idnits 2.17.1 draft-ietf-dispatch-javascript-mjs-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 22, 2020) is 1466 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 4329 (Obsoleted by RFC 9239) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DISPATCH M. Miller 3 Internet-Draft Mozilla 4 Obsoletes: 4329 (if approved) M. Borins 5 Intended status: Informational M. Bynens 6 Expires: October 24, 2020 Google 7 B. Farias 8 April 22, 2020 10 ECMAScript Media Types Updates 11 draft-ietf-dispatch-javascript-mjs-07 13 Abstract 15 This document updates the ECMAScript media types, replacing the 16 existing registrations for "application/javascript" and "text/ 17 javascript" with information and requirements aligned with 18 implementation experiences. This document obsoletes RFC4329, 19 "Scripting Media Types". 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on October 24, 2020. 38 Copyright Notice 40 Copyright (c) 2020 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 57 2. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 3 58 3. Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . 4 60 4.1. Charset Parameter . . . . . . . . . . . . . . . . . . . . 4 61 4.2. Character Encoding Scheme Detection . . . . . . . . . . . 5 62 4.3. Character Encoding Scheme Error Handling . . . . . . . . 6 63 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 64 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 65 6.1. Common Javascript Media Types . . . . . . . . . . . . . . 9 66 6.1.1. text/javascript . . . . . . . . . . . . . . . . . . . 9 67 6.2. Historic Javascript Media Types . . . . . . . . . . . . . 10 68 6.2.1. application/ecmascript . . . . . . . . . . . . . . . 10 69 6.2.2. application/javascript . . . . . . . . . . . . . . . 11 70 6.2.3. application/x-ecmascript . . . . . . . . . . . . . . 12 71 6.2.4. application/x-javascript . . . . . . . . . . . . . . 13 72 6.2.5. text/ecmascript . . . . . . . . . . . . . . . . . . . 14 73 6.2.6. text/javascript1.0 . . . . . . . . . . . . . . . . . 15 74 6.2.7. text/javascript1.1 . . . . . . . . . . . . . . . . . 16 75 6.2.8. text/javascript1.2 . . . . . . . . . . . . . . . . . 17 76 6.2.9. text/javascript1.3 . . . . . . . . . . . . . . . . . 18 77 6.2.10. text/javascript1.4 . . . . . . . . . . . . . . . . . 19 78 6.2.11. text/javascript1.5 . . . . . . . . . . . . . . . . . 20 79 6.2.12. text/jscript . . . . . . . . . . . . . . . . . . . . 21 80 6.2.13. text/livescript . . . . . . . . . . . . . . . . . . . 22 81 6.2.14. text/x-ecmascript . . . . . . . . . . . . . . . . . . 23 82 6.2.15. text/x-javascript . . . . . . . . . . . . . . . . . . 24 83 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 25 84 7.1. Normative References . . . . . . . . . . . . . . . . . . 25 85 7.2. Informative References . . . . . . . . . . . . . . . . . 26 86 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 26 87 Appendix B. Changes from RFC 4329 . . . . . . . . . . . . . . . 26 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 90 1. Introduction 92 This memo describes media types for the JavaScript and ECMAScript 93 programming languages. Refer to the sections "Introduction" and 94 "Overview" in [ECMA-262] for background information on these 95 languages. This document updates the descriptions and registrations 96 for these media types to reflect existing usage on the Internet. 98 This document replaces the media types registrations in [RFC4329], 99 osboleting that document. 101 1.1. Terminology 103 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 104 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 105 "OPTIONAL" in this document are to be interpreted as described in BCP 106 14 [RFC2119] [RFC8174] when, and only when, they appear in all 107 capitals, as shown here. 109 2. Compatibility 111 This document defines equivalent processing requirements for the 112 types text/javascript, text/ecmascript, and application/javascript. 113 The most widely supported media type in use is text/javascript; all 114 others are considered historical and obsolete compared to text/ 115 javascript. Differences in ECMAScript versions have been better 116 dealt with in the processors. 118 The types defined in this document are applicable to scripts written 119 in [ECMA-262]. This document does not address scripts written in 120 other languages. In particular, future editions of [ECMA-262] and 121 extensions to [ECMA-262] are not directly addressed. 123 This document may be updated to take other content into account. 124 Updates of this document may introduce new optional parameters; 125 implementations MUST consider the impact of such an update. 127 3. Modules 129 In order to formalize support for modular programs, [ECMA-262] 130 (starting with 6th Edition) defines two top-level goal symbols (or 131 roots to the abstract syntax tree) for the ECMAScript grammar: Module 132 and Script. The Script goal represents the original structure where 133 the code executes in the global scope, while the Module goal 134 represents the module system built into ECMAScript starting with 6th 135 Edition. See the section "ECMAScript Language: Scripts and Modules" 136 of [ECMA-262] for details. 