idnits 2.17.1 draft-ietf-dispatch-javascript-mjs-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (12 October 2021) is 927 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 4329 (Obsoleted by RFC 9239) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DISPATCH M. Miller 3 Internet-Draft 4 Obsoletes: 4329 (if approved) M. Borins 5 Intended status: Informational GitHub 6 Expires: 15 April 2022 M. Bynens 7 Google 8 B. Farias 9 12 October 2021 11 ECMAScript Media Types Updates 12 draft-ietf-dispatch-javascript-mjs-10 14 Abstract 16 This document describes the registration of media types for the 17 ECMAScript and JavaScript programming languages and conformance 18 requirements for implementations of these types. This document 19 obsoletes RFC4329, "Scripting Media Types", replacing the previous 20 registrations for "text/javascript" and "application/javascript" with 21 information and requirements aligned with implementation experiences. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on 15 April 2022. 40 Copyright Notice 42 Copyright (c) 2021 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 47 license-info) in effect on the date of publication of this document. 48 Please review these documents carefully, as they describe your rights 49 and restrictions with respect to this document. Code Components 50 extracted from this document must include Simplified BSD License text 51 as described in Section 4.e of the Trust Legal Provisions and are 52 provided without warranty as described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 57 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 60 4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . 4 61 4.1. Charset Parameter . . . . . . . . . . . . . . . . . . . . 5 62 4.2. Character Encoding Scheme Detection . . . . . . . . . . . 5 63 4.3. Character Encoding Scheme Error Handling . . . . . . . . 6 64 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 65 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 66 6.1. Common JavaScript Media Types . . . . . . . . . . . . . . 10 67 6.1.1. text/javascript . . . . . . . . . . . . . . . . . . . 10 68 6.2. Historic Javascript Media Types . . . . . . . . . . . . . 11 69 6.2.1. application/ecmascript . . . . . . . . . . . . . . . 11 70 6.2.2. application/javascript . . . . . . . . . . . . . . . 12 71 6.2.3. application/x-ecmascript . . . . . . . . . . . . . . 13 72 6.2.4. application/x-javascript . . . . . . . . . . . . . . 14 73 6.2.5. text/ecmascript . . . . . . . . . . . . . . . . . . . 15 74 6.2.6. text/javascript1.0 . . . . . . . . . . . . . . . . . 16 75 6.2.7. text/javascript1.1 . . . . . . . . . . . . . . . . . 17 76 6.2.8. text/javascript1.2 . . . . . . . . . . . . . . . . . 18 77 6.2.9. text/javascript1.3 . . . . . . . . . . . . . . . . . 19 78 6.2.10. text/javascript1.4 . . . . . . . . . . . . . . . . . 20 79 6.2.11. text/javascript1.5 . . . . . . . . . . . . . . . . . 21 80 6.2.12. text/jscript . . . . . . . . . . . . . . . . . . . . 22 81 6.2.13. text/livescript . . . . . . . . . . . . . . . . . . . 23 82 6.2.14. text/x-ecmascript . . . . . . . . . . . . . . . . . . 23 83 6.2.15. text/x-javascript . . . . . . . . . . . . . . . . . . 24 84 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 25 85 7.1. Normative References . . . . . . . . . . . . . . . . . . 25 86 7.2. Informative References . . . . . . . . . . . . . . . . . 26 87 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 27 88 Appendix B. Changes from RFC 4329 . . . . . . . . . . . . . . . 27 89 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28 91 1. Introduction 93 This memo describes media types for the JavaScript and ECMAScript 94 programming languages. Refer to the sections "Introduction" and 95 "Overview" in [ECMA-262] for background information on these 96 languages. This document updates the descriptions and registrations 97 for these media types to reflect existing usage on the Internet, and 98 provides up-to-date security considerations. 100 This document replaces the media types registrations in [RFC4329], 101 and updates the requirements for implementations using those media 102 types defined in [RFC4329] based on current existing practices. As a 103 consequence, this document obsoletes [RFC4329]. 105 1.1. Terminology 107 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 108 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 109 "OPTIONAL" in this document are to be interpreted as described in BCP 110 14 [RFC2119] [RFC8174] when, and only when, they appear in all 111 capitals, as shown here. 113 2. Compatibility 115 This document defines equivalent processing requirements for the 116 types text/javascript, text/ecmascript, and application/javascript. 117 The most widely supported media type in use is text/javascript; all 118 others are considered historical and obsolete compared to text/ 119 javascript. 121 The types defined in this document are applicable to scripts written 122 in [ECMA-262]. Later editions of [ECMA-262] are not directly 123 addressed, although it is expected that implementations will behave 124 as if applicability were extended to them. This document does not 125 address other extensions to [ECMA-262] or scripts written in other 126 languages. 128 This document may be updated to take other content into account. 129 Updates of this document may introduce new optional parameters; 130 implementations MUST consider the impact of such an update. 132 The definitions in this document reflect the current state of 133 implementation across the JavaScript ecosystem, in web browsers and 134 other environments such as Node.js alike, in order to guarantee 135 backwards compatibility with existing applications as much as 136 possible. 