text/html
This registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.
charset
The charset
parameter may be provided to definitively specify the
document's character encoding, overriding any character encoding declarations in the document. The parameter's value
must be the name of the character
encoding used to serialize the file. [ENCODING]
Entire novels have been written about the security considerations that apply to HTML documents. Many are listed in this document, to which the reader is referred for more details. Some general concerns bear mentioning here, however:
HTML is scripted language, and has a large number of APIs (some of which are described in this document). Script can expose the user to potential risks of information leakage, credential leakage, cross-site scripting attacks, cross-site request forgeries, and a host of other problems. While the designs in this specification are intended to be safe if implemented correctly, a full implementation is a massive undertaking and, as with any software, user agents are likely to have security bugs.
Even without scripting, there are specific features in HTML which, for historical reasons,
are required for broad compatibility with legacy content but that expose the user to unfortunate
security problems. In particular, the img
element can be used in conjunction with
some other features as a way to effect a port scan from the user's location on the Internet.
This can expose local network topologies that the attacker would otherwise not be able to
determine.
HTML relies on a compartmentalization scheme sometimes known as the same-origin policy. An origin in most cases consists of all the pages served from the same host, on the same port, using the same protocol.
It is critical, therefore, to ensure that any untrusted content that forms part of a site be hosted on a different origin than any sensitive content on that site. Untrusted content can easily spoof any other page on the same origin, read data from that origin, cause scripts in that origin to execute, submit forms to and from that origin even if they are protected from cross-site request forgery attacks by unique tokens, and make use of any third-party resources exposed to or rights granted to that origin.
html
" and "htm
"
are commonly, but certainly not exclusively, used as the
extension for HTML documents.TEXT
Fragment identifiers used with text/html
resources either refer to the
indicated part of the document or provide state information for in-page scripts.
multipart/x-mixed-replace
This registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.
boundary
(defined in RFC2046) [RFC2046]
multipart/x-mixed-replace
resource can be of any type, including types with non-trivial
security implications such as text/html
.
multipart/mixed
. [RFC2046]
multipart/x-mixed-replace
resource.Fragment identifiers used with
multipart/x-mixed-replace
resources apply to each body
part as defined by the type used by that body part.
application/xhtml+xml
This registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.
application/xml
[RFC3023]application/xml
[RFC3023]application/xml
[RFC3023]application/xml
[RFC3023]application/xml
[RFC3023]application/xhtml+xml
type asserts that the resource is an XML document that likely has
a root element from the HTML namespace. Thus, the
relevant specifications are the XML specification, the Namespaces
in XML specification, and this specification. [XML] [XMLNS]
application/xml
[RFC3023]application/xml
[RFC3023]xhtml
" and "xht
"
are sometimes used as extensions for XML resources that have a
root element from the HTML namespace.TEXT
Fragment identifiers used with application/xhtml+xml
resources have the same semantics as with any XML MIME
type. [RFC3023]
application/x-www-form-urlencoded
This registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.
In isolation, an application/x-www-form-urlencoded
payload poses no security risks. However, as this type is usually
used as part of a form submission, all the risks that apply to
HTML forms need to be considered in the context of this type.
application/x-www-form-urlencoded
payloads are
defined in this specification.
application/x-www-form-urlencoded
payloads.Fragment identifiers have no meaning with the
application/x-www-form-urlencoded
type.
text/cache-manifest
This registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.
Cache manifests themselves pose no immediate risk unless sensitive information is included within the manifest. Implementations, however, are required to follow specific rules when populating a cache based on a cache manifest, to ensure that certain origin-based restrictions are honored. Failure to correctly implement these rules can result in information leakage, cross-site scripting attacks, and the like.
CACHE
MANIFEST
", followed by either a U+0020 SPACE character, a
"tab" (U+0009) character, a "LF" (U+000A) character, or a "CR" (U+000D) character.appcache
"Fragment identifiers have no meaning with
text/cache-manifest
resources.
web+
scheme prefixThis section describes a convention for use with the IANA URI scheme registry. It does not itself register a specific scheme. [RFC4395]
web+
" followed by one or more letters in the range
a
-z
.
web+
" schemes should use UTF-8 encodings where relevant.web+
" schemes. As such, these schemes must not be
used for features intended to be core platform features (e.g.
network transfer protocols like HTTP or FTP). Similarly, such
schemes must not store confidential information in their URLs,
such as usernames, passwords, personal information, or
confidential project names.
The following sections only cover conforming elements and features.
This section is non-normative.
An asterisk (*) in a cell indicates that the actual rules are more complicated than indicated in the table above.
