text/htmlThis registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.
charsetThe charset parameter may be provided
to definitively specify the document's character
encoding, overriding any character encoding declarations in the
document. The parameter's value must be the name of the
character encoding used to serialize the file, must be a valid
character encoding name, and must be an ASCII
case-insensitive match for the preferred MIME
name for that encoding. [IANACHARSET]
Entire novels have been written about the security considerations that apply to HTML documents. Many are listed in this document, to which the reader is referred for more details. Some general concerns bear mentioning here, however:
HTML is scripted language, and has a large number of APIs (some of which are described in this document). Script can expose the user to potential risks of information leakage, credential leakage, cross-site scripting attacks, cross-site request forgeries, and a host of other problems. While the designs in this specification are intended to be safe if implemented correctly, a full implementation is a massive undertaking and, as with any software, user agents are likely to have security bugs.
Even without scripting, there are specific features in HTML
which, for historical reasons, are required for broad
compatibility with legacy content but that expose the user to
unfortunate security problems. In particular, the img
element can be used in conjunction with some other features as a
way to effect a port scan from the user's location on the
Internet. This can expose local network topologies that the
attacker would otherwise not be able to determine.
HTML relies on a compartmentalization scheme sometimes known as the same-origin policy. An origin in most cases consists of all the pages served from the same host, on the same port, using the same protocol.
It is critical, therefore, to ensure that any untrusted content that forms part of a site be hosted on a different origin than any sensitive content on that site. Untrusted content can easily spoof any other page on the same origin, read data from that origin, cause scripts in that origin to execute, submit forms to and from that origin even if they are protected from cross-site request forgery attacks by unique tokens, and make use of any third-party resources exposed to or rights granted to that origin.
html" and "htm"
are commonly, but certainly not exclusively, used as the
extension for HTML documents.TEXTFragment identifiers used with text/html resources
refer to the indicated part of the document.
text/html-sandboxedThis registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.
text/htmltext/htmlThe purpose of the text/html-sandboxed MIME type
is to provide a way for content providers to indicate that they
want the file to be interpreted in a manner that does not give the
file's contents access to the rest of the site. This is achieved
by assigning the Document objects generated from
resources labeled as text/html-sandboxed unique
origins.
To avoid having legacy user agents treating resources labeled
as text/html-sandboxed as regular
text/html files, authors should avoid using the .html or .htm extensions for
resources labeled as text/html-sandboxed.
Beyond this, the type is identical to text/html,
and the same considerations apply.
text/htmltext/html-sandboxed type asserts that the
resource is an HTML document
using the HTML syntax.
text/htmltext/html-sandboxed are
heuristically indistinguishable from those labeled as
text/html.sandboxed"TEXTFragment identifiers used with text/html-sandboxed
resources refer to the indicated part of the
document.
application/xhtml+xmlThis registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.
application/xml [RFC3023]application/xml [RFC3023]application/xml [RFC3023]application/xml [RFC3023]application/xml [RFC3023]application/xhtml+xml
type asserts that the resource is an XML document that likely has
a root element from the HTML namespace. As such, the
relevant specifications are the XML specification, the Namespaces
in XML specification, and this specification. [XML] [XMLNS]
application/xml [RFC3023]application/xml [RFC3023]xhtml" and "xht"
are sometimes used as extensions for XML resources that have a
root element from the HTML namespace.TEXTFragment identifiers used with application/xhtml+xml
resources have the same semantics as with any XML MIME
type. [RFC3023]
text/cache-manifestThis registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.
Cache manifests themselves pose no immediate risk unless sensitive information is included within the manifest. Implementations, however, are required to follow specific rules when populating a cache based on a cache manifest, to ensure that certain origin-based restrictions are honored. Failure to correctly implement these rules can result in information leakage, cross-site scripting attacks, and the like.
CACHE
MANIFEST", followed by either a U+0020 SPACE character, a
U+0009 CHARACTER TABULATION (tab) character, a U+000A LINE FEED
(LF) character, or a U+000D CARRIAGE RETURN (CR) character.manifest"Fragment identifiers have no meaning with
text/cache-manifest resources.
text/pingThis registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.