138 3. Modules 140 In order to formalize support for modular programs, [ECMA-262] 141 (starting with 6th Edition) defines two top-level goal symbols (or 142 roots to the abstract syntax tree) for the ECMAScript grammar: Module 143 and Script. The Script goal represents the original structure where 144 the code executes in the global scope, while the Module goal 145 represents the module system built into ECMAScript starting with 6th 146 Edition. See the section "ECMAScript Language: Scripts and Modules" 147 of [ECMA-262] for details. 149 This separation means that (in the absence of additional information) 150 there are two possible interpretations for any given ECMAScript 151 source text. The TC39 standards body for ECMAScript has determined 152 that media types are outside of their scope of work 153 [TC39-MIME-ISSUE]. 155 It is not possible to fully determine if a source text of ECMAScript 156 is meant to be parsed using the Module or Script grammar goals based 157 upon content alone. Therefore, scripting environments use out of 158 band information in order to determine what goal should be used. 159 Some scripting environments have chosen to adopt the file extension 160 of .mjs for this purpose. 162 This document does not define how fragment identifiers in resource 163 identifiers ([RFC3986], [RFC3987]) for documents labeled with one of 164 the media types defined in this document are resolved. An update of 165 this document may define processing of fragment identifiers. 167 4. Encoding 169 Refer to [RFC6365] for a discussion of terminology used in this 170 section. Source text (as defined in [ECMA-262], section "Source 171 Text") can be binary source text. Binary source text is a textual 172 data object that represents source text encoded using a character 173 encoding scheme. A textual data object is a whole text protocol 174 message or a whole text document, or a part of it, that is treated 175 separately for purposes of external storage and retrieval. An 176 implementation's internal representation of source text is not 177 considered binary source text. 179 Implementations need to determine a character encoding scheme in 180 order to decode binary source text to source text. The media types 181 defined in this document allow an optional charset parameter to 182 explicitly specify the character encoding scheme used to encode the 183 source text. 185 How implementations determine the character encoding scheme can be 186 subject to processing rules that are out of the scope of this 187 document. For example, transport protocols can require that a 188 specific character encoding scheme is to be assumed if the optional 189 charset parameter is not specified, or they can require that the 190 charset parameter is used in certain cases. Such requirements are 191 not considered part of this document. 193 Implementations that support binary source text MUST support binary 194 source text encoded using the UTF-8 [RFC3629] character encoding 195 scheme. Module goal sources MUST be encoded as UTF-8, all other 196 encodings will fail. Source goal sources SHOULD be encoded as UTF-8; 197 other character encoding schemes MAY be supported, but are 198 discouraged. Whether U+FEFF is processed as a Byte Order Mark (BOM) 199 signature or not depends on the host environment, and is not 200 considered part of this document. 202 4.1. Charset Parameter 204 The charset parameter provides a means to specify the character 205 encoding scheme of binary source text. Its value SHOULD be a 206 registered charset [CHARSETS], and is considered valid if it matches 207 the mime-charset production defined in [RFC2978], section 2.3. 209 The charset parameter is only used when processing a Script goal 210 source; Module goal sources MUST always be processed as UTF-8. 212 4.2. Character Encoding Scheme Detection 214 It is possible that implementations cannot interoperably determine a 215 single character encoding scheme simply by complying with all 216 requirements of the applicable specifications. To foster 217 interoperability in such cases, the following algorithm is defined. 218 Implementations apply this algorithm until a single character 219 encoding scheme is determined. 221 1. If the binary source text is not already determined to be using a 222 Module goal and starts with a Unicode encoding form signature, 223 the signature determines the encoding. The following octet 224 sequences, at the very beginning of the binary source text, are 225 considered with their corresponding character encoding schemes: 227 +------------------+----------+ 228 | Leading sequence | Encoding | 229 |------------------+----------| 230 | EF BB BF | UTF-8 | 231 | FF FE | UTF-16LE | 232 | FE FF | UTF-16BE | 233 +------------------+----------+ 235 Implementations of this step MUST use these octet sequences to 236 determine the character encoding scheme, even if the determined 237 scheme is not supported. If this step determines the character 238 encoding scheme, the octet sequence representing the Unicode 239 encoding form signature MUST be ignored when decoding the binary 240 source text. 242 2. If a charset parameter is specified and its value is valid and 243 supported by the implementation, the value determines the 244 character encoding scheme. 246 3. If no other character encoding scheme is determined from the 247 previous steps, it is assumed to be UTF-8. 249 If the character encoding scheme is determined to be UTF-8 through 250 any means other than step 1 as defined above and the binary source 251 text starts with the octet sequence EF BB BF, the octet sequence is 252 ignored when decoding the binary source text. 254 4.3. Character Encoding Scheme Error Handling 256 Binary source text that is not properly encoded for the determined 257 character encoding can pose a security risk, as discussed in section 258 5. That said, because of the varied and complex environments scripts 259 are executed in, most of the error handling specifics are left to the 260 processors. The following are broad guidelines that processors 261 follow. 