From bfec975e385549aad1d5dc864eb6184b91312c9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9onie=20Watson?= Date: Fri, 1 Dec 2017 10:49:45 +0000 Subject: [PATCH] Ljw issue369 (#1088) * Adds `ping` attribute for hyperlink auditing section to links * Updates IANA considerations Fix #369 --- sections/attributes.include | 8 + sections/elements.include | 2 + sections/iana.include | 124 +++++++++++++- sections/semantics-document-metadata.include | 2 +- sections/semantics-links.include | 167 +++++++++++++------ single-page.bs | 3 + 6 files changed, 250 insertions(+), 56 deletions(-) diff --git a/sections/attributes.include b/sections/attributes.include index 3ecef73290..5807450d16 100644 --- a/sections/attributes.include +++ b/sections/attributes.include @@ -554,6 +554,14 @@ Pattern to be matched by the form control's value Regular expression matching the JavaScript Pattern production + + + ping + <{a}>, <{area}> + URLs to ping + Set of comma-separated tokens consisting of valid non-empty URLs + + placeholder <{input}>; <{textarea}> diff --git a/sections/elements.include b/sections/elements.include index 98c6119d3a..61a7eef5cb 100644 --- a/sections/elements.include +++ b/sections/elements.include @@ -27,6 +27,7 @@ <{links/href}>; <{links/target}>; <{links/download}>; + <{links/ping}>; <{links/rel}>; <{links/hreflang}>; <{links/type}>; @@ -69,6 +70,7 @@ <{links/href}>; <{links/target}>; <{links/download}>; + <{links/ping}>; <{links/rel}>; <{links/hreflang}>; <{links/type}>; diff --git a/sections/iana.include b/sections/iana.include index f3156e928a..ece3a504e7 100644 --- a/sections/iana.include +++ b/sections/iana.include @@ -8,8 +8,6 @@ ██ ██ ██ ██ ███ ██ ██ ████ ██ ██ ██ ██ ██ ██ --> - -

IANA considerations

text/html

@@ -234,4 +232,126 @@ :: Custom scheme and content handlers, HTML Living Standard: https://html.spec.whatwg.org/#custom-handlers +

text/ping

+ +

This registration is for community review and will be submitted to the IESG for review, + approval, and registration with IANA.

+ + + +
+
Type name:
+
text
+ +
Subtype name:
+
ping
+ +
Required parameters:
+
No parameters
+ +
Optional parameters:
+
+
+
charset
+
The charset parameter may be provided. The parameter's value must be "utf-8". This parameter serves no purpose; it is only allowed for compatibility with legacy servers.
+
+
+ +
Encoding considerations:
+
Not applicable.
+ +
Security considerations:
+
If used exclusively in the fashion described in the context of hyperlink auditing, this type introduces no new security concerns.
+ +
Interoperability considerations:
+
Rules applicable to this type are defined in this specification.
+ +
Published specification:
+
This document is the relevant specification.
+ +
Applications that use this media type:
+
Web browsers.
+ +
Additional information:
+
+
+
Magic number(s):
+
text/ping resources always consist of the four bytes 0x50 0x49 0x4E 0x47 (`PING`).
+ +
File extension(s):
+
No specific file extension is recommended for this type.
+ +
Macintosh file type code(s):
+
No specific Macintosh file type codes are recommended for this type.
+
+
+ +
Person & email address to contact for further information:
+
:: World Wide Web Consortium <web-human@w3.org>
+ +
Intended usage:
+
Common
+ +
Restrictions on usage:
+
Only intended for use with HTTP POST requests generated as part of a Web browser's processing of the <{links/ping}ping}> >attribute.
+ +
Author:
+
Ian Hickson <ian@hixie.ch>
+ +
Change controller:
+
W3C
+
+ +Fragments have no meaning with text/ping resources. + +