If used exclusively in the fashion described in the context of hyperlink auditing, this type introduces no new security concerns.
text/ping resources always consist of the four
bytes 0x50 0x49 0x4E 0x47 (ASCII 'PING').ping attribute.Fragment identifiers have no meaning with
text/ping resources.
application/microdata+jsonThis registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.
application/json [JSON]application/json [JSON]application/json [JSON]application/json [JSON]application/microdata+json type asserts that the
resource is a JSON text that consists of an object with a single
entry called "items" consisting of an array
of entries, each of which consists of an object with two entries,
one called "type" whose value is an array of
strings, and one called "properties" whose
value is an object whose entries each have a value consisting of
an array of either objects or strings, the objects being of the
same form as the objects in the aforementioned "items" entry. As such, the relevant specifications
are the JSON specification and this specification. [JSON]
application/json [JSON]application/json [JSON]application/json [JSON]application/json [JSON]Fragment identifiers used with
application/microdata+json resources have the same
semantics as when used with application/json. [JSON]
Ping-FromThis section describes a header field for registration in the Permanent Message Header Field Registry. [RFC3864]
Ping-ToThis section describes a header field for registration in the Permanent Message Header Field Registry. [RFC3864]
The following sections only cover conforming elements and features.
This section is non-normative.
An asterisk (*) in a cell indicates that the actual rules are more complicated than indicated in the table above.
This section is non-normative.
This section is non-normative.
| Attribute | Element(s) | Description | Value |
|---|---|---|---|
accept
| input
| Hint for expected file type in file upload controls | Set of comma-separated tokens* consisting of valid MIME types with no parameters or audio/*, video/*, or image/*
|
accept-charset
| form
| Character encodings to use for form submission | Ordered set of unique space-separated tokens consisting of preferred MIME names of ASCII-compatible character encodings* |
accesskey
| HTML elements | Keyboard shortcut to activate or focus element | Ordered set of unique space-separated tokens consisting of one Unicode code point in length |
action
| form
| URL to use for form submission | Valid URL |
alt
| area;
img;
input
| Replacement text for use when images are not available | Text* |
async
| script
| Execute script asynchronously | Boolean attribute |
autocomplete
| form;
input
| Prevent the user agent from providing autocompletions for the form control(s) | "on"; "off"
|
autofocus
| button;
input;
keygen;
select;
textarea
| Automatically focus the form control when the page is loaded | Boolean attribute |
autoplay
| audio;
video
| Hint that the media resource can be started automatically when the page is loaded | Boolean attribute |
challenge
| keygen
| String to package with the generated and signed public key | Text |
charset
| meta
| Character encoding declaration | Preferred MIME name of an encoding* |
charset
| script
| Character encoding of the external script resource | Preferred MIME name of an encoding* |
checked
| command;
input
| Whether the command or control is checked | Boolean attribute |
cite
| blockquote;
del;
ins;
q
| Link to the source of the quotation or more information about the edit | Valid URL |
class
| HTML elements | Classes to which the element belongs | Unordered set of unique space-separated tokens |
cols
| textarea
| Maximum number of characters per line | Valid non-negative integer greater than zero |
colspan
| td;
th
| Number of columns that the cell is to span | Valid non-negative integer greater than zero |
content
| meta
| Value of the element | Text* |
contenteditable
| HTML elements | Whether the element is editable | "true"; "false"
|
contextmenu
| HTML elements | The element's context menu | ID* |
controls
| audio;
video
| Show user agent controls | Boolean attribute |
coords
| area
| Coordinates for the shape to be created in an image map | Valid list of integers* |
data
| object
| Address of the resource | Valid non-empty URL |
datetime
| del;
ins
| Time and date of the change | Valid global date and time string |
datetime
| time
| Value of the element | Valid date or time string* |
defer
| script
| Defer script execution | Boolean attribute |
dir
| HTML elements | The text directionality of the element | "ltr"; "rtl"
|
disabled
| button;
command;
fieldset;
input;
keygen;
optgroup;
option;
select;
textarea