† Categories in the "Parents" column refer to parents that list the given categories in
their content model, not to elements that themselves are in those categories. For example, the
a
element's "Parents" column says "phrasing", so any element whose content model
contains the "phrasing" category could be a parent of an a
element. Since the "flow"
category includes all the "phrasing" elements, that means the th
element could be a
parent to an a
element.
This section is non-normative.
This section is non-normative.
Attribute | Element(s) | Description | Value |
---|---|---|---|
abbr
| th
| Alternative label to use for the header cell when referencing the cell in other contexts | Text* |
accept
| input
| Hint for expected file type in file upload controls | Set of comma-separated tokens* consisting of valid MIME types with no parameters or audio/* , video/* , or image/*
|
accept-charset
| form
| Character encodings to use for form submission | Ordered set of unique space-separated tokens, ASCII case-insensitive, consisting of names of ASCII-compatible character encodings* |
accesskey
| HTML elements | Keyboard shortcut to activate or focus element | Ordered set of unique space-separated tokens, case-sensitive, consisting of one Unicode code point in length |
action
| form
| URL to use for form submission | Valid non-empty URL potentially surrounded by spaces |
allowfullscreen
| iframe
| Whether to allow the iframe 's contents to use requestFullscreen()
| Boolean attribute |
alt
| area ;
img ;
input
| Replacement text for use when images are not available | Text* |
async
| script
| Execute script asynchronously | Boolean attribute |
autocomplete
| form
| Default setting for autofill feature for controls in the form | "on "; "off "
|
autocomplete
| input ;
select ;
textarea
| Hint for form autofill feature | Autofill field name and related tokens* |
autofocus
| button ;
input ;
keygen ;
select ;
textarea
| Automatically focus the form control when the page is loaded | Boolean attribute |
autoplay
| audio ;
video
| Hint that the media resource can be started automatically when the page is loaded | Boolean attribute |
border
| table
| Explicit indication that the table element is not being used for layout purposes
| The empty string, or "1 "
|
challenge
| keygen
| String to package with the generated and signed public key | Text |
charset
| meta
| Character encoding declaration | Encoding name* |
charset
| script
| Character encoding of the external script resource | Encoding name* |
checked
| menuitem ;
input
| Whether the command or control is checked | Boolean attribute |
cite
| blockquote ;
del ;
ins ;
q
| Link to the source of the quotation or more information about the edit | Valid URL potentially surrounded by spaces |
class
| HTML elements | Classes to which the element belongs | Set of space-separated tokens |
cols
| textarea
| Maximum number of characters per line | Valid non-negative integer greater than zero |
colspan
| td ;
th
| Number of columns that the cell is to span | Valid non-negative integer greater than zero |
command
| menuitem
| Command definition | ID* |
content
| meta
| Value of the element | Text* |
contenteditable
| HTML elements | Whether the element is editable | "true "; "false "
|
contextmenu
| HTML elements | The element's context menu | ID* |
controls
| audio ;
video
| Show user agent controls | Boolean attribute |
coords
| area
| Coordinates for the shape to be created in an image map | Valid list of integers* |
crossorigin
| audio ;
img ;
link ;
script ;
video
| How the element handles crossorigin requests. | "anonymous "; "use-credentials "
|
data
| object
| Address of the resource | Valid non-empty URL potentially surrounded by spaces |
datetime
| del ;
ins
| Date and (optionally) time of the change | Valid date string with optional time |
datetime
| time
| Machine-readable value | Valid month string, valid date string, valid yearless date string, valid time string, valid local date and time string, valid time-zone offset string, valid global date and time string, valid week string, valid non-negative integer, or valid duration string |
default
| track
| Enable the track if no other text track is more suitable. | Boolean attribute |
defer
| script
| Defer script execution | Boolean attribute |
dir
| HTML elements | The text directionality of the element | "ltr "; "rtl "; "auto "
|
dirname
| input ;
textarea
| Name of form field to use for sending the element's directionality in form submission | Text* |
disabled
| button ;
menuitem ;
fieldset ;
input ;
keygen ;
optgroup ;
option ;
select ;
textarea
| Whether the form control is disabled | Boolean attribute |
download
| a ;
area
| Whether to download the resource instead of navigating to it, and its file name if so | Text |
draggable
| HTML elements | Whether the element is draggable | "true "; "false "
|
dropzone
| HTML elements | Accepted item types for drag-and-drop | Unordered set of unique space-separated tokens, ASCII case-insensitive, consisting of accepted types and drag feedback* |
enctype
| form
| Form data set encoding type to use for form submission | "application/x-www-form-urlencoded "; "multipart/form-data "; "text/plain "
|
for
| label