138 This separation means that (in the absence of additional information) 139 there are two possible interpretations for any given ECMAScript 140 Source Text. The TC39 standards body for ECMAScript has determined 141 that media types are outside of their scope of work 142 [TC39-MIME-ISSUE]. 144 It is not possible to fully determine if a Source Text of ECMAScript 145 is meant to be parsed in the Module or Script grammar goals based 146 upon content alone. Therefore, scripting environments MUST use out 147 of band information in order to determine what goal a Source Text 148 should be treated as. To this end some scripting environments have 149 chosen to adopt the new file extension of .mjs for this purpose. 151 This document does not define how fragment identifiers in resource 152 identifiers ([RFC3986], [RFC3987]) for documents labeled with one of 153 the media types defined in this document are resolved. An update of 154 this document may define processing of fragment identifiers. 156 4. Encoding 158 Refer to [RFC6265] for a discussion of terminology used in this 159 section. Source text (as defined in [ECMA-262], section "Source 160 Text") can be binary source text. Binary source text is a textual 161 data object that represents source text encoded using a character 162 encoding scheme. A textual data object is a whole text protocol 163 message or a whole text document, or a part of it, that is treated 164 separately for purposes of external storage and retrieval. An 165 implementation's internal representation of source text and source 166 text are not considered binary source text. 168 Implementations need to determine a character encoding scheme in 169 order to decode binary source text to source text. The media types 170 defined in this document allow an optional charset parameter to 171 explicitly specify the character encoding scheme used to encode the 172 source text. 174 How implementations determine the character encoding scheme can be 175 subject to processing rules that are out of the scope of this 176 document. For example, transport protocols can require that a 177 specific character encoding scheme is to be assumed if the optional 178 charset parameter is not specified, or they can require that the 179 charset parameter is used in certain cases. Such requirements are 180 not considered part of this document. 182 Implementations that support binary source text MUST support binary 183 source text encoded using the UTF-8 [RFC3629] character encoding 184 scheme. Module goal sources MUST be encoded as UTF-8, all other 185 encodings will fail. Source goal sources SHOULD be encoded as UTF-8; 186 other character encoding schemes MAY be supported, but are 187 discouraged. 189 4.1. Charset Parameter 191 The charset parameter provides a means to specify the character 192 encoding scheme of binary source text. Its value MUST match the 193 mime-charset production defined in [RFC2978], section 2.3, and SHOULD 194 be a registered charset [CHARSETS]. An illegal value is a value that 195 does not match that production. 197 The charset parameter is only used when processing a Script goal 198 source; Module goal sources MUST always be processed as UTF-8. 200 4.2. Character Encoding Scheme Detection 202 It is possible that implementations cannot interoperably determine a 203 single character encoding scheme simply by complying with all 204 requirements of the applicable specifications. To foster 205 interoperability in such cases, the following algorithm is defined. 206 Implementations apply this algorithm until a single character 207 encoding scheme is determined. 209 1. If the binary source text is not already determined to be a 210 Module goal and starts with a Unicode encoding form signature, 211 the signature determines the encoding. The following octet 212 sequences, at the very beginning of the binary source text, are 213 considered with their corresponding character encoding schemes: 215 +------------------+----------+ 216 | Leading sequence | Encoding | 217 |------------------+----------| 218 | EF BB BF | UTF-8 | 219 | FF FE | UTF-16LE | 220 | FE FF | UTF-16BE | 221 +------------------+----------+ 223 The longest matching octet sequence determines the encoding. 224 Implementations of this step MUST use these octet sequences to 225 determine the character encoding scheme, even if the determined 226 scheme is not supported. If this step determines the character 227 encoding scheme, the octet sequence representing the Unicode 228 encoding form signature MUST be ignored when decoding the binary 229 source text to source text. 231 2. If a charset parameter with a legal and understood value is 232 specified, the value determines the character encoding scheme. 234 3. The character encoding scheme is determined to be UTF-8. 236 If the character encoding scheme is determined to be UTF-8 through 237 any means other than step 1 as defined above and the binary source 238 text starts with the octet sequence EF BB BF, the octet sequence is 239 ignored when decoding the binary source text to source text. (The 240 sequence will also be ignored if step 2 determines the character 241 encoding scheme per the requirements in step 2). 