| Whether the form control is disabled | Boolean attribute |
draggable
| HTML elements | Whether the element is draggable | "true"; "false"
|
enctype
| form
| Form data set encoding type to use for form submission | "application/x-www-form-urlencoded"; "multipart/form-data"; "text/plain"
|
for
| label
| Associate the label with form control | ID* |
for
| output
| Specifies controls from which the output was calculated | Unordered set of unique space-separated tokens consisting of IDs* |
form
| button;
fieldset;
input;
keygen;
label;
meter;
object;
output;
progress;
select;
textarea
| Associates the control with a form element
| ID* |
formaction
| button;
input
| URL to use for form submission | Valid URL |
formenctype
| button;
input
| Form data set encoding type to use for form submission | "application/x-www-form-urlencoded"; "multipart/form-data"; "text/plain"
|
formmethod
| button;
input
| HTTP method to use for form submission | "GET"; "POST"; "PUT"; "DELETE"
|
formnovalidate
| button;
input
| Bypass form control validation for form submission | Boolean attribute |
formtarget
| button;
input
| Browsing context for form submission | Valid browsing context name or keyword |
headers
| td;
th
| The header cells for this cell | Unordered set of unique space-separated tokens consisting of IDs* |
height
| canvas;
embed;
iframe;
img;
input;
object;
video
| Vertical dimension | Valid non-negative integer |
hidden
| HTML elements | Whether the element is relevant | Boolean attribute |
high
| meter
| Low limit of high range | Valid floating point number* |
href
| a;
area
| Address of the hyperlink | Valid URL |
href
| link
| Address of the hyperlink | Valid non-empty URL |
href
| base
| Document base URL | Valid URL |
hreflang
| a;
area;
link
| Language of the linked resource | Valid BCP 47 language code |
http-equiv
| meta
| Pragma directive | Text* |
icon
| command
| Icon for the command | Valid non-empty URL |
id
| HTML elements | The element's ID | Text* |
ismap
| img
| Whether the image is a server-side image map | Boolean attribute |
itemid
| HTML elements | Global identifier for a microdata item | Valid URL |
itemprop
| HTML elements | Property names of a microdata item | Unordered set of unique space-separated tokens consisting of valid absolute URLs, defined property names, or text* |
itemref
| itemref
| Referenced elements | Unordered set of unique space-separated tokens consisting of IDs* |
itemscope
| HTML elements | Introduces a microdata item | Boolean attribute |
itemtype
| HTML elements | Item type of a microdata item | Valid absolute URL* |
keytype
| keygen
| The type of cryptographic key to generate | Text* |
label
| command;
menu;
optgroup;
option
| User-visible label | Text |
lang
| HTML elements | Language of the element | Valid BCP 47 language code or the empty string |
list
| input
| List of autocomplete options | ID* |
loop
| audio;
video
| Whether to loop the media resource | Boolean attribute |
low
| meter
| High limit of low range | Valid floating point number* |
manifest
| html
| Application cache manifest | Valid non-empty URL |
max
| input
| Maximum value | varies* |
max
| meter;
progress
| Upper bound of range | Valid floating point number* |
maxlength
| input;
textarea
| Maximum length of value | Valid non-negative integer |
media
| a;
area;
link;
source;
style
| Applicable media | Valid media query |
method
| form
| HTTP method to use for form submission | "GET"; "POST"; "PUT"; "DELETE"
|
min
| input
| Minimum value | varies* |
min
| meter
| Lower bound of range | Valid floating point number* |
multiple
| input;
select
| Whether to allow multiple values | Boolean attribute |
name
| button;
fieldset;
input;
keygen;
output;
select;
textarea
| Name of form control to use for form submission and in the form.elements API
| Text* |
name
| form
| Name of form to use in the document.forms API
| Text* |
name
| iframe;
object
| Name of nested browsing context | Valid browsing context name or keyword |
name
| map
| Name of image map to reference from the usemap attribute
| Text* |
name
| meta
| Metadata name | Text* |
name
| param
| Name of parameter | Text |
novalidate
| form
| Bypass form control validation for form submission | Boolean attribute |
open
| details
| Whether the details are visible | Boolean attribute |
optimum
| meter
| Optimum value in gauge | Valid floating point number* |
pattern
| input
| Pattern to be matched by the form control's value | Regular expression matching the JavaScript Pattern production |
ping
| a;
area
| URLs to ping | Set of space-separated tokens consisting of valid non-empty URLs |
placeholder
| input;
textarea
| User-visible label to be placed within the form control | Text* |
