache
- group to idle.
For each task in task list, queue that task as a post-load task.
-
-
The cache failure steps are as follows:
-
-
- Let task list be an empty list of tasks.
-
- -
-
For each entry in cache group's list of pending primary entries, run the
- following further substeps. These steps may be run in parallel for two or more entries at a
- time.
-
-
- Wait for the resource for this entry to have either completely downloaded or failed.
-
- Unassociate the Document for this entry from its application
- cache, if it has one.
-
-
Create a task to run these steps and append it to
- task list:
-
-
- Let showProgress be the result of firing
- an event named error at the
- ApplicationCache singleton of the Document for this entry, if there
- still is one, with the cancelable attribute
- initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that the
- user agent failed to save the application for offline use.
-
-
-
-
- -
-
For each cache host still associated with an application cache in
- cache group, create a task to run these steps and
- append it to task list:
-
-
- Let showProgress be the result of firing an
- event named error at the
- ApplicationCache singleton of the cache host, with the cancelable attribute initialized to true.
If showProgress is true and the user agent shows caching
- progress, then display some sort of user interface indicating to the user that the user
- agent failed to save the application for offline use.
-
-
- Empty cache group's list of pending primary entries.
If cache group has an application cache whose completeness flag is incomplete, then discard
- that application cache.
-
- If appropriate, remove any user interface indicating that an update for this cache is in
- progress.
Let the status of cache
- group be idle.
If this was a cache attempt, discard cache group altogether.
-
- For each task in task list, queue that task as a post-load task.
Abort the application cache download process.
-
-
Attempts to fetch resources as part of the application cache download process may
- be done with cache-defeating semantics, to avoid problems with stale or inconsistent intermediary
- caches.
-
-
-
-
User agents may invoke the application cache download process, in the background,
- for any application cache group, at any time (with no cache host). This
- allows user agents to keep caches primed and to update caches even before the user visits a
- site.
-
-
-
-
Each Document has a list of pending application cache download process
- tasks that is used to delay events fired by the algorithm above until the document's load event has fired. When the Document is created, the
- list must be empty.
-
-
When the steps above say to queue a post-load task task, where
- task is a task that dispatches an event on a
- target ApplicationCache object target, the user agent must run
- the appropriate steps from the following list:
-
-
- - If target's node document is
- ready for post-load tasks
-
- Queue the task task.
- Otherwise
-
- Add task to target's node document's list
- of pending application cache download process tasks.
-
-
When the steps above say to queue a progress post-load task task, where
- task is a task that dispatches an event on a
- target ApplicationCache object target, the user agent must run
- the following steps:
-
-
- If there is a task in target's node document's list
- of pending application cache download process tasks that is labeled as a
- progress task, then remove that task from the list.
Label task as a progress task.
Queue a post-load task task.
-
-
The task source for these tasks is the
- networking task source.
-
-
-
-
-
The application cache selection algorithm
-
-
When the application cache selection algorithm
- algorithm is invoked with a Document document and optionally a
- manifest URL manifest URL, the user agent must run the first
- applicable set of steps from the following list:
-
-
-
- - If there is a manifest URL, and document was loaded
- from an application cache, and the URL of the manifest of that cache's application cache
- group is not the same as manifest URL
-
- -
-
Mark the entry for the resource from which document was taken in the
- application cache from which it was loaded as foreign.
-
- Restart the current navigation from the top of the navigation
- algorithm, undoing any changes that were made as part of the initial load (changes can be
- avoided by ensuring that the step to update the session history with the new page
- is only ever completed after this application cache
- selection algorithm is run, though this is not required).
-
- The navigation will not result in the same resource being loaded, because
- "foreign" entries are never picked during navigation.
-
- User agents may notify the user of the inconsistency between the cache manifest and the
- document's own metadata, to aid in application development.
-
-
-
- - If document was loaded from an application cache, and that
- application cache still exists (it is not now obsolete)
-
- -
-
Associate document with the application cache from which it
- was loaded. Invoke, in the background, the application cache download process for
- that application cache's application cache group, with document as the cache host.
-
-
-
- - If document was loaded using `
GET`, and, there is a
- manifest URL, and manifest URL has the same origin as
- document
-
- -
-
Invoke, in the background, the application cache download process for manifest URL, with document as the cache host
- and with the resource from which document was parsed as the primary resource.
-
- If there are relevant application caches that
- are identified by a URL with the same origin as the URL of document, and that have this URL as one of their entries, excluding entries
- marked as foreign, then the user agent should use
- the most appropriate application cache of those
- that match as an HTTP cache for any subresource loads. User agents may also have other caches in
- place that are also honored.
-
-
-
- - Otherwise
-
- -
-
The Document is not associated with any application cache.