243 4.3. Character Encoding Scheme Error Handling 245 Binary source text that is not properly encoded for the determined 246 character encoding can pose a security risk, as discussed in section 247 5. That said, because of the varied and complex environments scripts 248 are executed in, most of the error handling specifics are left to the 249 processors. The following are broad guidelines that processors 250 follow. 252 If binary source text is determined to have been encoded using a 253 certain character encoding scheme that the implementation is unable 254 to process, implementations can consider the resource unsupported 255 (i.e., do not decode the binary source text using a different 256 character encoding scheme). 258 Binary source text can be determined to have been encoded using a 259 certain character encoding scheme but contain octet sequences that 260 are not legal according to that scheme. Implementations can 261 substitute those illegal sequences with the replacement character 262 U+FFFD (properly encoded for the scheme), or stop processing 263 altogether. 265 5. Security Considerations 267 Refer to [RFC3552] for a discussion of terminology used in this 268 section. Examples in this section and discussions of interactions of 269 host environments with scripts, modules, and extensions to [ECMA-262] 270 are to be understood as non-exhaustive and of a purely illustrative 271 nature. 273 The programming language defined in [ECMA-262] is not intended to be 274 computationally self-sufficient, rather it is expected that the 275 computational environment provides facilities to programs to enable 276 specific functionality. Such facilities constitute unknown factors 277 and are thus considered out of the scope of this document. 279 Derived programming languages are permitted to include additional 280 functionality that is not described in [ECMA-262]; such functionality 281 constitutes an unknown factor and is thus considered out of the scope 282 of this document. In particular, extensions to [ECMA-262] defined 283 for the JavaScript programming language are not discussed in this 284 document. 286 Uncontrolled execution of scripts can be exceedingly dangerous. 287 Implementations that execute scripts MUST give consideration to their 288 application's threat models and those of the individual features they 289 implement; in particular, they MUST ensure that untrusted content is 290 not executed in an unprotected environment. 292 Module scripts in ECMAScript can request the fetching and processing 293 of additional scripts, called importing. Implementations that 294 support modules need to process imported sources in the same way 295 scripts. Further, there may be additional privacy and security 296 concerns depending on the location(s) the original script and its 297 imported modules are obtained from. For instance, a script obtained 298 from "host-a.example" could request to import a script from "host- 299 b.example", which could expose information about the executing 300 environment (e.g., IP address) to "host-b.example". See the section 301 "ECMAScript Language: Scripts and Modules" in [ECMA-262] for details. 303 Specifications for host environment facilities and for derived 304 programming languages should include security considerations. If an 305 implementation supports such facilities, the respective security 306 considerations apply. In particular, if scripts can be referenced 307 from or included in specific document formats, the considerations for 308 the embedding or referencing document format apply. 310 For example, scripts embedded in application/xhtml+xml [RFC3236] 311 documents could be enabled through the host environment to manipulate 312 the document instance, which could cause the retrieval of remote 313 resources; security considerations regarding retrieval of remote 314 resources of the embedding document would apply in this case. 316 This circumstance can further be used to make information, that is 317 normally only available to the script, available to a web server by 318 encoding the information in the resource identifier of the resource, 319 which can further enable eavesdropping attacks. Implementation of 320 such facilities is subject to the security considerations of the host 321 environment, as discussed above. 323 The programming language defined in [ECMA-262] does include 324 facilities to loop, cause computationally complex operations, or 325 consume large amounts of memory; this includes, but is not limited 326 to, facilities that allow dynamically generated source text to be 327 executed (e.g., the eval() function); uncontrolled execution of such 328 features can cause denial of service, which implementations MUST 329 protect against. 331 With the addition of SharedArrayBuffer objects in ECMAScript version 332 8, it could be possible to implement a high-resolution timer which 333 could lead to certain types of timin`g and side-channel attacks 334 (e.g., [SPECTRE]). Implementations can take steps to mitigate this 335 concern, such as disabling or removing support for SharedArrayBuffer 336 objects, or take additional steps to ensure access to this shared 337 memory is only accessible between execution contexts that have some 338 form of mutual trust. 340 A host environment can provide facilities to access external input. 341 Scripts that pass such input to the eval() function or similar 342 language features can be vulnerable to code injection attacks. 