poster
| video
| Poster frame to show prior to video playback | Valid non-empty URL |
preload
| audio;
video
| Hints how much buffering the media resource will likely need | "none";
"metadata";
"auto"
|
pubdate
| time
| Whether the element's value represents a publication time for the nearest article or body
| Boolean attribute |
radiogroup
| command
| Name of group of commands to treat as a radio button group | Text |
readonly
| input;
textarea
| Whether to allow the value to be edited by the user | Boolean attribute |
rel
| a;
area;
link
| Relationship between the document containing the hyperlink and the destination resource | Set of space-separated tokens* |
required
| input;
textarea
| Whether the control is required for form submission | Boolean attribute |
reversed
| ol
| Number the list backwards | Boolean attribute |
rows
| textarea
| Number of lines to show | Valid non-negative integer greater than zero |
rowspan
| td;
th
| Number of rows that the cell is to span | Valid non-negative integer |
sandbox
| iframe
| Security rules for nested content | Unordered set of unique space-separated tokens consisting of
"allow-same-origin",
"allow-forms", and
"allow-scripts"
|
spellcheck
| HTML elements | Whether the element is to have its spelling and grammar checked | "true"; "false"
|
scope
| th
| Specifies which cells the header cell applies to | "row";
"col";
"rowgroup";
"colgroup"
|
scoped
| style
| Whether the styles apply to the entire document or just the parent subtree | Boolean attribute |
seamless
| iframe
| Whether to apply the document's styles to the nested content | Boolean attribute |
selected
| option
| Whether the option is selected by default | Boolean attribute |
shape
| area
| The kind of shape to be created in an image map | "circle";
"default";
"poly";
"rect"
|
size
| input;
select
| Size of the control | Valid non-negative integer greater than zero |
sizes
| link
| Sizes of the icons (for rel="icon")
| Unordered set of unique space-separated tokens consisting of sizes* |
span
| col;
colgroup
| Number of columns spanned by the element | Valid non-negative integer greater than zero |
src
| audio;
embed;
iframe;
img;
input;
script;
source;
video
| Address of the resource | Valid non-empty URL |
srcdoc
| iframe
| A document to render in the iframe
| The source of an iframe srcdoc document*
|
start
| ol
| Ordinal value of the first item | Valid integer |
step
| input
| Granularity to be matched by the form control's value | Valid floating point number greater than zero, or "any"
|
style
| HTML elements | Presentational and formatting instructions | CSS declarations* |
summary
| table
| Explanatory text for complex tables for users of screen readers | Text* |
tabindex
| HTML elements | Whether the element is focusable, and the relative order of the element for the purposes of sequential focus navigation | Valid integer |
target
| a;
area
| Browsing context for hyperlink navigation | Valid browsing context name or keyword |
target
| base
| Default browsing context for hyperlink navigation and form submission | Valid browsing context name or keyword |
target
| form
| Browsing context for form submission | Valid browsing context name or keyword |
title
| HTML elements | Advisory information for the element | Text |
title
| abbr;
dfn
| Full term or expansion of abbreviation | Text |
title
| command
| Hint describing the command | Text |
title
| link
| Title of the link | Text |
title
| link;
style
| Alternative style sheet set name | Text |
type
| a;
area;
link
| Hint for the type of the referenced resource | Valid MIME type |
type
| button
| Type of button | "submit";
"reset";
"button"
|
type
| button;
input
| Type of form control | input type keyword
|
type
| command
| Type of command | "command";
"checkbox";
"radio"
|
type
| embed;
object;
script;
source;
style
| Type of embedded resource | Valid MIME type |
type
| menu
| Type of menu | "context"; "toolbar"
|
usemap
| img;
object
| Name of image map to use | Valid hash-name reference* |
value
| button;
option
| Value to be used for form submission | Text |
value
| input
| Value of the form control | varies* |
value
| li
| Ordinal value of the list item | Valid integer |
value
| meter;
progress
| Current value of the element | Valid floating point number |
value
| param
| Value of parameter | Text |
width
| canvas;
embed;
iframe;
img;
input;
object;
video
| Horizontal dimension | Valid non-negative integer |
wrap
| textarea
| How the value of the form control is to be wrapped for form submission | "soft";
"hard"
|
An asterisk (*) in a cell indicates that the actual rules are more complicated than indicated in the table above.