ping-to

+ +This section describes a header for registration in the Permanent Message Header Field Registry. + +
+
Header field name:
+
Ping-To
+ +
Applicable protocol:
+
http
+ +
Status:
+
standard
+ +
Author/Change controller:
+
W3C
+ +
Specification document(s):
+
This document is the relevant specification.
+ +
Related information:
+
None.
+
+ +

ping-from

+ +This section describes a header for registration in the Permanent Message Header Field Registry. + +
+
Header field name:
+
Ping-From
+ +
Applicable protocol:
+
http
+ +
Status:
+
standard
+ +
Author/Change controller:
+
W3C
+ +
Specification document(s):
+
This document is the relevant specification.
+ +
Related information:
+
None.
+
+ diff --git a/sections/semantics-document-metadata.include b/sections/semantics-document-metadata.include index 206165d854..77e0215896 100644 --- a/sections/semantics-document-metadata.include +++ b/sections/semantics-document-metadata.include @@ -407,7 +407,7 @@ that the element can be used where phrasing content is expected. Two categories of links can be created using the <{link}> element: - Links to external resources and hyperlinks. The [[#sec-link-types]] section defines + Links to external resources and hyperlinks. The link types section defines whether a particular link type is an external resource or a hyperlink. One <{link}> element can create multiple links (of which some might be [=external resource links=] and some might be [=hyperlinks=]); exactly which and how many links are created depends on the keywords given in diff --git a/sections/semantics-links.include b/sections/semantics-links.include index 4498520073..94f7dff9ce 100644 --- a/sections/semantics-links.include +++ b/sections/semantics-links.include @@ -4,10 +4,9 @@ - Links are a conceptual construct, created by <{a}>, <{area}>, and - <{link}> elements, that represent a connection between - two resources, one of which is the current {{Document}}. There are two kinds of links in - HTML: + Links are a conceptual construct, created by <{a}>, <{area}>, and <{link}> elements. + They represent a connection between two resources, one of which is the current {{Document}}. + There are two kinds of links in HTML:
@@ -18,26 +17,25 @@
Hyperlinks
-
These are links to other resources that are generally exposed to the user by the user - agent so that the user can cause the user agent to navigate to those resources, e.g., - to visit them in a browser or download them.
- +
These are links to other resources that are exposed to users by the user agent. + The user can cause the user agent to navigate to those resources + (for example to visit them in the browser or to download them).
- For <{link}> elements with an href attribute and a + For <{link}> elements with an <{links/href}> attribute and a <{link/rel}> attribute, links must be created for the keywords of the <{link/rel}> attribute, as defined for those keywords in the link types section. - Similarly, for <{a}> and <{area}> elements with an href attribute and a <{links/rel}> attribute, links must be created for the keywords of the - <{links/rel}> attribute as defined for those keywords in the link types section. Unlike <{link}> elements, however, - <{a}> and <{area}> elements with an href - attribute that either do not have a <{links/rel}> attribute, or - whose <{links/rel}> attribute has no keywords that are defined as - specifying hyperlinks, must also create a hyperlink. + Similarly, for <{a}> and <{area}> elements with an <{links/href}> attribute and a <{links/rel}> attribute, + links must be created for the keywords of the <{links/rel}> attribute as defined for those keywords in the + link types section. Unlike <{link}> elements, however, <{a}> and <{area}> elements with an <{links/href}> + attribute that either do not have a <{links/rel}> attribute, or whose <{links/rel}> attribute has no keywords + that are defined as specifying hyperlinks, must also