343 Scripts are expected to protect against such attacks. 345 A host environment can provide facilities to output computed results 346 in a user-visible manner. For example, host environments supporting 347 a graphical user interface can provide facilities that enable scripts 348 to present certain messages to the user. Implementations MUST take 349 steps to avoid confusion of the origin of such messages. In general, 350 the security considerations for the host environment apply in such a 351 case as discussed above. 353 Implementations are required to support the UTF-8 character encoding 354 scheme; the security considerations of [RFC3629] apply. Additional 355 character encoding schemes may be supported; support for such schemes 356 is subject to the security considerations of those schemes. 358 Source text is expected to be in Unicode Normalization Form C. 359 Scripts and implementations MUST consider security implications of 360 unnormalized source text and data. For a detailed discussion of such 361 implications refer to the security considerations in [RFC3629]. 363 Scripts can be executed in an environment that is vulnerable to code 364 injection attacks. For example, a CGI script [RFC3875] echoing user 365 input could allow the inclusion of untrusted scripts that could be 366 executed in an otherwise trusted environment. This threat scenario 367 is subject to security considerations that are out of the scope of 368 this document. 370 The "data" resource identifier scheme [RFC2397], in combination with 371 the types defined in this document, could be used to cause execution 372 of untrusted scripts through the inclusion of untrusted resource 373 identifiers in otherwise trusted content. Security considerations of 374 [RFC2397] apply. 376 Implementations can fail to implement a specific security model or 377 other means to prevent possibly dangerous operations. Such failure 378 could possibly be exploited to gain unauthorized access to a system 379 or sensitive information; such failure constitutes an unknown factor 380 and is thus considered out of the scope of this document. 382 6. IANA Considerations 384 The media type registrations herein are divided into two major 385 categories: the sole media type "text/javascript" which is now in 386 common usage, and all of the media types that are obsolete. 388 For both categories, The ECMAScript media types are to be updated to 389 point to a non-vendor specific standard undated specification of 390 ECMAScript. In addition, a new file extension of .mjs is to be added 391 to the list of file extensions with the restriction that it must 392 correspond to the Module grammar of [ECMA-262]. Finally, the [HTML] 393 specification uses "text/javascript" as the default media type of 394 ECMAScript when preparing script tags; therefore, "text/javascript" 395 intended usage is to be moved from OBSOLETE to COMMON. 397 6.1. Common Javascript Media Types 399 6.1.1. text/javascript 401 Type name: text 403 Subtype name: javascript 405 Required parameters: N/A 407 Optional parameters: charset, see section 4.1 of [this document]. 409 Encoding considerations: Binary 411 Security considerations: See section 5 of [this document].. 413 Interoperability considerations: See various sections of [this 414 document]. 416 Published specification: [this document] 418 Applications which use this media type: Script interpreters as 419 discussed in [this document]. 421 Additional information: 423 Magic number(s): n/a 425 File extension(s): .js, .mjs 427 Macintosh File Type Code(s): TEXT 429 Person & email address to contact for further information: See 430 Author's Address section of [this document]. 432 Intended usage: COMMON 434 Restrictions on usage: The .mjs file extension signals that the file 435 represents a JavaScript module. Execution environments that rely 436 on file extensions to determine how to process inputs parse .mjs 437 files using the Module grammar of [ECMA-262]. 439 Author: See Author's Address section of [this document]. 441 Change controller: IESG 443 6.2. Historic Javascript Media Types 445 The following media types are added or updated for historical 446 purposes. All herein have an intended usage of OBSOLETE, and are not 447 expected to be in use with modern implementations. 449 6.2.1. application/ecmascript 451 Type name: application 453 Subtype name: ecmascript 455 Required parameters: N/A 457 Optional parameters: charset, see section 4.1 of [this document]. 459 Encoding considerations: Binary 461 Security considerations: See section 5 of [this document].. 463 Interoperability considerations: See various sections of [this 464 document]. 466 Published specification: [this document] 468 Applications which use this media type: Script interpreters as 469 discussed in [this document]. 471 Additional information: 473 Magic number(s): n/a 475 File extension(s): .es, .mjs 476 Macintosh File Type Code(s): TEXT 478 Person & email address to contact for further information: See 479 Author's Address section of [this document]. 481 Intended usage: OBSOLETE 483 Restrictions on usage: This media type is obsolete; current 484 implementations should use text/javascript as the only JavaScript/ 485 ECMAScript media type. The .mjs file extension signals that the 486 file represents a JavaScript module. Execution environments that 487 rely on file extensions to determine how to process inputs parse 488 .mjs files using the Module grammar of [ECMA-262]. 