-
- If there was a manifest URL, the user agent may report to the user that
- it was ignored, to aid in application development.
-
-
-
-
-
-
Changes to the networking model
-
-
If "AppCache" is not removed as a feature this section needs to be
- integrated into the Fetch standard.
-
-
When a cache host is associated with an application cache whose completeness flag is complete, any and all
- loads for resources related to that cache host other than those for child browsing contexts must go through the following steps
- instead of immediately invoking the mechanisms appropriate to that resource's scheme:
-
-
- If the resource is not to be fetched using the GET method, or if applying the URL
- parser algorithm to both its URL and the application cache's
- manifest's URL results in two URL records with different scheme
- components, then fetch the resource normally and return.
If the resource's URL is a primary entry,
- the manifest, an explicit entry, or a fallback entry in the application cache,
- then get the resource from the cache (instead of fetching it), and return.
If there is an entry in the application cache's online safelist that has the same
- origin as the resource's URL and that is a prefix match for the resource's
- URL, then fetch the resource normally and return.
-
-
If the resource's URL has the same origin as the manifest's URL, and there is a
- fallback namespace f in
- the application cache that is a prefix match for the resource's URL,
- then:
-
- Fetch the resource normally. If this results in a redirect to a resource with another
- origin (indicative of a captive portal), or a 4xx or 5xx status code, or if there
- were network errors (but not if the user canceled the download), then instead get, from the
- cache, the resource of the fallback entry
- corresponding to the fallback namespace
- f. Return.
-
-
- If the application cache's online safelist wildcard flag is
- open, then fetch the resource normally and return.
Fail the resource load as if there had been a generic network error.
-
-
The above algorithm ensures that so long as the online safelist wildcard flag is
- blocking, resources that are not present in the manifest will always fail to load (at least, after the
- application cache has been primed the first time), making the testing of offline
- applications simpler.
-
-
-
-
Expiring application caches
-
-
As a general rule, user agents should not expire application caches, except on request from the
- user, or after having been left unused for an extended period of time.
-
-
Application caches and cookies have similar implications with respect to privacy (e.g. if the
- site can identify the user when providing the cache, it can store data in the cache that can be
- used for cookie resurrection). Implementors are therefore encouraged to expose application caches
- in a manner related to HTTP cookies, allowing caches to be expunged together with cookies and
- other origin-specific data.
-
-
For example, a user agent could have a "delete site-specific data" feature that
- clears all cookies, application caches, local storage, databases, etc, from an origin all at
- once.
-
-
-
-
Disk space
-
-
User agents should consider applying constraints on disk usage of application caches, and care should be taken to ensure that the restrictions cannot
- be easily worked around using subdomains.
-
-
User agents should allow users to see how much space each domain is using, and may offer the
- user the ability to delete specific application caches.
-
-
For predictability, quotas should be based on the uncompressed size of data stored.
-
-
-
How quotas are presented to the user is not defined by this specification. User
- agents are encouraged to provide features such as allowing a user to indicate that certain sites
- are trusted to use more than the default quota, e.g. by presenting a non-modal user interface
- while a cache is being updated, or by having an explicit safelist in the user agent's
- configuration interface.
-
-
Security concerns with offline applications caches
-
-
-
- The main risk introduced by offline application caches is that an injection attack can be
- elevated into persistent site-wide page replacement. This attack involves using an injection
- vulnerability to upload two files to the victim site. The first file is an application cache
- manifest consisting of just a fallback entry pointing to the second file, which is an HTML page
- whose manifest is declared as that first file. Once the user has been directed to that second
- file, all subsequent accesses to any file covered by the given fallback namespace while either the
- user or the site is offline will instead show that second file. Targeted denial-of-service
- attacks or cookie bombing attacks (where the client is made to send so many cookies that the
- server refuses to process the request) can be used to ensure that the site appears offline.
-
- To mitigate this, manifests can only specify fallbacks that are in the same path as the
- manifest itself. This means that a content injection upload vulnerability in a particular
- directory on a server can only be escalated to a take-over of that directory and its
- subdirectories. If there is no way to inject a file into the root directory, the entire site
- cannot be taken over.
-
- If a site has been attacked in this way, simply removing the offending manifest might eventually
- clear the problem, since the next time the manifest is updated, a 404 error will be seen, and the
- user agent will clear the cache. "Eventually" is the key word here, however; while the attack on
- the user or server is ongoing, such that connections from an affected user to the affected site
- are blocked, the user agent will simply assume that the user is offline and will continue to use
- the hostile manifest. Unfortunately, if a cookie bombing attack has also been used, merely
- removing the manifest is insufficient; in addition, the server has to be configured to return a
- 404 or 410 response instead of the 413 "Request Entity Too Large" response.