263 If binary source text is determined to have been encoded using a 264 certain character encoding scheme that the implementation is unable 265 to process, implementations can consider the resource unsupported 266 (i.e., do not decode the binary source text using a different 267 character encoding scheme). 269 Binary source text can be determined to have been encoded using a 270 certain character encoding scheme but contain octet sequences that 271 are not valid according to that scheme. Implementations can 272 substitute those invalid sequences with the replacement character 273 U+FFFD (properly encoded for the scheme), or stop processing 274 altogether. 276 5. Security Considerations 278 Refer to [RFC3552] for a discussion of terminology used in this 279 section. Examples in this section and discussions of interactions of 280 host environments with scripts, modules, and extensions to [ECMA-262] 281 are to be understood as non-exhaustive and of a purely illustrative 282 nature. 284 The programming language defined in [ECMA-262] is not intended to be 285 computationally self-sufficient, rather it is expected that the 286 computational environment provides facilities to programs to enable 287 specific functionality. Such facilities constitute unknown factors 288 and are thus considered out of the scope of this document. 290 Derived programming languages are permitted to include additional 291 functionality that is not described in [ECMA-262]; such functionality 292 constitutes an unknown factor and is thus considered out of the scope 293 of this document. In particular, extensions to [ECMA-262] defined 294 for the JavaScript programming language are not discussed in this 295 document. 297 Uncontrolled execution of scripts can be exceedingly dangerous. 298 Implementations that execute scripts MUST give consideration to their 299 application's threat models and those of the individual features they 300 implement; in particular, they MUST ensure that untrusted content is 301 not executed in an unprotected environment. 303 Module scripts in ECMAScript can request the fetching and processing 304 of additional scripts, called importing. Implementations that 305 support modules need to process imported sources in the same way as 306 scripts. Further, there may be additional privacy and security 307 concerns depending on the location(s) the original script and its 308 imported modules are obtained from. For instance, a script obtained 309 from "host-a.example" could request to import a script from "host- 310 b.example", which could expose information about the executing 311 environment (e.g., IP address) to "host-b.example". See the section 312 "ECMAScript Language: Scripts and Modules" in [ECMA-262] for details. 314 Specifications for host environment facilities and for derived 315 programming languages should include security considerations. If an 316 implementation supports such facilities, the respective security 317 considerations apply. In particular, if scripts can be referenced 318 from or included in specific document formats, the considerations for 319 the embedding or referencing document format apply. 321 For example, scripts embedded in application/xhtml+xml [RFC3236] 322 documents could be enabled through the host environment to manipulate 323 the document instance, which could cause the retrieval of remote 324 resources; security considerations regarding retrieval of remote 325 resources of the embedding document would apply in this case. 327 This circumstance can further be used to make information, that is 328 normally only available to the script, available to a web server by 329 encoding the information in the resource identifier of the resource, 330 which can further enable eavesdropping attacks. Implementation of 331 such facilities is subject to the security considerations of the host 332 environment, as discussed above. 334 The programming language defined in [ECMA-262] does include 335 facilities to loop, cause computationally complex operations, or 336 consume large amounts of memory; this includes, but is not limited 337 to, facilities that allow dynamically generated source text to be 338 executed (e.g., the eval() function); uncontrolled execution of such 339 features can cause denial of service, which implementations MUST 340 protect against. 342 With the addition of SharedArrayBuffer objects in ECMAScript version 343 8, it could be possible to implement a high-resolution timer which 344 could lead to certain types of timin`g and side-channel attacks 345 (e.g., [SPECTRE]). Implementations can take steps to mitigate this 346 concern, such as disabling or removing support for SharedArrayBuffer 347 objects, or take additional steps to ensure access to this shared 348 memory is only accessible between execution contexts that have some 349 form of mutual trust. 351 A host environment can provide facilities to access external input. 352 Scripts that pass such input to the eval() function or similar 353 language features can be vulnerable to code injection attacks. 354 Scripts are expected to protect against such attacks. 356 A host environment can provide facilities to output computed results 357 in a user-visible manner. For example, host environments supporting 358 a graphical user interface can provide facilities that enable scripts 359 to present certain messages to the user. Implementations MUST take 360 steps to avoid confusion of the origin of such messages. In general, 361 the security considerations for the host environment apply in such a 362 case as discussed above. 364 Implementations are required to support the UTF-8 character encoding 365 scheme; the security considerations of [RFC3629] apply. Additional 366 character encoding schemes may be supported; support for such schemes 367 is subject to the security considerations of those schemes. 369 Source text is expected to be in Unicode Normalization Form C. 370 Scripts and implementations MUST consider security implications of 371 unnormalized source text and data. For a detailed discussion of such 372 implications refer to the security considerations in [RFC3629]. 