| Associate the label with form control | ID* |
for
| output
| Specifies controls from which the output was calculated | Unordered set of unique space-separated tokens, case-sensitive, consisting of IDs* |
form
| button ;
fieldset ;
input ;
keygen ;
label ;
object ;
output ;
select ;
textarea
| Associates the control with a form element
| ID* |
formaction
| button ;
input
| URL to use for form submission | Valid non-empty URL potentially surrounded by spaces |
formenctype
| button ;
input
| Form data set encoding type to use for form submission | "application/x-www-form-urlencoded "; "multipart/form-data "; "text/plain "
|
formmethod
| button ;
input
| HTTP method to use for form submission | "GET "; "POST "
|
formnovalidate
| button ;
input
| Bypass form control validation for form submission | Boolean attribute |
formtarget
| button ;
input
| Browsing context for form submission | Valid browsing context name or keyword |
headers
| td ;
th
| The header cells for this cell | Unordered set of unique space-separated tokens, case-sensitive, consisting of IDs* |
height
| canvas ;
embed ;
iframe ;
img ;
input ;
object ;
video
| Vertical dimension | Valid non-negative integer |
hidden
| HTML elements | Whether the element is relevant | Boolean attribute |
high
| meter
| Low limit of high range | Valid floating-point number* |
href
| a ;
area
| Address of the hyperlink | Valid URL potentially surrounded by spaces |
href
| link
| Address of the hyperlink | Valid non-empty URL potentially surrounded by spaces |
href
| base
| Document base URL | Valid URL potentially surrounded by spaces |
hreflang
| a ;
area ;
link
| Language of the linked resource | Valid BCP 47 language tag |
http-equiv
| meta
| Pragma directive | Text* |
icon
| menuitem
| Icon for the command | Valid non-empty URL potentially surrounded by spaces |
id
| HTML elements | The element's ID | Text* |
inert
| HTML elements | Whether the element is inert | Boolean attribute |
inputmode
| input ;
textarea
| Hint for selecting an input modality | verbatim ;
latin ;
latin-name ;
latin-prose ;
full-width-latin ;
kana ;
katakana ;
numeric ;
tel ;
email ;
url
|
ismap
| img
| Whether the image is a server-side image map | Boolean attribute |
itemid
| HTML elements | Global identifier for a microdata item | Valid URL potentially surrounded by spaces |
itemprop
| HTML elements | Property names of a microdata item | Unordered set of unique space-separated tokens, case-sensitive, consisting of valid absolute URLs, defined property names, or text* |
itemref
| HTML elements | Referenced elements | Unordered set of unique space-separated tokens, case-sensitive, consisting of IDs* |
itemscope
| HTML elements | Introduces a microdata item | Boolean attribute |
itemtype
| HTML elements | Item types of a microdata item | Unordered set of unique space-separated tokens, case-sensitive, consisting of valid absolute URL* |
keytype
| keygen
| The type of cryptographic key to generate | Text* |
kind
| track
| The type of text track | "subtitles ";
"captions ";
"descriptions ";
"chapters ";
"metadata "
|
label
| menuitem ;
menu ;
optgroup ;
option ;
track
| User-visible label | Text |
lang
| HTML elements | Language of the element | Valid BCP 47 language tag or the empty string |
list
| input
| List of autocomplete options | ID* |
loop
| audio ;
video
| Whether to loop the media resource | Boolean attribute |
low
| meter
| High limit of low range | Valid floating-point number* |
manifest
| html
| Application cache manifest | Valid non-empty URL potentially surrounded by spaces |
max
| input
| Maximum value | Varies* |
max
| meter ;
progress
| Upper bound of range | Valid floating-point number* |
maxlength
| input ;
textarea
| Maximum length of value | Valid non-negative integer |
media
| link ;
source ;
style
| Applicable media | Valid media query |
mediagroup
| audio ;
video
| Groups media elements together with an implicit MediaController
| Text |
method
| form
| HTTP method to use for form submission | "GET ";
"POST ";
|
min
| input
| Minimum value | Varies* |
min
| meter
| Lower bound of range | Valid floating-point number* |
multiple
| input ;
select
| Whether to allow multiple values | Boolean attribute |
muted
| audio ;
video
| Whether to mute the media resource by default | Boolean attribute |
name
| button ;
fieldset ;
input ;
keygen ;
output ;
select ;
textarea
| Name of form control to use for form submission and in the form.elements API
| Text* |
name
| form
| Name of form to use in the document.forms API
| Text* |
name
| iframe ;
object
| Name of nested browsing context | Valid browsing context name or keyword |
name
| map
| Name of image map to reference from the usemap attribute
| Text* |
name
| meta
| Metadata name | Text* |
name
| param
| Name of parameter | Text |
novalidate
| form
| Bypass form control validation for form submission | Boolean attribute |
open
| details
| Whether the details are visible | Boolean attribute |
open
| dialog
| Whether the dialog box is showing | Boolean attribute |
optimum
| meter
| Optimum value in gauge | Valid floating-point number* |
pattern
| input
| Pattern to be matched by the form control's value | Regular expression matching the JavaScript Pattern production |
placeholder