-
- TLS does not inherently protect a site from this attack, since the attack relies on content
- being served from the server itself. Not using application caches also does not prevent this
- attack, since the attack relies on an attacker-provided manifest.
-
-
-
- Application cache API
-
-
[SecureContext,
- Exposed=Window]
-interface ApplicationCache : EventTarget {
-
- // update status
- const unsigned short UNCACHED = 0;
- const unsigned short IDLE = 1;
- const unsigned short CHECKING = 2;
- const unsigned short DOWNLOADING = 3;
- const unsigned short UPDATEREADY = 4;
- const unsigned short OBSOLETE = 5;
- readonly attribute unsigned short status;
-
- // updates
- undefined update();
- undefined abort();
- undefined swapCache();
-
- // events
- attribute EventHandler onchecking;
- attribute EventHandler onerror;
- attribute EventHandler onnoupdate;
- attribute EventHandler ondownloading;
- attribute EventHandler onprogress;
- attribute EventHandler onupdateready;
- attribute EventHandler oncached;
- attribute EventHandler onobsolete;
-};
-
-
-
- - cache = window .
applicationCache
- -
-
Returns the ApplicationCache object that applies to the active
- document of that Window.
-
-
- - cache .
status
- -
-
Returns the current status of the application cache, as given by the constants defined
- below.
-
-
- - cache .
update()
- -
-
Invokes the application cache download process.
-
- Throws an "InvalidStateError" DOMException if there is
- no application cache to update.
-
- Calling this method is not usually necessary, as user agents will generally take care of
- updating application caches automatically.
-
- The method can be useful in situations such as long-lived applications. For example, a web
- mail application might stay open in a browser tab for weeks at a time. Such an application could
- want to test for updates each day.
-
-
- - cache .
abort()
- -
-
Cancels the application cache download process.
-
- This method is intended to be used by web application showing their own caching progress UI,
- in case the user wants to stop the update (e.g. because bandwidth is limited).
-
-
- - cache .
swapCache()
- -
-
Switches to the most recent application cache, if there is a newer one. If there isn't,
- throws an "InvalidStateError" DOMException.
-
- This does not cause previously-loaded resources to be reloaded; for example, images do not
- suddenly get reloaded and style sheets and scripts do not get reparsed or reevaluated. The only
- change is that subsequent requests for cached resources will obtain the newer copies.
-
- The updateready event will fire before this
- method can be called. Once it fires, the web application can, at its leisure, call this method
- to switch the underlying cache to the one with the more recent updates. To make proper use of
- this, applications have to be able to bring the new features into play; for example, reloading
- scripts to enable new features.
-
- An easier alternative to swapCache() is just to
- reload the entire page at a time suitable for the user, using location.reload().
-
-
-
-
-
-
There is a one-to-one mapping from cache hosts to
- ApplicationCache objects. The applicationCache attribute on Window
- objects must return the ApplicationCache object associated with the
- Window object's active document.
-
-
A Document has an associated ApplicationCache object
- even if that cache host has no actual application cache.
-
-
-
-
The status attribute, on getting, must return the current
- state of the application cache that the ApplicationCache object's
- cache host is associated with, if any. This must be the appropriate value from the
- following list:
-
-
-
-
- UNCACHED (numeric value 0)The ApplicationCache object's cache host is not associated with
- an application cache at this time.
IDLE (numeric value 1)The ApplicationCache object's cache host is associated with an
- application cache whose application cache group's update status is idle, and that application
- cache is the newest cache in its
- application cache group, and the application cache group is not marked
- as obsolete.
CHECKING (numeric value 2)The ApplicationCache object's cache host is associated with an
- application cache whose application cache group's update status is checking.
DOWNLOADING (numeric value 3)The ApplicationCache object's cache host is associated with an
- application cache whose application cache group's update status is downloading.
UPDATEREADY (numeric value 4)The ApplicationCache object's cache host is associated with an
- application cache whose application cache group's update status is idle, and whose application
- cache group is not marked as obsolete, but
- that application cache is not the newest cache in its group.
OBSOLETE (numeric value 5)The ApplicationCache object's cache host is associated with an
- application cache whose application cache group is marked as obsolete.
-
-
-
-
-
-
If the update() method is invoked, the user agent must invoke
- the application cache download process, in the background, for the application
- cache group of the application cache with which the
- ApplicationCache object's cache host is associated, but without giving
- that cache host to the algorithm. If there is no such application cache,
- or if its application cache group is marked as obsolete, then the method must throw an
- "InvalidStateError" DOMException instead.
-
-
If the abort() method is invoked, the user agent must send
- a signal to the current application cache download process for the
- application cache group of the application cache with which the
- ApplicationCache object's cache host is associated, if any. If there is
- no such application cache, or it does not have a current application cache
- download process, then do nothing.