374 Scripts can be executed in an environment that is vulnerable to code 375 injection attacks. For example, a CGI script [RFC3875] echoing user 376 input could allow the inclusion of untrusted scripts that could be 377 executed in an otherwise trusted environment. This threat scenario 378 is subject to security considerations that are out of the scope of 379 this document. 381 The "data" resource identifier scheme [RFC2397], in combination with 382 the types defined in this document, could be used to cause execution 383 of untrusted scripts through the inclusion of untrusted resource 384 identifiers in otherwise trusted content. Security considerations of 385 [RFC2397] apply. 387 Implementations can fail to implement a specific security model or 388 other means to prevent possibly dangerous operations. Such failure 389 could possibly be exploited to gain unauthorized access to a system 390 or sensitive information; such failure constitutes an unknown factor 391 and is thus considered out of the scope of this document. 393 6. IANA Considerations 395 The media type registrations herein are divided into two major 396 categories: the sole media type "text/javascript" which is now in 397 common usage, and all of the media types that are obsolete. 399 For both categories, the media types are updated to reference 400 [ECMA-262]. In addition, a new file extension of .mjs is added to 401 the list of file extensions with the restriction that contents should 402 be parsed using the Module goal. Finally, the [HTML] specification 403 uses "text/javascript" as the default media type of ECMAScript when 404 preparing script tags; therefore, "text/javascript" intended usage is 405 to be moved from OBSOLETE to COMMON. 407 These changes are to be reflected in the IANA Media Types registry in 408 accordance with [RFC6838]. All registrations will point to this 409 document as reference. The outdated note stating that the "text/ 410 javascript" media type has been "OBSOLETED in favor of application/ 411 javascript" is to be removed. The outdated note stating that the 412 "text/ecmascript" media type has been "OBSOLETED in favor of 413 application/ecmascript" is to be removed. IANA is requested to add 414 the note "OBSOLETED in favor of text/javascript" to all registrations 415 except "text/javascript". 417 6.1. Common JavaScript Media Types 419 6.1.1. text/javascript 421 Type name: text 423 Subtype name: javascript 425 Required parameters: N/A 427 Optional parameters: charset, see section 4.1 of [this document]. 429 Encoding considerations: Binary 431 Security considerations: See section 5 of [this document].. 433 Interoperability considerations: It is expected that implementations 434 will behave as if this registration applies to later editions of 435 [ECMA-262], and its published specification references may be 436 updated accordingly from time to time. See also various sections 437 of [this document]. 439 Published specification: [ECMA-262] 441 Applications which use this media type: Script interpreters as 442 discussed in [this document]. 444 Additional information: Magic number(s): n/a 446 File extension(s): .js, .mjs 448 Macintosh File Type Code(s): TEXT 450 Person & email address to contact for further information: See 451 Author's Address section of [this document] and [RFC4329]. 453 Intended usage: COMMON 455 Restrictions on usage: The .mjs file extension signals that the file 456 represents a JavaScript module. Execution environments that rely 457 on file extensions to determine how to process inputs parse .mjs 458 files using the Module grammar of [ECMA-262]. 460 Author: See Author's Address section of [this document]. 462 Change controller: IESG 464 6.2. Historic Javascript Media Types 466 The following media types are added or updated for historical 467 purposes. All herein have an intended usage of OBSOLETE, and are not 468 expected to be in use with modern implementations. 470 6.2.1. application/ecmascript 472 Type name: application 474 Subtype name: ecmascript 476 Required parameters: N/A 478 Optional parameters: charset, see section 4.1 of [this document]. 480 Encoding considerations: Binary 482 Security considerations: See section 5 of [this document].. 484 Interoperability considerations: It is expected that implementations 485 will behave as if this registration applies to later editions of 486 [ECMA-262], and its published specification references may be 487 updated accordingly from time to time. See also various sections 488 of [this document]. 490 Published specification: [ECMA-262] 492 Applications which use this media type: Script interpreters as 493 discussed in [this document]. 495 Additional information: Magic number(s): n/a 497 File extension(s): .es, .mjs 499 Macintosh File Type Code(s): TEXT 501 Person & email address to contact for further information: See 502 Author's Address section of [this document] and [RFC4329]. 504 Intended usage: OBSOLETE 506 Restrictions on usage: This media type is obsolete; current 507 implementations should use text/javascript as the only JavaScript/ 508 ECMAScript media type. The .mjs file extension signals that the 509 file represents a JavaScript module. Execution environments that 510 rely on file extensions to determine how to process inputs parse 511 .mjs files using the Module grammar of [ECMA-262]. 513 Author: See Author's Address section of [this document]. 515 Change controller: IESG 517 6.2.2. application/javascript 519 Type name: application 521 Subtype name: javascript 523 Required parameters: N/A 525 Optional parameters: charset, see section 4.1 of [this document]. 527 Encoding considerations: Binary 529 Security considerations: See section 5 of [this document].. 531 Interoperability considerations: It is expected that implementations 532 will behave as if this registration applies to later editions of 533 [ECMA-262], and its published specification references may be 534 updated accordingly from time to time. See also section 4.1 of 535 [this document] regarding the charset parameter. 