490 Author: See Author's Address section of [this document]. 492 Change controller: IESG 494 6.2.2. application/javascript 496 Type name: application 498 Subtype name: javascript 500 Required parameters: N/A 502 Optional parameters: charset, see section 4.1 of [this document]. 504 Encoding considerations: Binary 506 Security considerations: See section 5 of [this document].. 508 Interoperability considerations: charset, see section 4.1 of [this 509 document]. 511 Published specification: [this document] 513 Applications which use this media type: Script interpreters as 514 discussed in [this document]. 516 Additional information: 518 Magic number(s): n/a 520 File extension(s): .js, .mjs 522 Macintosh File Type Code(s): TEXT 524 Person & email address to contact for further information: See 525 Author's Address section of [this document]. 527 Intended usage: OBSOLETE 529 Restrictions on usage: This media type is obsolete; current 530 implementations should use text/javascript as the only JavaScript/ 531 ECMAScript media type. The .mjs file extension signals that the 532 file represents a JavaScript module. Execution environments that 533 rely on file extensions to determine how to process inputs parse 534 .mjs files using the Module grammar of [ECMA-262]. 536 Author: See Author's Address section of [this document]. 538 Change controller: IESG . 540 6.2.3. application/x-ecmascript 542 Type name: application 544 Subtype name: x-ecmascript 546 Required parameters: N/A 548 Optional parameters: : charset, see section 4.1 of [this document]. 550 Encoding considerations: Binary 552 Security considerations: See section 5 of [this document].. 554 Interoperability considerations: See various sections of [this 555 document]. 557 Published specification: [this document] 559 Applications which use this media type: Script interpreters as 560 discussed in [this document]. 562 Additional information: 564 Magic number(s): n/a 566 File extension(s): .es, .mjs 568 Macintosh File Type Code(s): TEXT 570 Person & email address to contact for further information: See 571 Author's Address section of [this document]. 573 Intended usage: OBSOLETE 575 Restrictions on usage: This media type is obsolete; current 576 implementations should use text/javascript as the only JavaScript/ 577 ECMAScript media type. The .mjs file extension signals that the 578 file represents a JavaScript module. Execution environments that 579 rely on file extensions to determine how to process inputs parse 580 .mjs files using the Module grammar of [ECMA-262]. 582 Author: See Author's Address section of [this document]. 584 Change controller: IESG 586 6.2.4. application/x-javascript 588 Type name: application 590 Subtype name: x-javascript 592 Required parameters: N/A 594 Optional parameters: : charset, see section 4.1 of [this document]. 596 Encoding considerations: Binary 598 Security considerations: See section 5 of [this document].. 600 Interoperability considerations: See various sections of [this 601 document]. 603 Published specification: [this document] 605 Applications which use this media type: Script interpreters as 606 discussed in [this document]. 608 Additional information: 610 Magic number(s): n/a 612 File extension(s): .js, .mjs 614 Macintosh File Type Code(s): TEXT 616 Person & email address to contact for further information: See 617 Author's Address section of [this document]. 619 Intended usage: OBSOLETE 620 Restrictions on usage: This media type is obsolete; current 621 implementations should use text/javascript as the only JavaScript/ 622 ECMAScript media type. The .mjs file extension signals that the 623 file represents a JavaScript module. Execution environments that 624 rely on file extensions to determine how to process inputs parse 625 .mjs files using the Module grammar of [ECMA-262]. 627 Author: See Author's Address section of [this document]. 629 Change controller: IESG 631 6.2.5. text/ecmascript 633 Type name: text 635 Subtype name: ecmascript 637 Required parameters: N/A 639 Optional parameters: : charset, see section 4.1 of [this document]. 641 Encoding considerations: Binary 643 Security considerations: See section 5 of [this document].. 645 Interoperability considerations: See various sections of [this 646 document]. 648 Published specification: [this document] 650 Applications which use this media type: Script interpreters as 651 discussed in [this document]. 653 Additional information: 655 Magic number(s): n/a 657 File extension(s): .es, .mjs 659 Macintosh File Type Code(s): TEXT 661 Person & email address to contact for further information: See 662 Author's Address section of [this document]. 664 Intended usage: OBSOLETE 666 Restrictions on usage: This media type is obsolete; current 667 implementations should use text/javascript as the only JavaScript/ 668 ECMAScript media type. The .mjs file extension signals that the 669 file represents a JavaScript module. Execution environments that 670 rely on file extensions to determine how to process inputs parse 671 .mjs files using the Module grammar of [ECMA-262]. 673 Author: See Author's Address section of [this document]. 