-
-
If the swapCache() method is invoked,
- the user agent must run the following steps:
-
-
- Check that ApplicationCache object's cache host is associated
- with an application cache. If it is not, then throw an
- "InvalidStateError" DOMException.
Let cache be the application cache with which the
- ApplicationCache object's cache host is associated. (By definition,
- this is the same as the one that was found in the previous step.)
If cache's application cache group is marked as obsolete, then unassociate the
- ApplicationCache object's cache host from cache and
- return. (Resources will now load from the network instead of the cache.)
Check that there is an application cache in the same application cache group
- as cache whose completeness
- flag is complete and that is newer than
- cache. If there is not, then throw an "InvalidStateError"
- DOMException exception.
Let new cache be the newest application cache in the same
- application cache group as cache whose completeness flag is complete.
Unassociate the ApplicationCache object's cache host from cache and instead associate it with new cache.
-
-
The following are the event handlers (and their corresponding event handler event types) that must be
- supported, as event handler IDL attributes, by all objects implementing the
- ApplicationCache interface:
-
-
-
- | Event handler | Event handler event type
- |
|---|
- onchecking | checking
- |
onerror | error
- |
onnoupdate | noupdate
- |
ondownloading | downloading
- |
onprogress | progress
- |
onupdateready | updateready
- |
oncached | cached
- |
onobsolete | obsolete
- |
-
-
-
-
-
Browser state
-
-
interface mixin NavigatorOnLine {
- readonly attribute boolean onLine;
-};
-
-
- - self .
navigator . onLine
-
- -
-
Returns false if the user agent is definitely offline (disconnected from the network).
- Returns true if the user agent might be online.
-
- The events online and offline are fired when the value of this attribute changes.
-
-
-
-
-
-
The navigator.onLine attribute must return
- false if the user agent will not contact the network when the user follows links or when a script
- requests a remote page (or knows that such an attempt would fail), and must return true
- otherwise.
-
-
When the value that would be returned by the navigator.onLine attribute of a Window or
- WorkerGlobalScope global changes from true to false, the user agent must
- queue a global task on the networking task source given
- global to fire an event named offline at global.
-
-
On the other hand, when the value that would be returned by the navigator.onLine attribute of a Window or
- WorkerGlobalScope global changes from false to true, the user agent must
- queue a global task on the networking task source given
- global to fire an event named online at the Window or WorkerGlobalScope
- object.
-
-
-
-
This attribute is inherently unreliable. A computer can be connected to a network
- without having Internet access.
-
-
-
-
In this example, an indicator is updated as the browser goes online and offline.
-
-
<!DOCTYPE HTML>
-<html lang="en">
- <head>
- <title>Online status</title>
- <script>
- function updateIndicator() {
- document.getElementById('indicator').textContent = navigator.onLine ? 'online' : 'offline';
- }
- </script>
- </head>
- <body onload="updateIndicator()" ononline="updateIndicator()" onoffline="updateIndicator()">
- <p>The network is: <span id="indicator">(state unknown)</span>
- </body>
-</html>
-
-
-
-
-
-
-
Web application APIs
-
-
Scripting
-
-
Introduction
-
-
Various mechanisms can cause author-provided executable code to run in the context of a
- document. These mechanisms include, but are probably not limited to:
-
-
-
- - Processing of
script elements.
-
- - Navigating to
javascript: URLs.
-
- - Event handlers, whether registered through the DOM using
addEventListener(), by explicit event handler content attributes, by
- event handler IDL attributes, or otherwise.
-
- - Processing of technologies like SVG that have their own scripting features.
-
-
-
-
Agents and agent clusters
-
-
Integration with the JavaScript agent formalism
-
-
JavaScript defines the concept of an agent. This section gives the mapping of that
- language-level concept on to the web platform.
-
-
-
Conceptually, the agent concept is an architecture-independent, idealized
- "thread" in which JavaScript code runs. Such code can involve multiple globals/realms that can synchronously access each other, and
- thus needs to run in a single execution thread.
-
-
Two Window objects having the same agent does not indicate
- they can directly access all objects created in each other's realms. They would have to be
- same origin-domain; see IsPlatformObjectSameOrigin.
-
-
-
The following types of agents exist on the web platform:
-
-
- - Similar-origin window agent
- -
-
Contains various Window objects which can potentially reach each other, either
- directly or by using document.domain.
-
- If the encompassing agent cluster's cross-origin isolated is true,
- then all the Window objects will be same origin, can reach each other
- directly, and document.domain will no-op.
-
- Two Window objects that are same origin can be in
- different similar-origin window agents, for
- instance if they are each in their own browsing context group.