| input ;
textarea
| User-visible label to be placed within the form control | Text* |
poster
| video
| Poster frame to show prior to video playback | Valid non-empty URL potentially surrounded by spaces |
preload
| audio ;
video
| Hints how much buffering the media resource will likely need | "none ";
"metadata ";
"auto "
|
radiogroup
| menuitem
| Name of group of commands to treat as a radio button group | Text |
readonly
| input ;
textarea
| Whether to allow the value to be edited by the user | Boolean attribute |
rel
| a ;
area ;
link
| Relationship between the document containing the hyperlink and the destination resource | Set of space-separated tokens* |
required
| input ;
select ;
textarea
| Whether the control is required for form submission | Boolean attribute |
reversed
| ol
| Number the list backwards | Boolean attribute |
rows
| textarea
| Number of lines to show | Valid non-negative integer greater than zero |
rowspan
| td ;
th
| Number of rows that the cell is to span | Valid non-negative integer |
sandbox
| iframe
| Security rules for nested content | Unordered set of unique space-separated tokens, ASCII case-insensitive, consisting of
"allow-forms ",
"allow-pointer-lock ",
"allow-popups ",
"allow-same-origin ",
"allow-scripts and
"allow-top-navigation "
|
spellcheck
| HTML elements | Whether the element is to have its spelling and grammar checked | "true "; "false "
|
scope
| th
| Specifies which cells the header cell applies to | "row ";
"col ";
"rowgroup ";
"colgroup "
|
scoped
| style
| Whether the styles apply to the entire document or just the parent subtree | Boolean attribute |
seamless
| iframe
| Whether to apply the document's styles to the nested content | Boolean attribute |
selected
| option
| Whether the option is selected by default | Boolean attribute |
shape
| area
| The kind of shape to be created in an image map | "circle ";
"default ";
"poly ";
"rect "
|
size
| input ;
select
| Size of the control | Valid non-negative integer greater than zero |
sizes
| link
| Sizes of the icons (for rel ="icon ")
| Unordered set of unique space-separated tokens, ASCII case-insensitive, consisting of sizes* |
span
| col ;
colgroup
| Number of columns spanned by the element | Valid non-negative integer greater than zero |
src
| audio ;
embed ;
iframe ;
img ;
input ;
script ;
source ;
track ;
video
| Address of the resource | Valid non-empty URL potentially surrounded by spaces |
srcdoc
| iframe
| A document to render in the iframe
| The source of an iframe srcdoc document*
|
srclang
| track
| Language of the text track | Valid BCP 47 language tag |
start
| ol
| Ordinal value of the first item | Valid integer |
step
| input
| Granularity to be matched by the form control's value | Valid floating-point number greater than zero, or "any "
|
style
| HTML elements | Presentational and formatting instructions | CSS declarations* |
tabindex
| HTML elements | Whether the element is focusable, and the relative order of the element for the purposes of sequential focus navigation | Valid integer |
target
| a ;
area
| Browsing context for hyperlink navigation | Valid browsing context name or keyword |
target
| base
| Default browsing context for hyperlink navigation and form submission | Valid browsing context name or keyword |
target
| form
| Browsing context for form submission | Valid browsing context name or keyword |
title
| HTML elements | Advisory information for the element | Text |
title
| abbr ;
dfn
| Full term or expansion of abbreviation | Text |
title
| menuitem
| Hint describing the command | Text |
title
| link
| Title of the link | Text |
title
| link ;
style
| Alternative style sheet set name | Text |
translate
| HTML elements | Whether the element is to be translated when the page is localized | "yes "; "no "
|
type
| a ;
area ;
link
| Hint for the type of the referenced resource | Valid MIME type |
type
| button
| Type of button | "submit ";
"reset ";
"button ";
"menu "
|
type
| embed ;
object ;
script ;
source ;
style
| Type of embedded resource | Valid MIME type |
type
| input
| Type of form control | input type keyword
|
type
| menu
| Type of menu | "popup "; "toolbar "
|
type
| menuitem
| Type of command | "command ";
"checkbox ";
"radio "
|
type
| ol
| Kind of list marker | "1 ";
"a ";
"A ";
"i ";
"I "
|
typemustmatch
| object
| Whether the type attribute and the Content-Type value need to match for the resource to be used
| Boolean attribute |
usemap
| img ;
object
| Name of image map to use | Valid hash-name reference* |
value
| button ;
option
| Value to be used for form submission | Text |
value
| data
| Machine-readable value | Text* |
value
| input
| Value of the form control | Varies* |
value
| li
| Ordinal value of the list item | Valid integer |
value
| meter ;
progress
| Current value of the element | Valid floating-point number |
value
| param
| Value of parameter | Text |
width
| canvas ;
embed ;
iframe ;
img ;
input ;
object ;
video
| Horizontal dimension | Valid non-negative integer |
wrap
| textarea
| How the value of the form control is to be wrapped for form submission | "soft ";
"hard "
|
An asterisk (*) in a cell indicates that the actual rules are more complicated than indicated in the table above.