675 Change controller: IESG 677 6.2.6. text/javascript1.0 679 Type name: text 681 Subtype name: javascript1.0 683 Required parameters: N/A 685 Optional parameters: : charset, see section 4.1 of [this document]. 687 Encoding considerations: Binary 689 Security considerations: See section 5 of [this document].. 691 Interoperability considerations: See various sections of [this 692 document]. 694 Published specification: [this document] 696 Applications which use this media type: Script interpreters as 697 discussed in [this document]. 699 Additional information: 701 Magic number(s): n/a 703 File extension(s): .js, .mjs 705 Macintosh File Type Code(s): TEXT 707 Person & email address to contact for further information: See 708 Author's Address section of [this document]. 710 Intended usage: OBSOLETE 712 Restrictions on usage: This media type is obsolete; current 713 implementations should use text/javascript as the only JavaScript/ 714 ECMAScript media type. The .mjs file extension signals that the 715 file represents a JavaScript module. Execution environments that 716 rely on file extensions to determine how to process inputs parse 717 .mjs files using the Module grammar of [ECMA-262]. 719 Author: See Author's Address section of [this document]. 721 Change controller: IESG 723 6.2.7. text/javascript1.1 725 Type name: text 727 Subtype name: javascript1.1 729 Required parameters: N/A 731 Optional parameters: : charset, see section 4.1 of [this document]. 733 Encoding considerations: Binary 735 Security considerations: See section 5 of [this document].. 737 Interoperability considerations: See various sections of [this 738 document]. 740 Published specification: [this document] 742 Applications which use this media type: Script interpreters as 743 discussed in [this document]. 745 Additional information: 747 Magic number(s): n/a 749 File extension(s): .js, .mjs 751 Macintosh File Type Code(s): TEXT 753 Person & email address to contact for further information: See 754 Author's Address section of [this document]. 756 Intended usage: OBSOLETE 758 Restrictions on usage: This media type is obsolete; current 759 implementations should use text/javascript as the only JavaScript/ 760 ECMAScript media type. The .mjs file extension signals that the 761 file represents a JavaScript module. Execution environments that 762 rely on file extensions to determine how to process inputs parse 763 .mjs files using the Module grammar of [ECMA-262]. 765 Author: See Author's Address section of [this document]. 767 Change controller: IESG 769 6.2.8. text/javascript1.2 771 Type name: text 773 Subtype name: javascript1.2 775 Required parameters: N/A 777 Optional parameters: : charset, see section 4.1 of [this document]. 779 Encoding considerations: Binary 781 Security considerations: See section 5 of [this document].. 783 Interoperability considerations: See various sections of [this 784 document]. 786 Published specification: [this document] 788 Applications which use this media type: Script interpreters as 789 discussed in [this document]. 791 Additional information: 793 Magic number(s): n/a 795 File extension(s): .js, .mjs 797 Macintosh File Type Code(s): TEXT 799 Person & email address to contact for further information: See 800 Author's Address section of [this document]. 802 Intended usage: OBSOLETE 804 Restrictions on usage: This media type is obsolete; current 805 implementations should use text/javascript as the only JavaScript/ 806 ECMAScript media type. The .mjs file extension signals that the 807 file represents a JavaScript module. Execution environments that 808 rely on file extensions to determine how to process inputs parse 809 .mjs files using the Module grammar of [ECMA-262]. 811 Author: See Author's Address section of [this document]. 813 Change controller: IESG 815 6.2.9. text/javascript1.3 817 Type name: text 819 Subtype name: javascript1.3 821 Required parameters: N/A 823 Optional parameters: : charset, see section 4.1 of [this document]. 825 Encoding considerations: Binary 827 Security considerations: See section 5 of [this document].. 829 Interoperability considerations: See various sections of [this 830 document]. 832 Published specification: [this document] 834 Applications which use this media type: Script interpreters as 835 discussed in [this document]. 837 Additional information: 839 Magic number(s): n/a 841 File extension(s): .js, .mjs 843 Macintosh File Type Code(s): TEXT 845 Person & email address to contact for further information: See 846 Author's Address section of [this document]. 848 Intended usage: OBSOLETE 850 Restrictions on usage: This media type is obsolete; current 851 implementations should use text/javascript as the only JavaScript/ 852 ECMAScript media type. The .mjs file extension signals that the 853 file represents a JavaScript module. Execution environments that 854 rely on file extensions to determine how to process inputs parse 855 .mjs files using the Module grammar of [ECMA-262]. 857 Author: See Author's Address section of [this document]. 859 Change controller: IESG 861 6.2.10. text/javascript1.4 863 Type name: text 865 Subtype name: javascript1.4 867 Required parameters: N/A 869 Optional parameters: : charset, see section 4.1 of [this document]. 