-
-
- - Dedicated worker agent
- Contains a single DedicatedWorkerGlobalScope.
- Shared worker agent
- Contains a single SharedWorkerGlobalScope.
- Service worker agent
- Contains a single ServiceWorkerGlobalScope.
- Worklet agent
- -
-
Contains a single WorkletGlobalScope object.
-
- Although a given worklet can have multiple realms, each such realm needs its own
- agent, as each realm can be executing code independently and at the same time as the others.
-
-
-
-
Only shared and dedicated worker agents allow the use of JavaScript Atomics APIs to
- potentially block.
-
-
-
-
To create an agent, given a boolean canBlock:
-
-
- Let signifier be a new unique internal value.
Let candidateExecution be a new candidate execution.
Let agent be a new agent whose [[CanBlock]] is
- canBlock, [[Signifier]] is signifier, [[CandidateExecution]] is
- candidateExecution, and [[IsLockFree1]], [[IsLockFree2]], and [[LittleEndian]] are set
- at the implementation's discretion.
Set agent's event loop to a new
- event loop.
Return agent.
-
-
The relevant agent for a platform object
- platformObject is platformObject's relevant Realm's agent. This pointer is not yet defined in the JavaScript specification; see tc39/ecma262#1357.
-
-
The agent equivalent of the current Realm Record is the
- surrounding agent.
-
-
-
-
Integration with the JavaScript agent cluster formalism
-
-
JavaScript also defines the concept of an agent cluster, which this standard maps
- to the web platform by placing agents appropriately when they are created using the
- obtain a similar-origin window agent or
- obtain a worker/worklet agent
- algorithms.
-
-
The agent cluster concept is crucial for defining the JavaScript memory model, and
- in particular among which agents the backing data of
- SharedArrayBuffer objects can be shared.
-
-
Conceptually, the agent cluster concept is an
- architecture-independent, idealized "process boundary" that groups together multiple "threads"
- (agents). The agent clusters
- defined by the specification are generally more restrictive than the actual process boundaries
- implemented in user agents. By enforcing these idealized divisions at the specification level, we
- ensure that web developers see interoperable behavior with regard to shared memory, even in the
- face of varying and changing user agent process models.
-
-
-
-
An agent cluster has an associated cross-origin isolated (a boolean),
- which is initially false.
-
-
An agent cluster has an associated origin-isolated (a boolean), which
- is initially false.
-
-
-
-
The following defines the allocation of the agent clusters
- of similar-origin window agents.
-
-
An agent cluster key is a site or tuple origin. Without web developer action to achieve origin isolation, it will be a site.
-
-
An equivalent formulation is that an agent cluster key can be a
- scheme-and-host or an origin.
-
-
To obtain a similar-origin window agent,
- given an origin origin, a browsing context group
- group, and a boolean requestsOI, run these steps:
-
-
- Let site be the result of obtaining a site
- with origin.
Let key be site.
If group's cross-origin
- isolated is true, then set key to origin.
Otherwise, if group's historical agent cluster key
- map[origin] exists, then set key to
- group's historical agent cluster key map[origin].
-
-
Otherwise:
-
-
- If requestsOI is true, then set key to origin.
Set group's historical agent cluster key map[origin]
- to key.
-
-
- -
-
If group's agent cluster map[key] does not exist, then:
-
-
- Let agentCluster be a new agent cluster.
Set agentCluster's cross-origin isolated to group's
- cross-origin isolated.
Set agentCluster's origin-isolated to true if key
- equals origin; otherwise false.
Add the result of creating an agent, given false,
- to agentCluster.
Set group's agent cluster map[key] to
- agentCluster.
-
-
- Return the single similar-origin window agent contained in group's
- agent cluster map[key].
-
-
This means that there is only one similar-origin window agent per
- browsing context agent cluster. (However, dedicated
- worker and worklet agents might be in the same
- cluster.)
-
-
-
-
The following defines the allocation of the agent clusters
- of all other types of agents.
-
-
To obtain a worker/worklet agent, given an
- environment settings object or null outside settings, a boolean
- isTopLevel, and a boolean canBlock, run these steps:
-
-
- Let agentCluster be null.
-
-
-
-
If isTopLevel is true, then:
-
-
- Set agentCluster to a new agent cluster.
-
-
Set agentCluster's origin-isolated to true.
-
- These workers can be considered to be origin-isolated. However, this is not
- exposed through any APIs (in the way that originIsolated exposes the origin-isolation state for
- windows).
-
-
-
-
- -
-
Otherwise:
-
-
- Assert: outside settings is not null.
Let ownerAgent be outside settings's Realm's agent.
Set agentCluster to the agent cluster which contains
- ownerAgent.