537 Published specification: [ECMA-262] 539 Applications which use this media type: Script interpreters as 540 discussed in [this document]. 542 Additional information: Magic number(s): n/a 544 File extension(s): .js, .mjs 546 Macintosh File Type Code(s): TEXT 548 Person & email address to contact for further information: See 549 Author's Address section of [this document] and [RFC4329]. 551 Intended usage: OBSOLETE 553 Restrictions on usage: This media type is obsolete; current 554 implementations should use text/javascript as the only JavaScript/ 555 ECMAScript media type. The .mjs file extension signals that the 556 file represents a JavaScript module. Execution environments that 557 rely on file extensions to determine how to process inputs parse 558 .mjs files using the Module grammar of [ECMA-262]. 560 Author: See Author's Address section of [this document]. 562 Change controller: IESG . 564 6.2.3. application/x-ecmascript 566 Type name: application 568 Subtype name: x-ecmascript 570 Required parameters: N/A 572 Optional parameters: : charset, see section 4.1 of [this document]. 574 Encoding considerations: Binary 576 Security considerations: See section 5 of [this document].. 578 Interoperability considerations: It is expected that implementations 579 will behave as if this registration applies to later editions of 580 [ECMA-262], and its published specification references may be 581 updated accordingly from time to time. See also various sections 582 of [this document]. 584 Published specification: [ECMA-262] 586 Applications which use this media type: Script interpreters as 587 discussed in [this document]. 589 Additional information: Magic number(s): n/a 591 File extension(s): .es, .mjs 593 Macintosh File Type Code(s): TEXT 595 Person & email address to contact for further information: See 596 Author's Address section of [this document]. 598 Intended usage: OBSOLETE 600 Restrictions on usage: This media type is obsolete; current 601 implementations should use text/javascript as the only JavaScript/ 602 ECMAScript media type. The .mjs file extension signals that the 603 file represents a JavaScript module. Execution environments that 604 rely on file extensions to determine how to process inputs parse 605 .mjs files using the Module grammar of [ECMA-262]. 607 Author: See Author's Address section of [this document]. 609 Change controller: IESG 611 6.2.4. application/x-javascript 613 Type name: application 615 Subtype name: x-javascript 617 Required parameters: N/A 619 Optional parameters: : charset, see section 4.1 of [this document]. 621 Encoding considerations: Binary 623 Security considerations: See section 5 of [this document].. 625 Interoperability considerations: It is expected that implementations 626 will behave as if this registration applies to later editions of 627 [ECMA-262], and its published specification references may be 628 updated accordingly from time to time. See also various sections 629 of [this document]. 631 Published specification: [ECMA-262] 633 Applications which use this media type: Script interpreters as 634 discussed in [this document]. 636 Additional information: Magic number(s): n/a 638 File extension(s): .js, .mjs 640 Macintosh File Type Code(s): TEXT 642 Person & email address to contact for further information: See 643 Author's Address section of [this document]. 645 Intended usage: OBSOLETE 647 Restrictions on usage: This media type is obsolete; current 648 implementations should use text/javascript as the only JavaScript/ 649 ECMAScript media type. The .mjs file extension signals that the 650 file represents a JavaScript module. Execution environments that 651 rely on file extensions to determine how to process inputs parse 652 .mjs files using the Module grammar of [ECMA-262]. 654 Author: See Author's Address section of [this document]. 656 Change controller: IESG 658 6.2.5. text/ecmascript 660 Type name: text 662 Subtype name: ecmascript 664 Required parameters: N/A 666 Optional parameters: : charset, see section 4.1 of [this document]. 668 Encoding considerations: Binary 670 Security considerations: See section 5 of [this document].. 672 Interoperability considerations: It is expected that implementations 673 will behave as if this registration applies to later editions of 674 [ECMA-262], and its published specification references may be 675 updated accordingly from time to time. See also various sections 676 of [this document]. 678 Published specification: [ECMA-262] 680 Applications which use this media type: Script interpreters as 681 discussed in [this document]. 683 Additional information: Magic number(s): n/a 685 File extension(s): .es, .mjs 687 Macintosh File Type Code(s): TEXT 689 Person & email address to contact for further information: See 690 Author's Address section of [this document] and [RFC4329]. 692 Intended usage: OBSOLETE 694 Restrictions on usage: This media type is obsolete; current 695 implementations should use text/javascript as the only JavaScript/ 696 ECMAScript media type. The .mjs file extension signals that the 697 file represents a JavaScript module. Execution environments that 698 rely on file extensions to determine how to process inputs parse 699 .mjs files using the Module grammar of [ECMA-262]. 701 Author: See Author's Address section of [this document]. 703 Change controller: IESG 705 6.2.6. text/javascript1.0 707 Type name: text 709 Subtype name: javascript1.0 711 Required parameters: N/A 713 Optional parameters: : charset, see section 4.1 of [this document]. 715 Encoding considerations: Binary 717 Security considerations: See section 5 of [this document].. 719 Interoperability considerations: It is expected that implementations 720 will behave as if this registration applies to later editions of 721 [ECMA-262], and its published specification references may be 722 updated accordingly from time to time. See also various sections 723 of [this document]. 