871 Encoding considerations: Binary 873 Security considerations: See section 5 of [this document].. 875 Interoperability considerations: See various sections of [this 876 document]. 878 Published specification: [this document] 880 Applications which use this media type: Script interpreters as 881 discussed in [this document]. 883 Additional information: 885 Magic number(s): n/a 887 File extension(s): .js, .mjs 889 Macintosh File Type Code(s): TEXT 891 Person & email address to contact for further information: See 892 Author's Address section of [this document]. 894 Intended usage: OBSOLETE 896 Restrictions on usage: This media type is obsolete; current 897 implementations should use text/javascript as the only JavaScript/ 898 ECMAScript media type. The .mjs file extension signals that the 899 file represents a JavaScript module. Execution environments that 900 rely on file extensions to determine how to process inputs parse 901 .mjs files using the Module grammar of [ECMA-262]. 903 Author: See Author's Address section of [this document]. 905 Change controller: IESG 907 6.2.11. text/javascript1.5 909 Type name: text 911 Subtype name: javascript1.5 913 Required parameters: N/A 915 Optional parameters: : charset, see section 4.1 of [this document]. 917 Encoding considerations: Binary 919 Security considerations: See section 5 of [this document].. 921 Interoperability considerations: See various sections of [this 922 document]. 924 Published specification: [this document] 926 Applications which use this media type: Script interpreters as 927 discussed in [this document]. 929 Additional information: 931 Magic number(s): n/a 933 File extension(s): .js, .mjs 935 Macintosh File Type Code(s): TEXT 937 Person & email address to contact for further information: See 938 Author's Address section of [this document]. 940 Intended usage: OBSOLETE 942 Restrictions on usage: This media type is obsolete; current 943 implementations should use text/javascript as the only JavaScript/ 944 ECMAScript media type. The .mjs file extension signals that the 945 file represents a JavaScript module. Execution environments that 946 rely on file extensions to determine how to process inputs parse 947 .mjs files using the Module grammar of [ECMA-262]. 949 Author: See Author's Address section of [this document]. 951 Change controller: IESG 953 6.2.12. text/jscript 955 Type name: text 957 Subtype name: jscript 959 Required parameters: N/A 961 Optional parameters: : charset, see section 4.1 of [this document]. 963 Encoding considerations: Binary 965 Security considerations: See section 5 of [this document].. 967 Interoperability considerations: See various sections of [this 968 document]. 970 Published specification: [this document] 972 Applications which use this media type: Script interpreters as 973 discussed in [this document]. 975 Additional information: 977 Magic number(s): n/a 979 File extension(s): .js, .mjs 981 Macintosh File Type Code(s): TEXT 983 Person & email address to contact for further information: See 984 Author's Address section of [this document]. 986 Intended usage: OBSOLETE 988 Restrictions on usage: The .mjs file extension signals that the file 989 represents a JavaScript module. Execution environments that rely 990 on file extensions to determine how to process inputs parse .mjs 991 files using the Module grammar of [ECMA-262]. 993 Author: See Author's Address section of [this document]. 995 Change controller: IESG 997 6.2.13. text/livescript 999 Type name: text 1001 Subtype name: livescript 1003 Required parameters: N/A 1005 Optional parameters: : charset, see section 4.1 of [this document]. 1007 Encoding considerations: Binary 1009 Security considerations: See section 5 of [this document].. 1011 Interoperability considerations: See various sections of [this 1012 document]. 1014 Published specification: [this document] 1016 Applications which use this media type: Script interpreters as 1017 discussed in [this document]. 1019 Additional information: 1021 Magic number(s): n/a 1023 File extension(s): .js, .mjs 1025 Macintosh File Type Code(s): TEXT 1027 Person & email address to contact for further information: See 1028 Author's Address section of [this document]. 1030 Intended usage: OBSOLETE 1032 Restrictions on usage: The .mjs file extension signals that the file 1033 represents a JavaScript module. Execution environments that rely 1034 on file extensions to determine how to process inputs parse .mjs 1035 files using the Module grammar of [ECMA-262]. 1037 Author: See Author's Address section of [this document]. 1039 Change controller: IESG 1041 6.2.14. text/x-ecmascript 1043 Type name: text 1045 Subtype name: x-ecmascript 1047 Required parameters: N/A 1049 Optional parameters: : charset, see section 4.1 of [this document]. 1051 Encoding considerations: Binary 1053 Security considerations: See section 5 of [this document].. 1055 Interoperability considerations: See various sections of [this 1056 document]. 1058 Published specification: [this document] 1060 Applications which use this media type: Script interpreters as 1061 discussed in [this document]. 1063 Additional information: 1065 Magic number(s): n/a 1067 File extension(s): .es, .mjs 1069 Macintosh File Type Code(s): TEXT 1071 Person & email address to contact for further information: See 1072 Author's Address section of [this document]. 