This section is non-normative.
This section is non-normative.
This section is non-normative.
Event | Interface | Description |
---|---|---|
abort
| Event
| Fired at the Window when the download was aborted by the user
|
afterprint
| Event
| Fired at the Window after printing
|
beforeprint
| Event
| Fired at the Window before printing
|
beforeunload
| BeforeUnloadEvent
| Fired at the Window when the page is about to be unloaded, in case the page would like to show a warning prompt
|
blur
| Event
| Fired at nodes losing focus |
change
| Event
| Fired at controls when the user commits a value change |
click
| Event
| Fired at an element before its activation behavior is run |
contextmenu
| Event
| Fired at elements when the user requests their context menu |
DOMContentLoaded
| Event
| Fired at the Document once the parser has finished
|
error
| Event
| Fired at elements when network and script errors occur |
focus
| Event
| Fired at nodes gaining focus |
hashchange
| HashChangeEvent
| Fired at the Window when the fragment identifier part of the document's address changes
|
input
| Event
| Fired at controls when the user changes the value |
invalid
| Event
| Fired at controls during form validation if they do not satisfy their constraints |
load
| Event
| Fired at the Window when the document has finished loading; fired at an element containing a resource (e.g. img , embed ) when its resource has finished loading
|
message
| MessageEvent
| Fired at an object when the object receives a message |
offline
| Event
| Fired at the Window when the network connections fails
|
online
| Event
| Fired at the Window when the network connections returns
|
pagehide
| PageTransitionEvent
| Fired at the Window when the page's entry in the session history stops being the current entry
|
pageshow
| PageTransitionEvent
| Fired at the Window when the page's entry in the session history becomes the current entry
|
popstate
| PopStateEvent
| Fired at the Window when the user navigates the session history
|
readystatechange
| Event
| Fired at the Document when it finishes parsing and again when all its subresources have finished loading
|
reset
| Event
| Fired at a form element when it is reset
|
show
| Event
| Fired at a menu element when it is shown as a context menu
|
submit
| Event
| Fired at a form element when it is submitted
|
unload
| Event
| Fired at the Window object when the page is going away
|
See also media element events, application cache events, and drag-and-drop events.
All references are normative unless marked "Non-normative".
XMLHttpRequest
, A. van Kesteren. WHATWG.Thanks to Tim Berners-Lee for inventing HTML, without which none of this would exist.
Thanks to Aankhen, Aaron Boodman, Aaron Leventhal, Adam Barth, Adam de Boor, Adam Hepton, Adam Roben, Addison Phillips, Adele Peterson, Adrian Bateman, Adrian Sutton, Agustín Fernández, Aharon (Vladimir) Lanin, Ajai Tirumali, Akatsuki Kitamura, Alan Plum, Alastair Campbell, Alejandro G. Castro, Alex Bishop, Alex Nicolaou, Alex Rousskov, Alexander J. Vincent, Alexandre Morgaut, Alexey Feldgendler, Алексей Проскуряков (Alexey Proskuryakov), Alexis Deveria, Allan Clements, Amos Jeffries, Anders Carlsson, Andreas, Andreas Kling, Andrei Popescu, André E. Veltstra, Andrew Barfield, Andrew Clover, Andrew Gove, Andrew Grieve, Andrew Oakley, Andrew Sidwell, Andrew Simons, Andrew Smith, Andrew W. Hagen, Andrey V. Lukyanov, Andy Heydon, Andy Palay, Anne van Kesteren, Anthony Boyd, Anthony Bryan, Anthony Hickson, Anthony