725 Published specification: [ECMA-262] 727 Applications which use this media type: Script interpreters as 728 discussed in [this document]. 730 Additional information: Magic number(s): n/a 732 File extension(s): .js, .mjs 734 Macintosh File Type Code(s): TEXT 736 Person & email address to contact for further information: See 737 Author's Address section of [this document]. 739 Intended usage: OBSOLETE 741 Restrictions on usage: This media type is obsolete; current 742 implementations should use text/javascript as the only JavaScript/ 743 ECMAScript media type. The .mjs file extension signals that the 744 file represents a JavaScript module. Execution environments that 745 rely on file extensions to determine how to process inputs parse 746 .mjs files using the Module grammar of [ECMA-262]. 748 Author: See Author's Address section of [this document]. 750 Change controller: IESG 752 6.2.7. text/javascript1.1 754 Type name: text 756 Subtype name: javascript1.1 758 Required parameters: N/A 760 Optional parameters: : charset, see section 4.1 of [this document]. 762 Encoding considerations: Binary 764 Security considerations: See section 5 of [this document].. 766 Interoperability considerations: It is expected that implementations 767 will behave as if this registration applies to later editions of 768 [ECMA-262], and its published specification references may be 769 updated accordingly from time to time. See also various sections 770 of [this document]. 772 Published specification: [ECMA-262] 774 Applications which use this media type: Script interpreters as 775 discussed in [this document]. 777 Additional information: Magic number(s): n/a 779 File extension(s): .js, .mjs 781 Macintosh File Type Code(s): TEXT 783 Person & email address to contact for further information: See 784 Author's Address section of [this document]. 786 Intended usage: OBSOLETE 788 Restrictions on usage: This media type is obsolete; current 789 implementations should use text/javascript as the only JavaScript/ 790 ECMAScript media type. The .mjs file extension signals that the 791 file represents a JavaScript module. Execution environments that 792 rely on file extensions to determine how to process inputs parse 793 .mjs files using the Module grammar of [ECMA-262]. 795 Author: See Author's Address section of [this document]. 797 Change controller: IESG 799 6.2.8. text/javascript1.2 801 Type name: text 803 Subtype name: javascript1.2 805 Required parameters: N/A 807 Optional parameters: : charset, see section 4.1 of [this document]. 809 Encoding considerations: Binary 811 Security considerations: See section 5 of [this document].. 813 Interoperability considerations: It is expected that implementations 814 will behave as if this registration applies to later editions of 815 [ECMA-262], and its published specification references may be 816 updated accordingly from time to time. See also various sections 817 of [this document]. 819 Published specification: [ECMA-262] 821 Applications which use this media type: Script interpreters as 822 discussed in [this document]. 824 Additional information: Magic number(s): n/a 826 File extension(s): .js, .mjs 828 Macintosh File Type Code(s): TEXT 830 Person & email address to contact for further information: See 831 Author's Address section of [this document]. 833 Intended usage: OBSOLETE 835 Restrictions on usage: This media type is obsolete; current 836 implementations should use text/javascript as the only JavaScript/ 837 ECMAScript media type. The .mjs file extension signals that the 838 file represents a JavaScript module. Execution environments that 839 rely on file extensions to determine how to process inputs parse 840 .mjs files using the Module grammar of [ECMA-262]. 842 Author: See Author's Address section of [this document]. 844 Change controller: IESG 846 6.2.9. text/javascript1.3 848 Type name: text 850 Subtype name: javascript1.3 852 Required parameters: N/A 854 Optional parameters: : charset, see section 4.1 of [this document]. 856 Encoding considerations: Binary 858 Security considerations: See section 5 of [this document].. 860 Interoperability considerations: It is expected that implementations 861 will behave as if this registration applies to later editions of 862 [ECMA-262], and its published specification references may be 863 updated accordingly from time to time. See also various sections 864 of [this document]. 866 Published specification: [ECMA-262] 868 Applications which use this media type: Script interpreters as 869 discussed in [this document]. 871 Additional information: Magic number(s): n/a 873 File extension(s): .js, .mjs 875 Macintosh File Type Code(s): TEXT 877 Person & email address to contact for further information: See 878 Author's Address section of [this document]. 880 Intended usage: OBSOLETE 882 Restrictions on usage: This media type is obsolete; current 883 implementations should use text/javascript as the only JavaScript/ 884 ECMAScript media type. The .mjs file extension signals that the 885 file represents a JavaScript module. Execution environments that 886 rely on file extensions to determine how to process inputs parse 887 .mjs files using the Module grammar of [ECMA-262]. 889 Author: See Author's Address section of [this document]. 891 Change controller: IESG 893 6.2.10. text/javascript1.4 895 Type name: text 897 Subtype name: javascript1.4 899 Required parameters: N/A 901 Optional parameters: : charset, see section 4.1 of [this document]. 903 Encoding considerations: Binary 905 Security considerations: See section 5 of [this document].. 907 Interoperability considerations: It is expected that implementations 908 will behave as if this registration applies to later editions of 909 [ECMA-262], and its published specification references may be 910 updated accordingly from time to time. See also various sections 911 of [this document]. 913 Published specification: [ECMA-262] 915 Applications which use this media type: Script interpreters as 916 discussed in [this document]. 