This section is non-normative.
All references are normative unless marked "Non-normative".
XMLHttpRequest,
A. van Kesteren. W3C.Thanks to Aankhen, Aaron Boodman, Aaron Leventhal, Adam Barth, Adam de Boor, Adam Hepton, Adam Roben, Addison Phillips, Adele Peterson, Adrian Bateman, Adrian Sutton, Agustín Fernández, Ajai Tirumali, Akatsuki Kitamura, Alan Plum, Alastair Campbell, Alex Bishop, Alex Nicolaou, Alex Rousskov, Alexander J. Vincent, Alexey Feldgendler, Алексей Проскуряков (Alexey Proskuryakov), Alexis Deveria, Allan Clements, Amos Jeffries, Anders Carlsson, Andreas, Andrei Popescu, André E. Veltstra, Andrew Clover, Andrew Gove, Andrew Grieve, Andrew Oakley, Andrew Sidwell, Andrew Smith, Andrew W. Hagen, Andrey V. Lukyanov, Andy Heydon, Andy Palay, Anne van Kesteren, Anthony Boyd, Anthony Bryan, Anthony Hickson, Anthony Ricaud, Antti Koivisto, Aron Spohr, Arphen Lin, Aryeh Gregor, Asbjørn Ulsberg, Ashley Sheridan, Atsushi Takayama, Aurelien Levy, Ave Wrigley, Ben Boyle, Ben Godfrey, Ben Lerner, Ben Leslie, Ben Meadowcroft, Ben Millard, Benjamin Carl Wiley Sittler, Benjamin Hawkes-Lewis, Bert Bos, Bijan Parsia, Bil Corry, Bill Mason, Bill McCoy, Billy Wong, Bjartur Thorlacius, Björn Höhrmann, Blake Frantz, Boris Zbarsky, Brad Fults, Brad Neuberg, Brady Eidson, Brendan Eich, Brenton Simpson, Brett Wilson, Brett Zamir, Brian Campbell, Brian Korver, Brian Kuhn, Brian Ryner, Brian Smith, Brian Wilson, Bryan Sullivan, Bruce D'Arcus, Bruce Lawson, Bruce Miller, C. Williams, Cameron McCormack, Cao Yipeng, Carlos Gabriel Cardona, Carlos Perelló Marín, Chao Cai, 윤석찬 (Channy Yun), Charl van Niekerk, Charles Iliya Krempeaux, Charles McCathieNevile, Chris Cressman, Chris Evans, Chris Morris, Chris Pearce, Christian Biesinger, Christian Johansen, Christian Schmidt, Christopher Aillon, Chriswa, Cole Robison, Colin Fine, Collin Jackson, Corprew Reed, Craig Cockburn, Csaba Gabor, Csaba Marton, Daniel Barclay, Daniel Bratell, Daniel Brooks, Daniel Brumbaugh Keeney, Daniel Cheng, Daniel Davis, Daniel Glazman, Daniel Peng, Daniel Schattenkirchner, Daniel Spång, Daniel Steinberg, Danny Sullivan, Darin Adler, Darin Fisher, Darxus, Dave Camp, Dave Hodder, Dave Lampton, Dave Singer, Dave Townsend, David Baron, David Bloom, David Bruant, David Carlisle, David E. Cleary, David Egan Evans, David Flanagan, David Gerard, David Håsäther, David Hyatt, David I. Lehn, David Matja, David Remahl, David Smith, David Woolley, DeWitt Clinton, Dean Edridge, Dean Edwards, Debi Orton, Derek Featherstone, Dimitri Glazkov, Dimitry Golubovsky, Divya Manian, dolphinling, Dominique Hazaël-Massieux, Don Brutzman, Doron Rosenberg, Doug Kramer, Drew Wilson, Edmund Lai, Eduard Pascual, Eduardo Vela, Edward O'Connor, Edward Welbourne, Edward Z. Yang, Eira Monstad, Eitan Adler, Eliot Graff, Elizabeth Castro, Elliott Sprehn, Elliotte Harold, Eric Carlson, Eric Law, Eric Rescorla, Erik Arvidsson, Evan Martin, Evan Prodromou, Evert, fantasai, Felix Sasaki, Francesco Schwarz, Francis Brosnan Blazquez, Franck 'Shift' Quélain, Frank Barchard, 鵜飼文敏 (Fumitoshi Ukai), Futomi Hatano, Gavin Carothers, Gareth