HTML 5

This is revision 1.2852.

IANA considerations

Status: First draft

This registration is for community review and will be submitted to the IESG for review, approval, and registration with IANA.

13.1 text/html

Type name:

text

Subtype name:

html

Required parameters:

No required parameters

Optional parameters:

charset

The charset parameter may be provided to definitively specify the document's character encoding, overriding any character encoding declarations in the document. The parameter's value must be the name of the character encoding used to serialize the file, must be a valid character encoding name, and must be the preferred name for that encoding. [IANACHARSET]

Encoding considerations:

See the section on character encoding declarations.

Security considerations:

Entire novels have been written about the security considerations that apply to HTML documents. Many are listed in this document, to which the reader is referred for more details. Some general concerns bear mentioning here, however:

HTML is scripted language, and has a large number of APIs (some of which are described in this document). Script can expose the user to potential risks of information leakage, credential leakage, cross-site scripting attacks, cross-site request forgeries, and a host of other problems. While the designs in this specification are intended to be safe if implemented correctly, a full implementation is a massive undertaking and, as with any software, user agents are likely to have security bugs.

Even without scripting, there are specific features in HTML which, for historical reasons, are required for broad compatibility with legacy content but that expose the user to unfortunate security problems. In particular, the img element can be used in conjunction with some other features as a way to effect a port scan from the user's location on the Internet. This can expose local network topologies that the attacker would otherwise not be able to determine.

Interoperability considerations:

Rules for processing both conforming and non-conforming content are defined in this specification.

Published specification:

This document is the relevant specification. Labeling a resource with the text/html type asserts that the resource is an HTML document using the HTML syntax.

Applications that use this media type:

Web browsers, tools for processing Web content, HTML authoring tools, search engines, validators.

Additional information:

Magic number(s):

No sequence of bytes can uniquely identify an HTML document. More information on detecting HTML documents is available in the Content-Type Processing Model specification. [MIMESNIFF]

File extension(s):

"html" and "htm" are commonly, but certainly not exclusively, used as the extension for HTML documents.

Macintosh file type code(s):

TEXT

Person & email address to contact for further information:

Ian Hickson <ian@hixie.ch>

Intended usage:

Common

Restrictions on usage:

No restrictions apply.

Author:

Ian Hickson <ian@hixie.ch>

Change controller:

W3C and WHATWG

Fragment identifiers used with text/html resources refer to the indicated part of the document.

13.2 application/xhtml+xml

Type name:

application

Subtype name:

xhtml+xml

Required parameters:

Same as for application/xml [RFC3023]

Optional parameters:

Same as for application/xml [RFC3023]

Encoding considerations:

Same as for application/xml [RFC3023]

Security considerations:

Same as for application/xml [RFC3023]

Interoperability considerations:

Same as for application/xml [RFC3023]

Published specification:

Labeling a resource with the application/xhtml+xml type asserts that the resource is an XML document that likely has a root element from the HTML namespace. As such, the relevant specifications are the XML specification, the Namespaces in XML specification, and this specification. [XML] [XMLNS]

Applications that use this media type:

Same as for application/xml [RFC3023]

Additional information:

Magic number(s):

Same as for application/xml [RFC3023]

File extension(s):

"xhtml" and "xht" are sometimes used as extensions for XML resources that have a root element from the HTML namespace.

Macintosh file type code(s):

TEXT

Person & email address to contact for further information:

Ian Hickson <ian@hixie.ch>

Intended usage:

Common

Restrictions on usage:

No restrictions apply.

Author:

Ian Hickson <ian@hixie.ch>

Change controller:

W3C and WHATWG

Fragment identifiers used with application/xhtml+xml resources have the same semantics as with any XML MIME type. [RFC3023]

13.3 text/cache-manifest

Type name:

text

Subtype name:

cache-manifest

Required parameters:

No parameters

Optional parameters:

No parameters

Encoding considerations:

Always UTF-8.

Security considerations:

Cache manifests themselves pose no immediate risk unless sensitive information is included within the manifest. Implementations, however, are required to follow specific rules when populating a cache based on a cache manifest, to ensure that certain origin-based restrictions are honored. Failure to correctly implement these rules can result in information leakage, cross-site scripting attacks, and the like.

Interoperability considerations:

Rules for processing both conforming and non-conforming content are defined in this specification.

Published specification:

This document is the relevant specification.

Applications that use this media type:

Web browsers.

Additional information:

Magic number(s):

Cache manifests begin with the string "CACHE MANIFEST", followed by either a U+0020 SPACE character, a U+0009 CHARACTER TABULATION (tab) character, a U+000A LINE FEED (LF) character, or a U+000D CARRIAGE RETURN (CR) character.

File extension(s):

"manifest"

Macintosh file type code(s):

No specific Macintosh file type codes are recommended for this type.

Person & email address to contact for further information:

Ian Hickson <ian@hixie.ch>

Intended usage:

Common

Restrictions on usage:

No restrictions apply.

Author:

Ian Hickson <ian@hixie.ch>

Change controller:

W3C and WHATWG

Fragment identifiers have no meaning with text/cache-manifest resources.

13.4 text/ping

Type name:

text

Subtype name:

ping

Required parameters:

No parameters

Optional parameters:

No parameters

Encoding considerations:

Not applicable.

Security considerations:

If used exclusively in the fashion described in the context of hyperlink auditing, this type introduces no new security concerns.

Interoperability considerations:

Rules applicable to this type are defined in this specification.

Published specification:

This document is the relevant specification.

Applications that use this media type:

Web browsers.

Additional information:

Magic number(s):

text/ping resources always consist of the four bytes 0x50 0x49 0x4E 0x47 (ASCII "PING").

File extension(s):

No specific file extension is recommended for this type.

Macintosh file type code(s):

No specific Macintosh file type codes are recommended for this type.

Person & email address to contact for further information:

Ian Hickson <ian@hixie.ch>

Intended usage:

Common

Restrictions on usage:

Only intended for use with HTTP POST requests generated as part of a Web browser's processing of the ping attribute.

Author:

Ian Hickson <ian@hixie.ch>

Change controller:

W3C and WHATWG

Fragment identifiers have no meaning with text/ping resources.

13.5 application/microdata+json

Type name:

application

Subtype name:

microdata+json

Required parameters:

Same as for application/json [JSON]

Optional parameters:

Same as for application/json [JSON]

Encoding considerations:

Always UTF-8.

Security considerations:

Same as for application/json [JSON]

Interoperability considerations:

Same as for application/json [JSON]

Published specification:

Labeling a resource with the application/microdata+json type asserts that the resource is a JSON text that consists of an object with a single entry called "items" consisting of an array of entries, each of which consists of an object with two entries, one called "type" whose value is an array of strings, and one called "properties" whose value is an object whose entries each have a value consisting of an array of either objects or strings, the objects being of the same form as the objects in the aforementioned "items" entry. As such, the relevant specifications are the JSON specification and this specification. [JSON]

Applications that use this media type:

Same as for application/json [JSON]

Additional information:

Magic number(s):

Same as for application/json [JSON]

File extension(s):

Same as for application/json [JSON]

Macintosh file type code(s):

Same as for application/json [JSON]

Person & email address to contact for further information:

Ian Hickson <ian@hixie.ch>

Intended usage:

Common

Restrictions on usage:

No restrictions apply.

Author:

Ian Hickson <ian@hixie.ch>

Change controller:

W3C and WHATWG

Fragment identifiers used with application/microdata+json resources have the same semantics as when used with application/json. [JSON]