-
-
- Let agent be the result of creating an
- agent given canBlock.
Add agent to agentCluster.
Return agent.
-
-
To obtain a dedicated/shared worker agent, given an environment settings
- object outside settings and a boolean isShared, return the result of
- obtaining a worker/worklet agent given outside settings,
- isShared, and true.
-
-
To obtain a worklet agent, given an environment settings object
- outside settings, return the result of obtaining a worker/worklet agent
- given outside settings, false, and false.
-
-
To obtain a service worker agent, return the result of obtaining a
- worker/worklet agent given null, true, and false.
-
-
-
-
-
-
-
The following pairs of global objects are each within the same agent cluster, and
- thus can use SharedArrayBuffer instances to share memory with each other:
-
-
- - A
Window object and a dedicated worker that it created.
-
- - A worker (of any type) and a dedicated worker it created.
-
- - A
Window object A and the Window object of an
- iframe element that A created that could be same
- origin-domain with A.
-
- - A
Window object and a same origin-domain Window
- object that opened it.
-
- - A
Window object and a worklet that it created.
-
-
-
The following pairs of global objects are not within the same agent
- cluster, and thus cannot share memory:
-
-
- - A
Window object and a shared worker it created.
-
- - A worker (of any type) and a shared worker it created.
-
- - A
Window object and a service worker it created.
-
- - A
Window object and the Window object of an
- iframe element that A created that cannot be same
- origin-domain with A.
-
- - Any two
Window objects whose browsing
- contexts do not have a non-null opener or
- ancestor relationship. This holds even if the
- two Window objects are same origin.
-
-
-
-
-
-
Realms and their counterparts
-
-
The JavaScript specification introduces the realm
- concept, representing a global environment in which script is run. Each realm comes with an
- implementation-defined global object; much of this specification is
- devoted to defining that global object and its properties.
-
-
For web specifications, it is often useful to associate values or algorithms with a
- realm/global object pair. When the values are specific to a particular type of realm, they are
- associated directly with the global object in question, e.g., in the definition of the
- Window or WorkerGlobalScope interfaces. When the values have utility
- across multiple realms, we use the environment settings object concept.
-
-
Finally, in some cases it is necessary to track associated values before a
- realm/global object/environment settings object even comes into existence (for example, during
- navigation). These values are tracked in the
- environment concept.
-
-
Environments
-
-
An environment is an object that identifies the settings of a current or
- potential execution environment. An environment has the following fields:
-
-
- - An id
- An opaque string that uniquely identifies this environment.
- A creation URL
- -
-
A URL that represents the location of the resource with which this
- environment is associated.
-
- In the case of an environment settings object, this URL might be
- distinct from the environment settings object's responsible
- document's URL, due to mechanisms such as
- history.pushState().
-
-
- - A top-level creation URL
- Null or a URL that represents the creation URL of the "top-level"
- environment. It is null for workers and worklets.
- A top-level origin
- -
-
A for now implementation-defined value, null,
- or an origin. For a "top-level" potential execution environment it is null (i.e.,
- when there is no response yet); otherwise it is the "top-level" environment's origin. For a dedicated worker or worklet it is
- the top-level origin of its creator. For a shared or service worker it is an
- implementation-defined value.
-
- This is distinct from the top-level creation URL's origin when sandboxing, workers, and worklets are
- involved.
-
-
- - A target browsing context
- Null or a target browsing context for a navigation request.
- An active service worker
- Null or a service worker that controls the environment.
- An execution ready flag
- A flag that indicates whether the environment setup is done. It is initially
- unset.
-
-
Specifications may define environment discarding steps for environments. The
- steps take an environment as input.
-
-
The environment discarding
- steps are run for only a select few environments: the ones that will
- never become execution ready because, for example, they failed to load.
-
-
Environment settings objects
-
-
An environment settings object is an environment that
- additionally specifies algorithms for:
-
-
- - A realm execution
- context
-
- -
-
A JavaScript execution context shared by all
- scripts that use this settings object, i.e. all scripts in a given
- JavaScript realm. When we run a classic script or run a module
- script, this execution context becomes the top of the JavaScript execution context
- stack, on top of which another execution context specific to the script in question is
- pushed. (This setup ensures ParseScript and Source
- Text Module Record's Evaluate know which Realm to
- use.)
-
-
- - A module map
-
- -
-
A module map that is used when importing JavaScript modules.
-
-
- - A responsible document
-
- -
-
A Document that is assigned responsibility for actions taken by the scripts that
- use this environment settings object.
-
- For example, the URL of the
- responsible document is used to set the URL of the Document after it has been reset
- using document.open().
-
- If the responsible event loop is not a window event loop, then the
- environment settings object has no responsible document.