create a hyperlink. This implied hyperlink has no special meaning (it has no link type) beyond linking the element's node document to the resource given by the element's href attribute. - A hyperlink can have one or more hyperlink annotations that modify the processing semantics of that hyperlink. + A hyperlink can have one or more hyperlink annotations + that modify the processing semantics of that hyperlink. @@ -60,7 +58,7 @@ specifies is to be downloaded. In the absence of a user preference, the default should be navigation if the element has no - download attribute, and should be to download the + <{links/download}> attribute, and should be to download the specified resource if it does. Whether determined by the user's preferences or via the presence or absence of the attribute, @@ -78,22 +76,22 @@ what punctuation is supported in file names, and user agents are likely to adjust file names accordingly. - + + The ping attribute, if present, + gives the URLs of the resources that are interested in being notified if the user follows the hyperlink. + The value must be a set of space-separated tokens, each of which must be a valid non-empty URL + whose scheme is an HTTP(S) scheme. The value is used by the user agent for hyperlink auditing. The rel attribute on <{a}> and <{area}> elements controls what kinds of links the elements create. The attribute's value must be a set of space-separated tokens. The allowed keywords and their meanings are defined below. - <{links/rel}>'s - supported tokens are the keywords defined in - HTML link types which are allowed on <{a}> and - <{area}> elements, impact the processing model, and are supported by the user agent. The - possible supported tokens are - <{link/noreferrer}>, and <{link/noopener}>. - <{links/rel}>'s - supported tokens must only include the tokens from - this list that the user agent implements the processing model for. + <{links/rel}>'s supported tokens are the keywords defined in HTML link types which are allowed on + <{a}> and <{area}> elements, impact the processing model, and are supported by the user agent. + The possible supported tokens are <{link/noreferrer}>, and <{link/noopener}>. + <{links/rel}>'s supported tokens must only include the tokens from this list + that the user agent implements the processing model for. Other specifications may add HTML link types as defined in Other link types, with the following additional requirements: @@ -113,14 +111,14 @@ rev attribute, which is used to describe a reverse link relationship from the resource specified by the <{links/href}> to the current document. If present, the value of this attribute must be a set of space-separated - tokens. Like the <{links/rel}> attribute, [[#sec-link-types]] describes the allowed + tokens. Like the <{links/rel}> attribute, link types describes the allowed keywords and their meanings for the <{links/rev}> attribute. Both the <{links/rel}> and <{links/rev}> attributes may be present on the same element. Reverse links are a way to express the reverse directional relationship of a link. In contrast to the <{links/rel}> attribute, whose value conveys a forward directional relationship ("how is the link related to me"), the <{links/rev}> - attribute allows for similiar relationships to be expressed in the reverse direction ("how am I + attribute allows for similar relationships to be expressed in the reverse direction ("how am I related to this link"). These values can enable user agents to build a more comprehensive map of linked documents. @@ -138,7 +136,7 @@ From chapter1.html, the link to chapter2.html is the "next" chapter in the series - in the forward direction, and the "previous" chapter in the reverse diretion (from + in the forward direction, and the "previous" chapter in the reverse direction (from chapter2.html to chapter1.html). @@ -292,7 +290,7 @@ parsing them involves the StructuredSerialize abstract operation.