Rees, Garrett Smith, Geoffrey Garen, Geoffrey Sneddon, George Lund, Gianmarco Armellin, Giovanni Campagna, Graham Klyne, Greg Botten, Greg Houston, Greg Wilkins, Gregg Tavares, Grey, Gytis Jakutonis, Håkon Wium Lie, Hallvord Reiar Michaelsen Steen, Hans S. Tømmerhalt, Henri Sivonen, Henrik Lied, Henry Mason, Hugh Winkler, Ian Bicking, Ian Davis, Ignacio Javier, Ivan Enderlin, Ivo Emanuel Gonçalves, J. King, Jacques Distler, James Craig, James Graham, James Justin Harrell, James M Snell, James Perrett, James Robinson, Jan-Klaas Kollhof, Jason Kersey, Jason Lustig, Jason White, Jasper Bryant-Greene, Jatinder Mann, Jed Hartman, Jeff Balogh, Jeff Cutsinger, Jeff Schiller, Jeff Walden, Jeffrey Zeldman, 胡慧鋒 (Jennifer Braithwaite), Jens Bannmann, Jens Fendler, Jens Lindström, Jens Meiert, Jeremy Keith, Jeremy Orlow, Jeroen van der Meer, Jian Li, Jim Jewett, Jim Ley, Jim Meehan, Jjgod Jiang, João Eiras, Joe Clark, Joe Gregorio, Joel Spolsky, Johan Herland, John Boyer, John Bussjaeger, John Carpenter, John Fallows, John Foliot, John Harding, John Keiser, John Snyders, John-Mark Bell, Johnny Stenback, Jon Ferraiolo, Jon Gibbins, Jon Perlow, Jonas Sicking, Jonathan Cook, Jonathan Rees, Jonathan Worent, Jonny Axelsson, Jorgen Horstink, Jorunn Danielsen Newth, Joseph Kesselman, Joseph Pecoraro, Josh Aas, Josh Levenberg, Joshua Randall, Jukka K. Korpela, Jules Clément-Ripoche, Julian Reschke, Justin Lebar, Justin Sinclair, Kai Hendry, Kartikaya Gupta, Kathy Walton, Kelly Norton, Kevin Benson, Kornél Pál, Kornel Lesinski, Kristof Zelechovski, 黒澤剛志 (Kurosawa Takeshi), Kyle Hofmann, Léonard Bouchet, Lachlan Hunt, Larry Masinter, Larry Page, Lars Gunther, Lars Solberg, Laura Granka, Laura L. Carlson, Laura Wisewell, Laurens Holst, Lee Kowalkowski, Leif Halvard Silli, Lenny Domnitser, Leons Petrazickis, Lobotom Dysmon, Logan, Loune, Luke Kenneth Casson Leighton, Maciej Stachowiak, Magnus Kristiansen, Maik Merten, Malcolm Rowe, Mark Birbeck, Mark Miller, Mark Nottingham, Mark Pilgrim, Mark Rowe, Mark Schenk, Mark Wilton-Jones, Martijn Wargers, Martin Atkins, Martin Dürst, Martin Honnen, Martin Kutschker, Martin Thomson, Masataka Yakura, Mathieu Henri, Matt Schmidt, Matt Wright, Matthew Gregan, Matthew Mastracci, Matthew Raymond, Matthew Thomas, Mattias Waldau, Max Romantschuk, Menno van Slooten, Micah Dubinko, Michael 'Ratt' Iannarelli, Michael A. Nachbaur, Michael A. Puls II, Michael Carter, Michael Daskalov, Michael Enright, Michael Gratton, Michael Nordman, Michael Powers, Michael(tm) Smith, Michal Zalewski, Michel Fortin, Michelangelo De Simone, Michiel van der Blonk, Mihai Şucan, Mike Brown, Mike Dierken, Mike Dixon, Mike Schinkel, Mike Shaver, Mikko Rantalainen, Mohamed Zergaoui, Ms2ger, NARUSE Yui, Neil Deakin, Neil Rashbrook, Neil Soiffer, Nicholas Shanks, Nicholas Stimpson, Nicholas Zakas, Nicolas Gallagher, Noah Mendelsohn, Noah Slater, Ojan Vafai, Olaf Hoffmann, Olav Junker Kjær, Oldřich Vetešník, Oliver Hunt, Oliver Rigby, Olivier Gendrin, Olli Pettay, Patrick H. Lauke, Paul Norman, Per-Erik Brodin, Perry Smith, Peter Karlsson, Peter Kasting, Peter