-
-
- - An API URL character encoding
-
- -
-
A character encoding used to encode URLs by APIs called by scripts that use this environment
- settings object.
-
-
- - An API base URL
-
- -
-
A URL used by APIs called by scripts that use this environment settings
- object to parse URLs.
-
-
- - An origin
-
- -
-
An origin used in security checks.
-
-
- - A referrer policy
-
- The default referrer policy for fetches
- performed using this environment settings object as a request client. [
-
- ]- An embedder policy
-
- An embedder policy used by cross-origin resource policy checks for fetches
- performed using this environment settings object as a request client.
- A cross-origin isolated capability
-
- A boolean representing whether scripts that use this environment settings
- object are allowed to use APIs that require cross-origin isolation.
-
-
An environment settings object also has an outstanding rejected promises
- weak set and an about-to-be-notified rejected promises list, used to track
- unhandled promise rejections. The outstanding
- rejected promises weak set must not create strong references to any of its members, and
- implementations are free to limit its size, e.g. by removing old entries from it when new ones
- are added.
-
-
An environment settings object's responsible event loop is its global
- object's relevant agent's event
- loop.
-
-
Realms, settings objects, and global objects
-
-
A global object is a JavaScript object that is the [[GlobalObject]] field of
- a JavaScript realm.
-
-
In this specification, all JavaScript
- realms are created with global objects that are either Window or
- WorkerGlobalScope objects.
-
-
There is always a 1-to-1-to-1 mapping between JavaScript
- realms, global objects, and environment settings objects:
-
-
- A JavaScript realm has a [[HostDefined]] field, which contains the Realm's
- settings object.
A JavaScript realm has a [[GlobalObject]] field, which contains the Realm's global
- object.
Each global object in this specification is created during the creation of a corresponding JavaScript
- realm, known as the global object's Realm.
Each global object in this
- specification is created alongside a corresponding environment settings object,
- known as its relevant settings object.
-
- An environment settings object's realm execution context's
- Realm component is the environment settings object's Realm.
An environment settings object's Realm then has a [[GlobalObject]] field, which contains the environment settings object's global object.
+
An environment settings object's Realm then has a [[GlobalObject]] field, which contains the environment settings object's global object.
+
To create a new JavaScript realm in
an agent agent, optionally with instructions to create a global object or
@@ -96263,6 +93765,71 @@ interface Navigator {
+
Browser state
+
+
interface mixin NavigatorOnLine {
+ readonly attribute boolean onLine;
+};
+
+
+ - self .
navigator . onLine
+
+ -
+
Returns false if the user agent is definitely offline (disconnected from the network).
+ Returns true if the user agent might be online.
+
+ The events online and offline are fired when the value of this attribute changes.
+
+
+
+
+
+
The navigator.onLine attribute must return
+ false if the user agent will not contact the network when the user follows links or when a script
+ requests a remote page (or knows that such an attempt would fail), and must return true
+ otherwise.
+
+
When the value that would be returned by the navigator.onLine attribute of a Window or
+ WorkerGlobalScope global changes from true to false, the user agent must
+ queue a global task on the networking task source given
+ global to fire an event named offline at global.
+
+
On the other hand, when the value that would be returned by the navigator.onLine attribute of a Window or
+ WorkerGlobalScope global changes from false to true, the user agent must
+ queue a global task on the networking task source given
+ global to fire an event named online at the Window or WorkerGlobalScope
+ object.
+
+
+
+
This attribute is inherently unreliable. A computer can be connected to a network
+ without having Internet access.
+
+
+
In this example, an indicator is updated as the browser goes online and offline.
+
+
<!DOCTYPE HTML>
+<html lang="en">
+ <head>
+ <title>Online status</title>
+ <script>
+ function updateIndicator() {
+ document.getElementById('indicator').textContent = navigator.onLine ? 'online' : 'offline';
+ }
+ </script>
+ </head>
+ <body onload="updateIndicator()" ononline="updateIndicator()" onoffline="updateIndicator()">
+ <p>The network is: <span id="indicator">(state unknown)</span>
+ </body>
+</html>
+
+
Custom scheme handlers: the registerProtocolHandler() method
@@ -101292,9 +98859,6 @@ interface
DedicatedWorkerGlobalScope :
WorkerGlobalScope
onmessageerror | messageerror
- For the purposes of the application cache networking model, a dedicated worker is
- an extension of the cache host from which it was created.
-
Shared workers and the SharedWorkerGlobalScope interface
@@ -110322,36 +107886,6 @@ document.body.appendChild(text);
Document as the intended parent. Append it to the Document object. Put
this element in the stack of open elements.