-

An element implementing the HTMLHyperlinkElementUtils mixin has an associated reinitialise url algorithm, which runs these steps:

+

An element implementing the HTMLHyperlinkElementUtils mixin has an associated reinitialize url algorithm, which runs these steps:

  1. If element's [=url/URL=] is non-null, its scheme is "blob", and its non-relative flag is set, terminate these steps.
  2. @@ -308,7 +306,7 @@ steps:

      -
    1. Reinitialise url.
    2. +
    3. Reinitialize url.
    4. Let url be this element's [=url/URL=].
    5. @@ -326,7 +324,7 @@ these steps:

        -
      1. Reinitialise url.
      2. +
      3. Reinitialize url.
      4. If this element's [=url/URL=] is null, return the empty string.
      5. @@ -342,7 +340,7 @@ run these steps:

          -
        1. Reinitialise url.
        2. +
        3. Reinitialize url.
        4. If this element's [=url/URL=] is null, return ":".
        5. @@ -354,7 +352,7 @@ steps:

            -
          1. Reinitialise url.
          2. +
          3. Reinitialize url.
          4. If this element's [=url/URL=] is null, terminate these steps.
          5. @@ -370,7 +368,7 @@ run these steps:

              -
            1. Reinitialise url.
            2. +
            3. Reinitialize url.
            4. If this element's [=url/URL=] is null, return the empty string.
            5. @@ -382,7 +380,7 @@ steps:

                -
              1. Reinitialise url.
              2. +
              3. Reinitialize url.
              4. Let url be this element's [=url/URL=].
              5. @@ -398,7 +396,7 @@ run these steps:

                  -
                1. Reinitialise url.
                2. +
                3. Reinitialize url.
                4. Let url be this element's [=url/URL=].
                5. @@ -412,7 +410,7 @@ steps:

                    -
                  1. Reinitialise url.
                  2. +
                  3. Reinitialize url.
                  4. Let url be this element's [=url/URL=].
                  5. @@ -428,7 +426,7 @@ steps:

                      -
                    1. Reinitialise url.
                    2. +
                    3. Reinitialize url.
                    4. Let url be this element's [=url/URL=].
                    5. @@ -444,7 +442,7 @@

                      The host attribute's setter must run these steps:

                        -
                      1. Reinitialise url.
                      2. +
                      3. Reinitialize url.
                      4. Let url be this element's [=url/URL=].
                      5. @@ -462,7 +460,7 @@ run these steps:

                          -
                        1. Reinitialise url.
                        2. +
                        3. Reinitialize url.
                        4. Let url be this element's [=url/URL=].
                        5. @@ -476,7 +474,7 @@ steps:

                            -
                          1. Reinitialise url.
                          2. +
                          3. Reinitialize url.
                          4. Let url be this element's [=url/URL=].
                          5. @@ -494,7 +492,7 @@ steps:

                              -
                            1. Reinitialise url.
                            2. +
                            3. Reinitialize url.
                            4. Let url be this element's [=url/URL=].
                            5. @@ -507,7 +505,7 @@

                              The port attribute's setter must run these steps:

                                -
                              1. Reinitialise url.
                              2. +
                              3. Reinitialize url.
                              4. Let url be this element's [=url/URL=].
                              5. @@ -526,7 +524,7 @@ run these steps:

                                  -
                                1. Reinitialise url.
                                2. +
                                3. Reinitialize url.
                                4. Let url be this element's [=url/URL=].
                                5. @@ -543,7 +541,7 @@ steps:

                                    -
                                  1. Reinitialise url.
                                  2. +
                                  3. Reinitialize url.
                                  4. Let url be this element's [=url/URL=].
                                  5. @@ -564,7 +562,7 @@ these steps:

                                      -
                                    1. Reinitialise url.
                                    2. +
                                    3. Reinitialize url.
                                    4. Let url be this element's [=url/URL=].
                                    5. @@ -578,7 +576,7 @@ steps:

                                        -
                                      1. Reinitialise url.
                                      2. +
                                      3. Reinitialize url.
                                      4. Let url be this element's [=url/URL=].
                                      5. @@ -610,7 +608,7 @@ steps:

                                          -
                                        1. Reinitialise url.
                                        2. +
                                        3. Reinitialize url.
                                        4. Let url be this element's [=url/URL=].
                                        5. @@ -623,7 +621,7 @@

                                          The hash attribute's setter must run these steps:

                                            -
                                          1. Reinitialise url.
                                          2. +
                                          3. Reinitialize url.
                                          4. Let url be this element's [=url/URL=].
                                          5. @@ -920,10 +918,73 @@ its [=url/URL=], and any download attribute, in deciding where to store the resulting file in the user's file system. + + + If a hyperlink created by an <{a}> or <{area}> element has a <{links/ping}> attribute, + and the user follows the hyperlink, and the value of the element's <{links/href}> attribute can be parsed + relative to the element's node document without failure, then the user agent must take the <{links/ping}> + attribute's value, split that string on ASCII whitespace, parse each resulting token relative to the element's node document, + then run these steps for each resulting URL record ping URL (ignoring tokens that fail to parse): + + * If ping URL's scheme is not an HTTP(S) scheme, then return. + * Optionally, return + (for example the user agent may ignore any or all ping URLs in accordance with the user's express preferences). + * Let request be a new request, whose URL is ping URL, method is post, body is ping, + client is the environment settings object of the document containing the hyperlink, destination is the empty string, credentials mode is include, referrer is "no-referrer", + and whose use-URL-credentials flag is set. + * Let target URL be the resulting URL string obtained from parsing the value of the element's + <{links/href}> attribute, and then: + +
                                            +
                                            If the URL of the document object containing the hyperlink being audited and the ping URL have the same origin
                                            +
                                            Or if the origins are different but the HTTPS state of the document containing the hyperlink being audited is + "none"
                                            +
                                            request must include a ping-from header with the URL of the document containing the hyperlink as its value, + and a ping-to HTTP header with the target URL as its value.
                                            +
                                            Otherwise
                                            +
                                            request must must include a ping-to HTTP header with target URL as its value. + Note: request does not include a ping-from header.
                                            +
                                            + + * Fetch request. + + This may be done in parallel with the primary fetch, and is independent of the result of that fetch. + + User agents should allow the user to alter this behavior. + For example, in conjunction with a setting that disables the sending of HTTP referrer (sic) headers. + Based on the user's preferences, user agents may ignore the <{links/ping}> attribute completely, + or selectively ignore URLs (for example third party URLs); this is explicitly accounted for in the steps above. + + User agents must ignore any entity bodies returned in the responses. + User agents may close the connection prematurely once they start receiving a response body. + + When the <{links/ping}> attribute is present, user agents should make it clear to the user + that following the hyperlink will also cause secondary requests to be sent in the background. + +
                                            + For example, a user agent could visually display the host names of the target ping URLs, and the hyperlink's actual URL, + in a tooltip. +
                                            + +
                                            + The <{links/ping}> attribute is redundant with pre-existing technologies like HTTP redirects and JavaScript, + in allowing web pages to track which off-site links are most popular, or allowing advertisers to track click-through rates. + + However, the <{links/ping}> attribute provides these advantages over those alternatives: + + * It allows the user to see the unobscured final target URL. + * It allows the user agent to inform the user about out-of-band notifications. + * It allows the user to disable notifications without losing the underlying functionality. + * It allows the user agent to optimize the use of available bandwidth, so the target page loads faster. + + So while it is possible to track users without this feature, authors are encouraged to use the <{links/ping}> attribute, + so the user agent can make the experience more transparent. +
                                            Link types The following table summarizes the link types that are defined by this specification, by their - coresponding keywords. This table is non-normative; the actual definitions for the link types are + corresponding keywords. This table is non-normative; the actual definitions for the link types are given in the next few sections. In this section, the term referenced document refers to the resource identified by the @@ -943,7 +1004,7 @@ Keywords are always ASCII case-insensitive, and must be compared as such. -

                                            Thus, rel="next" is the same as rel="NEXT".

                                            +

                                            So rel="next" is the same as rel="NEXT".

                                            Keywords that are body-ok affect whether <{link}> elements are allowed in the body. The body-ok keywords defined by this specification are diff --git a/single-page.bs b/single-page.bs index 839a4513c8..3f0f111d40 100644 --- a/single-page.bs +++ b/single-page.bs @@ -64,6 +64,9 @@ spec:css-fonts-3; type:value; text:medium spec:infra; type:dfn; for:list; text:for each spec:infra; type:dfn; for:list; text:contain spec:infra; type:dfn; for:map; text:exist + +spec:fetch; type:dfn; for:/; text:method +spec:fetch; type:dfn; for:request; text:body