918 Additional information: Magic number(s): n/a 920 File extension(s): .js, .mjs 922 Macintosh File Type Code(s): TEXT 924 Person & email address to contact for further information: See 925 Author's Address section of [this document]. 927 Intended usage: OBSOLETE 929 Restrictions on usage: This media type is obsolete; current 930 implementations should use text/javascript as the only JavaScript/ 931 ECMAScript media type. The .mjs file extension signals that the 932 file represents a JavaScript module. Execution environments that 933 rely on file extensions to determine how to process inputs parse 934 .mjs files using the Module grammar of [ECMA-262]. 936 Author: See Author's Address section of [this document]. 938 Change controller: IESG 940 6.2.11. text/javascript1.5 942 Type name: text 944 Subtype name: javascript1.5 946 Required parameters: N/A 948 Optional parameters: : charset, see section 4.1 of [this document]. 950 Encoding considerations: Binary 952 Security considerations: See section 5 of [this document].. 954 Interoperability considerations: It is expected that implementations 955 will behave as if this registration applies to later editions of 956 [ECMA-262], and its published specification references may be 957 updated accordingly from time to time. See also various sections 958 of [this document]. 960 Published specification: [ECMA-262] 962 Applications which use this media type: Script interpreters as 963 discussed in [this document]. 965 Additional information: Magic number(s): n/a 967 File extension(s): .js, .mjs 969 Macintosh File Type Code(s): TEXT 971 Person & email address to contact for further information: See 972 Author's Address section of [this document]. 974 Intended usage: OBSOLETE 976 Restrictions on usage: This media type is obsolete; current 977 implementations should use text/javascript as the only JavaScript/ 978 ECMAScript media type. The .mjs file extension signals that the 979 file represents a JavaScript module. Execution environments that 980 rely on file extensions to determine how to process inputs parse 981 .mjs files using the Module grammar of [ECMA-262]. 983 Author: See Author's Address section of [this document]. 985 Change controller: IESG 987 6.2.12. text/jscript 989 Type name: text 991 Subtype name: jscript 993 Required parameters: N/A 995 Optional parameters: : charset, see section 4.1 of [this document]. 997 Encoding considerations: Binary 999 Security considerations: See section 5 of [this document].. 1001 Interoperability considerations: It is expected that implementations 1002 will behave as if this registration applies to later editions of 1003 [ECMA-262], and its published specification references may be 1004 updated accordingly from time to time. See also various sections 1005 of [this document]. 1007 Published specification: [ECMA-262] 1009 Applications which use this media type: Script interpreters as 1010 discussed in [this document]. 1012 Additional information: Magic number(s): n/a 1014 File extension(s): .js, .mjs 1016 Macintosh File Type Code(s): TEXT 1018 Person & email address to contact for further information: See 1019 Author's Address section of [this document]. 1021 Intended usage: OBSOLETE 1023 Restrictions on usage: This media type is obsolete; current 1024 implementations should use text/javascript as the only JavaScript/ 1025 ECMAScript media type. The .mjs file extension signals that the 1026 file represents a JavaScript module. Execution environments that 1027 rely on file extensions to determine how to process inputs parse 1028 .mjs files using the Module grammar of [ECMA-262]. 1030 Author: See Author's Address section of [this document]. 1032 Change controller: IESG 1034 6.2.13. text/livescript 1036 Type name: text 1038 Subtype name: livescript 1040 Required parameters: N/A 1042 Optional parameters: : charset, see section 4.1 of [this document]. 1044 Encoding considerations: Binary 1046 Security considerations: See section 5 of [this document].. 1048 Interoperability considerations: See various sections of [this 1049 document]. 1051 Published specification: [ECMA-262] 1053 Applications which use this media type: Script interpreters as 1054 discussed in [this document]. 1056 Additional information: Magic number(s): n/a 1058 File extension(s): .js, .mjs 1060 Macintosh File Type Code(s): TEXT 1062 Person & email address to contact for further information: See 1063 Author's Address section of [this document]. 1065 Intended usage: OBSOLETE 1067 Restrictions on usage: This media type is obsolete; current 1068 implementations should use text/javascript as the only JavaScript/ 1069 ECMAScript media type. The .mjs file extension signals that the 1070 file represents a JavaScript module. Execution environments that 1071 rely on file extensions to determine how to process inputs parse 1072 .mjs files using the Module grammar of [ECMA-262]. 1074 Author: See Author's Address section of [this document]. 1076 Change controller: IESG 1078 6.2.14. text/x-ecmascript 1080 Type name: text 1081 Subtype name: x-ecmascript 1083 Required parameters: N/A 1085 Optional parameters: : charset, see section 4.1 of [this document]. 1087 Encoding considerations: Binary 1089 Security considerations: See section 5 of [this document].. 1091 Interoperability considerations: It is expected that implementations 1092 will behave as if this registration applies to later editions of 1093 [ECMA-262], and its published specification references may be 1094 updated accordingly from time to time. See also various sections 1095 of [this document]. 1097 Published specification: [ECMA-262] 1099 Applications which use this media type: Script interpreters as 1100 discussed in [this document]. 1102 Additional information: Magic number(s): n/a 1104 File extension(s): .es, .mjs 1106 Macintosh File Type Code(s): TEXT 1108 Person & email address to contact for further information: See 1109 Author's Address section of [this document]. 