1074 Intended usage: OBSOLETE 1076 Restrictions on usage: The .mjs file extension signals that the file 1077 represents a JavaScript module. Execution environments that rely 1078 on file extensions to determine how to process inputs parse .mjs 1079 files using the Module grammar of [ECMA-262]. 1081 Author: See Author's Address section of [this document]. 1083 Change controller: IESG 1085 6.2.15. text/x-javascript 1087 Type name: text 1089 Subtype name: x-javascript 1091 Required parameters: N/A 1093 Optional parameters: : charset, see section 4.1 of [this document]. 1095 Encoding considerations: Binary 1097 Security considerations: See section 5 of [this document].. 1099 Interoperability considerations: See various sections of [this 1100 document]. 1102 Published specification: [this document] 1104 Applications which use this media type: Script interpreters as 1105 discussed in [this document]. 1107 Additional information: 1109 Magic number(s): n/a 1111 File extension(s): .js, .mjs 1113 Macintosh File Type Code(s): TEXT 1115 Person & email address to contact for further information: See 1116 Author's Address section of [this document]. 1118 Intended usage: OBSOLETE 1120 Restrictions on usage: The .mjs file extension signals that the file 1121 represents a JavaScript module. Execution environments that rely 1122 on file extensions to determine how to process inputs parse .mjs 1123 files using the Module grammar of [ECMA-262]. 1125 Author: See Author's Address section of [this document]. 1127 Change controller: IESG 1129 7. References 1131 7.1. Normative References 1133 [CHARSETS] 1134 IANA, "Assigned character sets", n.d., 1135 . 1137 [ECMA-262] 1138 Ecma International, "Standard ECMA-262: ECMAScript 1139 Language Specification", June 2019, . 1142 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1143 Requirement Levels", BCP 14, RFC 2119, 1144 DOI 10.17487/RFC2119, March 1997, 1145 . 1147 [RFC2397] Masinter, L., "The "data" URL scheme", RFC 2397, 1148 DOI 10.17487/RFC2397, August 1998, 1149 . 1151 [RFC2978] Freed, N. and J. Postel, "IANA Charset Registration 1152 Procedures", BCP 19, RFC 2978, DOI 10.17487/RFC2978, 1153 October 2000, . 1155 [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC 1156 Text on Security Considerations", BCP 72, RFC 3552, 1157 DOI 10.17487/RFC3552, July 2003, 1158 . 1160 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 1161 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 1162 2003, . 1164 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 1165 Resource Identifier (URI): Generic Syntax", STD 66, 1166 RFC 3986, DOI 10.17487/RFC3986, January 2005, 1167 . 1169 [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource 1170 Identifiers (IRIs)", RFC 3987, DOI 10.17487/RFC3987, 1171 January 2005, . 1173 [RFC4329] Hoehrmann, B., "Scripting Media Types", RFC 4329, 1174 DOI 10.17487/RFC4329, April 2006, 1175 . 1177 [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, 1178 DOI 10.17487/RFC6265, April 2011, 1179 . 1181 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1182 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1183 May 2017, . 1185 7.2. Informative References 1187 [HTML] WHATWG, "HTML Living Standard", August 2017, 1188 . 1191 [RFC3236] Baker, M. and P. Stark, "The 'application/xhtml+xml' Media 1192 Type", RFC 3236, DOI 10.17487/RFC3236, January 2002, 1193 . 1195 [RFC3875] Robinson, D. and K. Coar, "The Common Gateway Interface 1196 (CGI) Version 1.1", RFC 3875, DOI 10.17487/RFC3875, 1197 October 2004, . 1199 [SPECTRE] Kocher, P., Fogh, A., Gerkin, D., Gruss, D., Haas, W., 1200 Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, 1201 M., and Y. Yarom, "Spectre Attacks: Exploiting Speculative 1202 Execution", January 2018, 1203 . 1205 [TC39-MIME-ISSUE] 1206 TC39, "Add `application/javascript+module` mime to remove 1207 ambiguity", August 2017, . 1210 Appendix A. Acknowledgements 1212 This work builds upon its antecedent document, authored by Bjoern 1213 Hoehrmann. The authors would like to thank Adam Roach, Anna van 1214 Kesteren, Allen Wirfs-Brock, Alexey Melnikov, James Snell, Mark 1215 Nottingham, Murray Kucherawy, and Suresh Krishnan for their guidance 1216 and feedback throughout this process. 1218 Appendix B. Changes from RFC 4329 1220 o Added a section discussing ECMAscript modules and the impact on 1221 processing. 1223 o Updated the Security Considerations to discuss concerns associated 1224 with ECMAscript modules and SharedArrayBuffers. 1226 o Updated the character encoding scheme detection to remove 1227 normative guidance on its use, to better reflect operational 1228 reality. 1230 o Changed the intended usage of the media type text/javascript from 1231 obsolete to common. 1233 o Changed the intended usage for all other script media types to 1234 obsolete. 1236 o Updated various references where the original has been osboleted 1238 o Updated references to ECMA-262 to match the version at time of 1239 publication. 1241 Authors' Addresses 1243 Matthew A. Miller 1244 Mozilla 1246 Email: linuxwolf+ietf@outer-planes.net 1248 Myles Borins 1249 Google 1251 Email: mylesborins@google.com 1253 Mathias Bynens 1254 Google 1256 Email: mths@google.com 1258 Bradley Farias 1260 Email: bradley.meck@gmail.com