Ricaud, Antti Koivisto, Arne Thomassen, Aron Spohr, Arphen Lin, Arun Patole, Aryeh Gregor, Asbjørn Ulsberg, Ashley Gullen, Ashley Sheridan, Atsushi Takayama, Aurelien Levy, Ave Wrigley, Axel Dahmen, Ben Boyle, Ben Godfrey, Ben Lerner, Ben Leslie, Ben Meadowcroft, Ben Millard, Benjamin Carl Wiley Sittler, Benjamin Hawkes-Lewis, Benoit Ren, Bert Bos, Bijan Parsia, Bil Corry, Bill Mason, Bill McCoy, Billy Wong, Bjartur Thorlacius, Björn Höhrmann, Blake Frantz, Bob Lund, Bob Owen, Boris Zbarsky, Brad Fults, Brad Neuberg, Brad Spencer, Brady Eidson, Brendan Eich, Brenton Simpson, Brett Wilson, Brett Zamir, Brian Campbell, Brian Korver, Brian Kuhn, Brian M. Dube, Brian Ryner, Brian Smith, Brian Wilson, Bryan Sullivan, Bruce D'Arcus, Bruce Lawson, Bruce Miller, C. Williams, Cameron McCormack, Cameron Zemek, Cao Yipeng, Carlos Gabriel Cardona, Carlos Perelló Marín, Chao Cai, 윤석찬 (Channy Yun), Charl van Niekerk, Charles Iliya Krempeaux, Charles McCathieNevile, Chris Apers, Chris Cressman, Chris Evans, Chris Morris, Chris Pearce, Chris Weber, Christian Biesinger, Christian Johansen, Christian Schmidt, Christoph Päper, Christopher Aillon, Christopher Ferris, Chriswa, Clark Buehler, Cole Robison, Colin Fine, Collin Jackson, Corprew Reed, Craig Cockburn, Csaba Gabor, Csaba Marton, Cynthia Shelly, Dan Yoder, Daniel Barclay, Daniel Bratell, Daniel Brooks, Daniel Brumbaugh Keeney, Daniel Cheng, Daniel Davis, Daniel Glazman, Daniel Peng, Daniel Schattenkirchner, Daniel Spång, Daniel Steinberg, Danny Sullivan, Darin Adler, Darin Fisher, Darxus, Dave Camp, Dave Hodder, Dave Lampton, Dave Singer, Dave Townsend, David Baron, David Bloom, David Bruant, David Carlisle, David E. Cleary, David Egan Evans, David Flanagan, David Gerard, David Håsäther, David Hyatt, David I. Lehn, David John Burrowes, David Kendal, David Matja, David Remahl, David Smith, David Woolley, DeWitt Clinton, Dean Edridge, Dean Edwards, Debi Orton, Derek Featherstone, Devdatta, Dimitri Glazkov, Dimitry Golubovsky, Dirk Pranke, Divya Manian, Dmitry Titov, dolphinling, Dominique Hazaël-Massieux, Don Brutzman, Doron Rosenberg, Doug Kramer, Doug Simpkinson, Drew Wilson, Edmund Lai, Eduard Pascual, Eduardo Vela, Edward O'Connor, Edward Welbourne, Edward Z. Yang, Ehsan Akhgari, Eira Monstad, Eitan Adler, Eliot Graff, Elisabeth Robson, Elizabeth Castro, Elliott Sprehn, Elliotte Harold, Eric Carlson, Eric Lawrence, Eric Rescorla, Eric Semling, Erik Arvidsson, Erik Rose, Evan Martin, Evan Prodromou, Evert, fantasai, Felix Sasaki, Francesco Schwarz, Francis Brosnan Blazquez, Franck 'Shift' Quélain, Frank Barchard, 鵜飼文敏 (Fumitoshi Ukai), Futomi Hatano, Gavin Carothers, Gavin Kistner, Gareth Rees, Garrett Smith, Geoff Richards, Geoffrey Garen, Sam Sneddon, Gez Lemon, George Lund, Gianmarco Armellin, Giovanni Campagna, Giuseppe Pascale, Glenn Adams, Glenn Maynard, Graham Klyne, Greg Botten, Greg Houston, Greg Wilkins, Gregg Tavares, Gregory J. Rosmaita, Grey, Guilherme Johansson Tramontina, Gytis Jakutonis, Håkon Wium Lie, Hallvord Reiar Michaelsen Steen, Hans S. Tømmerhalt, Hans Stimer, Harald Alvestrand, Henri Sivonen, Henrik Lied, Henry Mason, Heydon Pickering, Hugh Guiney, Hugh Winkler, Ian Bicking, Ian Clelland, Ian Davis, Ian Fette, Ido Green, Ignacio Javier, Ivan Enderlin, Ivo Emanuel Gonçalves, J. King, Jacob Davies, Jacques Distler, Jake Verbaten, James Craig, James Graham, James Justin Harrell, James Kozianski, James M Snell, James Perrett, James Robinson, Jamie Lokier, Janusz Majnert, Jan-Klaas