Stark, Peter-Paul Koch, Phil Pickering, Philip Jägenstedt, Philip Taylor, Philip TAYLOR, Prateek Rungta, Rachid Finge, Rajas Moonka, Ralf Stoltze, Ralph Giles, Raphael Champeimont, Remco, Remy Sharp, Rene Saarsoo, Rene Stach, Ric Hardacre, Rich Doughty, Richard Ishida, Rigo Wenning, Rikkert Koppes, Rimantas Liubertas, Rob Ennals, Rob Jellinghaus, Robert Blaut, Robert Collins, Robert O'Callahan, Robert Sayre, Robin Berjon, Roland Steiner, Roman Ivanov, Roy Fielding, Ryan King, S. Mike Dierken, Sam Dutton, Sam Kuper, Sam Ruby, Sam Weinig, Sander van Lambalgen, Sarven Capadisli, Scott González, Scott Hess, Sean Fraser, Sean Hogan, Sean Knapp, Sebastian Markbåge, Sebastian Schnitzenbaumer, Seth Call, Shanti Rao, Shaun Inman, Shiki Okasaka, Sierk Bornemann, Sigbjørn Vik, Silvia Pfeiffer, Simon Montagu, Simon Pieters, Simon Spiegel, skeww, Stefan Haustein, Stefan Santesson, Steffen Meschkat, Stephen Ma, Steve Faulkner, Steve Runyon, Steven Bennett, Steven Garrity, Steven Tate, Stewart Brodie, Stuart Ballard, Stuart Parmenter, Subramanian Peruvemba, Sunava Dutta, Susan Borgrink, Susan Lesch, Sylvain Pasche, T. J. Crowder, Tantek Çelik, 田村健人 (TAMURA Kent), Ted Mielczarek, Terrence Wood, Thomas Broyer, Thomas O'Connor, Tim Altman, Tim Johansson, Toby Inkster, Todd Moody, Tom Pike, Tommy Thorsen, Travis Leithead, Tyler Close, Vladimir Katardjiev, Vladimir Vukićević, voracity, Wakaba, Wayne Pollock, Wellington Fernando de Macedo, Will Levine, William Swanson, Wladimir Palant, Wojciech Mach, Wolfram Kriesing, Yang Chen, Yehuda Katz, Yi-An Huang, Yngve Nysaeter Pettersen, Yuzo Fujishima, Zhenbin Xu, Zoltan Herczeg, and Øistein E. Andersen, for their useful comments, both large and small, that have led to changes to this specification over the years.
Thanks also to everyone who has ever posted about HTML to their blogs, public mailing lists, or forums, including all the contributors to the various W3C HTML WG lists and the various WHATWG lists.
Special thanks to Richard Williamson for creating the first
implementation of canvas in Safari, from which the
canvas feature was designed.
Special thanks also to the Microsoft employees who first
implemented the event-based drag-and-drop mechanism, contenteditable, and other
features first widely deployed by the Windows Internet Explorer
browser.
Thanks to the participants of the microdata usability study for allowing us to use their mistakes as a guide for designing the microdata feature.
Special thanks and $10,000 to David Hyatt who came up with a broken implementation of the adoption agency algorithm that the editor had to reverse engineer and fix before using it in the parsing section.
Thanks to the many sources that provided inspiration for the examples used in the specification.
The abstract is based on a photo by Wonderlane. (CC BY 2.0)
Thanks also to the Microsoft blogging community for some ideas, to the attendees of the W3C Workshop on Web Applications and Compound Documents for inspiration, to the #mrt crew, the #mrt.no crew, and the #whatwg crew, and to Pillar and Hedral for their ideas and support.