- If the Document is being loaded as part of navigation of a browsing context and
- Document's relevant settings object is a secure context,
- then:
-
-
- If the result of running match service worker
- registration for the document's URL is
- non-null, run the application cache selection
- algorithm passing the Document object with no manifest. -
-
Otherwise, run these substeps:
-
-
- If the newly created element has a manifest
- attribute whose value is not the empty string, then parse the value of that attribute, relative to the newly created element's
- node document, and if that is successful, run the application cache selection algorithm passing the
- Document object with the result of applying the URL serializer algorithm to the resulting URL
- record with the exclude fragment flag set. Otherwise, run the application cache selection
- algorithm passing the Document object with no manifest.
-
-
-
Switch the insertion mode to "before
head".
@@ -110372,11 +107906,6 @@ document.body.appendChild(text);
it to the Document object. Put this element in the stack of open
elements.
- If the Document is being loaded as part of navigation of a browsing context, then: run the application cache selection algorithm with no manifest,
- passing it the Document object.
-
Switch the insertion mode to "before
head", then reprocess the token.
@@ -113713,13 +111242,6 @@ document.body.appendChild(text);
- If the Document has any pending application cache download process
- tasks, then queue each such task in the order they were added to the list of pending
- application cache download process tasks, and then empty the list of pending
- application cache download process tasks. The task source for these tasks is the networking task source.
-
If the Document's print when loaded flag is set, then run the
printing steps.
@@ -118177,6 +115699,9 @@ if (s = prompt('What is your name?')) {
profile on head elements
Unnecessary. Omit it altogether.
+ manifest on html elements
+ Use service workers instead.
+
version on html elements
Unnecessary. Omit it altogether.
@@ -119797,92 +117322,6 @@ interface External {
XML MIME type. [
- ]text/cache-manifest
-
- This registration is for community review and will be submitted
- to the IESG for review, approval, and registration with IANA.
-
-
-
-
- - Type name:
- - text
- - Subtype name:
- - cache-manifest
- - Required parameters:
- - No parameters
- - Optional parameters:
- -
-
- charset-
-
The charset parameter may be provided. The parameter's value must be
- "utf-8". This parameter serves no purpose; it is only allowed for
- compatibility with legacy servers.
-
-
-
- - Encoding considerations:
- - 8bit (always UTF-8)
-
- - Security considerations:
- -
-
Cache manifests themselves pose no immediate risk unless
- sensitive information is included within the
- manifest. Implementations, however, are required to follow
- specific rules when populating a cache based on a cache manifest,
- to ensure that certain origin-based restrictions are
- honored. Failure to correctly implement these rules can result in
- information leakage, cross-site scripting attacks, and the
- like.
-
-
- - Interoperability considerations:
- -
- Rules for processing both conforming and non-conforming content
- are defined in this specification.
-
- - Published specification:
- -
- This document is the relevant specification.
-
- - Applications that use this media type:
- -
- Web browsers.
-
- - Additional information:
- -
-
- - Magic number(s):
- - Cache manifests begin with the string "
CACHE
- MANIFEST", followed by either a U+0020 SPACE character, a
- U+0009 CHARACTER TABULATION (tab) character, a U+000A LINE FEED
- (LF) character, or a U+000D CARRIAGE RETURN (CR) character.
- - File extension(s):
- - "
appcache"
- - Macintosh file type code(s):
- - No specific Macintosh file type codes are recommended for this type.
-
-
- - Person & email address to contact for further information:
- - Ian Hickson <ian@hixie.ch>
- - Intended usage:
- - Common
- - Restrictions on usage:
- - No restrictions apply.
- - Author:
- - Ian Hickson <ian@hixie.ch>
- - Change controller:
- - W3C
-
-
- Fragments have no meaning with
- text/cache-manifest resources.
-
-
text/ping
This registration is for community review and will be submitted to the IESG for review,
@@ -122979,11 +120418,6 @@ interface External {
meter
| High limit of low range
| Valid floating-point number*
- |
- manifest
- | html
- | Application cache manifest
- | Valid non-empty URL potentially surrounded by spaces
|
max
| input
@@ -124545,7 +121979,7 @@ INSERT INTERFACES HERE
selection from the document
|
- error
+ | error
| Event or ErrorEvent
| Global scope objects, Worker objects, elements, networking-related objects
| Fired when unexpected errors occur (e.g. networking errors, script errors, decoding errors)
@@ -124715,9 +122149,8 @@ INSERT INTERFACES HERE
- See also media element events, application cache events, and drag-and-drop
- events.
+ See also media element events and drag-and-drop events.
@@ -124785,9 +122218,6 @@ INSERT INTERFACES HERE
multipart/x-mixed-replace
Streaming server push
- text/cache-manifest
- Offline application cache manifests
-
text/css
CSS | |