Kollhof, Jason Duell, Jason Kersey, Jason Lustig, Jason White, Jasper Bryant-Greene, Jasper St. Pierre, Jatinder Mann, Jed Hartman, Jeff Balogh, Jeff Cutsinger, Jeff Schiller, Jeff Walden, Jeffrey Zeldman, 胡慧鋒 (Jennifer Braithwaite), Jens Bannmann, Jens Fendler, Jens Lindström, Jens Meiert, Jeremey Hustman, Jeremy Keith, Jeremy Orlow, Jeroen van der Meer, Jian Li, Jim Jewett, Jim Ley, Jim Meehan, Jim Michaels, Jirka Kosek, Jjgod Jiang, João Eiras, Joe Clark, Joe Gregorio, Joel Spolsky, Johan Herland, John Boyer, John Bussjaeger, John Carpenter, John Daggett, John Fallows, John Foliot, John Harding, John Keiser, John Snyders, John Stockton, John-Mark Bell, Johnny Stenback, Jon Ferraiolo, Jon Gibbins, Jon Perlow, Jonas Sicking, Jonathan Cook, Jonathan Rees, Jonathan Watt, Jonathan Worent, Jonny Axelsson, Jordan Tucker, Jorgen Horstink, Jorunn Danielsen Newth, Joseph Kesselman, Joseph Mansfield, Joseph Pecoraro, Josh Aas, Josh Hart, Josh Levenberg, Joshua Bell, Joshua Randall, Jukka K. Korpela, Jules Clément-Ripoche, Julian Reschke, Jürgen Jeka, Justin Lebar, Justin Novosad, Justin Schuh, Justin Sinclair, Kai Hendry, 呂康豪 (KangHao Lu), Kartikaya Gupta, Kathy Walton, Kelly Ford, Kelly Norton, Kevin Benson, Kevin Gadd, Kevin Cole, Kornél Pál, Kornel Lesinski, Kris Northfield, Kristof Zelechovski, Krzysztof Maczyński, 黒澤剛志 (Kurosawa Takeshi), Kyle Barnhart, Kyle Hofmann, Kyle Huey, Léonard Bouchet, Léonie Watson, Lachlan Hunt, Larry Masinter, Larry Page, Lars Gunther, Lars Solberg, Laura Carlson, Laura Granka, Laura L. Carlson, Laura Wisewell, Laurens Holst, Lee Kowalkowski, Leif Halvard Silli, Lenny Domnitser, Leonard Rosenthol, Leonie Watson, Leons Petrazickis, Lobotom Dysmon, Logan, Loune, Luke Kenneth Casson Leighton, Maciej Stachowiak, Magnus Kristiansen, Maik Merten, Malcolm Rowe, Manish Tripathi, Marcus Bointon, Mark Birbeck, Mark Davis, Mark Miller, Mark Nottingham, Mark Pilgrim, Mark Rowe, Mark Schenk, Mark Vickers, Mark Wilton-Jones, Martijn Wargers, Martin Atkins, Martin Dürst, Martin Honnen, Martin Janecke, Martin Kutschker, Martin Nilsson, Martin Thomson, Masataka Yakura, Matt May, Mathias Bynens, Mathieu Henri, Matias Larsson, Matt Falkenhagen, Matt Schmidt, Matt Wright, Matthew Gregan, Matthew Mastracci, Matthew Raymond, Matthew Thomas, Mattias Waldau, Max Romantschuk, Menno van Slooten, Micah Dubinko, Michael 'Ratt' Iannarelli, Michael A. Nachbaur, Michael A. Puls II, Michael Carter, Michael Daskalov, Michael Day, Michael Dyck, Michael Enright, Michael Gratton, Michael Nordman, Michael Powers, Michael Rakowski, Michael(tm) Smith, Michal Zalewski, Michel Fortin, Michelangelo De Simone, Michiel van der Blonk, Mihai Şucan, Mihai Parparita, Mike Brown, Mike Dierken, Mike Dixon, Mike Schinkel, Mike Shaver, Mikko Rantalainen, Mohamed Zergaoui, Mounir Lamouri, Ms2ger, NARUSE Yui, Neil Deakin, Neil Rashbrook, Neil Soiffer, Nicholas Shanks, Nicholas Stimpson, Nicholas Zakas, Nickolay Ponomarev, Nicolas Gallagher, Noah Mendelsohn, Noah Slater, Noel Gordon, NoozNooz42, Norbert Lindenberg, Ojan Vafai, Olaf Hoffmann, Olav Junker Kjær, Oldřich Vetešník, Oli Studholme, Oliver Hunt, Oliver Rigby, Olivier Gendrin, Olli Pettay, oSand, Pablo Flouret, Patrick H. Lauke, Patrik Persson, Paul Adenot, Paul Norman, Per-Erik Brodin, Perry Smith, Peter Beverloo, Peter Karlsson, Peter Kasting, Peter Moulder, Peter Occil, Peter Stark, Peter Van der Beken, Peter-Paul Koch, Phil Pickering, Philip Jägenstedt, Philip Taylor, Philip TAYLOR, Philippe De Ryck, Prateek