1111 Intended usage: OBSOLETE 1113 Restrictions on usage: This media type is obsolete; current 1114 implementations should use text/javascript as the only JavaScript/ 1115 ECMAScript media type. The .mjs file extension signals that the 1116 file represents a JavaScript module. Execution environments that 1117 rely on file extensions to determine how to process inputs parse 1118 .mjs files using the Module grammar of [ECMA-262]. 1120 Author: See Author's Address section of [this document]. 1122 Change controller: IESG 1124 6.2.15. text/x-javascript 1126 Type name: text 1128 Subtype name: x-javascript 1129 Required parameters: N/A 1131 Optional parameters: : charset, see section 4.1 of [this document]. 1133 Encoding considerations: Binary 1135 Security considerations: See section 5 of [this document].. 1137 Interoperability considerations: It is expected that implementations 1138 will behave as if this registration applies to later editions of 1139 [ECMA-262], and its published specification references may be 1140 updated accordingly from time to time. See also various sections 1141 of [this document]. 1143 Published specification: [ECMA-262] 1145 Applications which use this media type: Script interpreters as 1146 discussed in [this document]. 1148 Additional information: Magic number(s): n/a 1150 File extension(s): .js, .mjs 1152 Macintosh File Type Code(s): TEXT 1154 Person & email address to contact for further information: See 1155 Author's Address section of [this document]. 1157 Intended usage: OBSOLETE 1159 Restrictions on usage: This media type is obsolete; current 1160 implementations should use text/javascript as the only JavaScript/ 1161 ECMAScript media type. The .mjs file extension signals that the 1162 file represents a JavaScript module. Execution environments that 1163 rely on file extensions to determine how to process inputs parse 1164 .mjs files using the Module grammar of [ECMA-262]. 1166 Author: See Author's Address section of [this document]. 1168 Change controller: IESG 1170 7. References 1172 7.1. Normative References 1174 [CHARSETS] IANA, "Assigned character sets", n.d., 1175 . 1177 [ECMA-262] Ecma International, "ECMAScript 2021 language 1178 specification, ECMA-262 12th Edition, June 2021", June 1179 2021, . 1181 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1182 Requirement Levels", BCP 14, RFC 2119, 1183 DOI 10.17487/RFC2119, March 1997, 1184 . 1186 [RFC2397] Masinter, L., "The "data" URL scheme", RFC 2397, 1187 DOI 10.17487/RFC2397, August 1998, 1188 . 1190 [RFC2978] Freed, N. and J. Postel, "IANA Charset Registration 1191 Procedures", BCP 19, RFC 2978, DOI 10.17487/RFC2978, 1192 October 2000, . 1194 [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC 1195 Text on Security Considerations", BCP 72, RFC 3552, 1196 DOI 10.17487/RFC3552, July 2003, 1197 . 1199 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 1200 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 1201 2003, . 1203 [RFC4329] Hoehrmann, B., "Scripting Media Types", RFC 4329, 1204 DOI 10.17487/RFC4329, April 2006, 1205 . 1207 [RFC6365] Hoffman, P. and J. Klensin, "Terminology Used in 1208 Internationalization in the IETF", BCP 166, RFC 6365, 1209 DOI 10.17487/RFC6365, September 2011, 1210 . 1212 [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type 1213 Specifications and Registration Procedures", BCP 13, 1214 RFC 6838, DOI 10.17487/RFC6838, January 2013, 1215 . 1217 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1218 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1219 May 2017, . 1221 7.2. Informative References 1223 [HTML] WHATWG, "HTML Living Standard", August 2017, 1224 . 1227 [RFC3236] Baker, M. and P. Stark, "The 'application/xhtml+xml' Media 1228 Type", RFC 3236, DOI 10.17487/RFC3236, January 2002, 1229 . 1231 [RFC3875] Robinson, D. and K. Coar, "The Common Gateway Interface 1232 (CGI) Version 1.1", RFC 3875, DOI 10.17487/RFC3875, 1233 October 2004, . 1235 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 1236 Resource Identifier (URI): Generic Syntax", STD 66, 1237 RFC 3986, DOI 10.17487/RFC3986, January 2005, 1238 . 1240 [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource 1241 Identifiers (IRIs)", RFC 3987, DOI 10.17487/RFC3987, 1242 January 2005, . 1244 [SPECTRE] Kocher, P., Fogh, A., Gerkin, D., Gruss, D., Haas, W., 1245 Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, 1246 M., and Y. Yarom, "Spectre Attacks: Exploiting Speculative 1247 Execution", January 2018, 1248 . 1250 [TC39-MIME-ISSUE] 1251 TC39, "Add `application/javascript+module` mime to remove 1252 ambiguity", August 2017, . 1255 Appendix A. Acknowledgements 1257 This work builds upon its antecedent document, authored by Bjoern 1258 Hoehrmann. The authors would like to thank Adam Roach, Anne van 1259 Kesteren, Allen Wirfs-Brock, Alexey Melnikov, James Snell, Mark 1260 Nottingham, Murray Kucherawy, and Suresh Krishnan for their guidance 1261 and feedback throughout this process. 1263 Appendix B. Changes from RFC 4329 1265 * Added a section discussing ECMAScript modules and the impact on 1266 processing. 1268 * Updated the Security Considerations to discuss concerns associated 1269 with ECMAScript modules and SharedArrayBuffers. 1271 * Updated the character encoding scheme detection to remove 1272 normative guidance on its use, to better reflect operational 1273 reality. 1275 * Changed the intended usage of the media type text/javascript from 1276 obsolete to common. 1278 * Changed the intended usage for all other script media types to 1279 obsolete. 1281 * Updated various references where the original has been obsoleted. 1283 * Updated references to ECMA-262 to match the version at time of 1284 publication. 1286 Authors' Addresses 1288 Matthew A. Miller 1290 Email: linuxwolf+ietf@outer-planes.net 1292 Myles Borins 1293 GitHub 1295 Email: mylesborins@github.com 1297 Mathias Bynens 1298 Google 1300 Email: mths@google.com 1302 Bradley Farias 1304 Email: bradley.meck@gmail.com