Rungta, Pravir Gupta, 李普君 (Pujun Li), Rachid Finge, Rafał Miłecki, Raj Doshi, Rajas Moonka, Ralf Stoltze, Ralph Giles, Raphael Champeimont, Remci Mizkur, Remco, Remy Sharp, Rene Saarsoo, Rene Stach, Ric Hardacre, Rich Doughty, Richard Ishida, Rigo Wenning, Rikkert Koppes, Rimantas Liubertas, Riona Macnamara, Rob Ennals, Rob Jellinghaus, Rob S, Robert Blaut, Robert Collins, Robert Kieffer, Robert Millan, Robert O'Callahan, Robert Sayre, Robin Berjon, Rodger Combs, Roland Steiner, Roma Matusevich, Roman Ivanov, Roy Fielding, Ruud Steltenpool, Ryan King, Ryosuke Niwa, S. Mike Dierken, Salvatore Loreto, Sam Dutton, Sam Kuper, Sam Ruby, Sam Weinig, Samuel Bronson, Samy Kamkar, Sander van Lambalgen, Sarven Capadisli, Scott González, Scott Hess, Sean Fraser, Sean Hayes, Sean Hogan, Sean Knapp, Sebastian Markbåge, Sebastian Schnitzenbaumer, Seth Call, Seth Dillingham, Shanti Rao, Shaun Inman, Shiki Okasaka, Sierk Bornemann, Sigbjørn Vik, Silver Ghost, Silvia Pfeiffer, Šime Vidas, Simon Montagu, Simon Pieters, Simon Spiegel, skeww, Smylers, Stanton McCandlish, Stefan Håkansson, Stefan Haustein, Stefan Santesson, Stefan Weiss, Steffen Meschkat, Stephen Ma, Stephen White, Steve Comstock, Steve Faulkner, Steve Runyon, Steven Bennett, Steven Garrity, Steven Tate, Stewart Brodie, Stuart Ballard, Stuart Langridge, Stuart Parmenter, Subramanian Peruvemba, Sunava Dutta, Susan Borgrink, Susan Lesch, Sylvain Pasche, T. J. Crowder, Tab Atkins, Takeshi Yoshino, Tantek Çelik, 田村健人 (TAMURA Kent), Ted Mielczarek, Terrence Wood, Thomas Broyer, Thomas Koetter, Thomas O'Connor, Tim Altman, Tim Johansson, TJ VanToll, Toby Inkster, Todd Moody, Tom Baker, Tom Pike, Tommy Thorsen, Travis Leithead, Tyler Close, Victor Carbune, Vladimir Katardjiev, Vladimir Vukićević, voracity, Wakaba, Wayne Carr, Wayne Pollock, Wellington Fernando de Macedo, Weston Ruter, Wilhelm Joys Andersen, Will Levine, William Swanson, Wladimir Palant, Wojciech Mach, Wolfram Kriesing, Xan Gregg, Yang Chen, Ye-Kui Wang, Yehuda Katz, Yi-An Huang, Yngve Nysaeter Pettersen, Yonathan Randolph, Yuzo Fujishima, Zhenbin Xu, Zoltan Herczeg, and Øistein E. Andersen, for their useful comments, both large and small, that have led to changes to this specification over the years.
Thanks also to everyone who has ever posted about HTML to their blogs, public mailing lists, or forums, including all the contributors to the various W3C HTML WG lists and the various WHATWG lists.
Special thanks to Richard Williamson for creating the first
implementation of canvas
in Safari, from which the
canvas feature was designed.
Special thanks also to the Microsoft employees who first
implemented the event-based drag-and-drop mechanism, contenteditable
, and other
features first widely deployed by the Windows Internet Explorer
browser.
Thanks to the participants of the microdata usability study for allowing us to use their mistakes as a guide for designing the microdata feature.
Special thanks and $10,000 to David Hyatt who came up with a broken implementation of the adoption agency algorithm that the editor had to reverse engineer and fix before using it in the parsing section.
Thanks to the many sources that provided inspiration for the examples used in the specification.
Thanks also to the Microsoft blogging community for some ideas, to the attendees of the W3C Workshop on Web Applications and Compound Documents for inspiration, to the #mrt crew, the #mrt.no crew, and the #whatwg crew, and to Pillar and Hedral for their ideas and support.