rfc9239xml2.original.xml   rfc9239.xml 
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.5.8 -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [ <!DOCTYPE rfc [
<!ENTITY RFC2045 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere <!ENTITY nbsp "&#160;">
nce.RFC.2045.xml"> <!ENTITY zwsp "&#8203;">
<!ENTITY RFC2119 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere <!ENTITY nbhy "&#8209;">
nce.RFC.2119.xml"> <!ENTITY wj "&#8288;">
<!ENTITY RFC2397 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.2397.xml">
<!ENTITY RFC2978 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.2978.xml">
<!ENTITY RFC3552 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.3552.xml">
<!ENTITY RFC3629 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.3629.xml">
<!ENTITY RFC4288 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.4288.xml">
<!ENTITY RFC4329 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.4329.xml">
<!ENTITY RFC6365 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.6365.xml">
<!ENTITY RFC6648 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.6648.xml">
<!ENTITY RFC6838 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.6838.xml">
<!ENTITY RFC8174 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.8174.xml">
<!ENTITY RFC3236 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.3236.xml">
<!ENTITY RFC3875 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.3875.xml">
<!ENTITY RFC3986 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.3986.xml">
<!ENTITY RFC3987 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.3987.xml">
]> ]>
<?rfc toc="yes"?> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft
<?rfc tocindent="yes"?> -ietf-dispatch-javascript-mjs-17" number="9239" submissionType="IETF" category="
<?rfc sortrefs="yes"?> info" consensus="true" obsoletes="4329" updates="" xml:lang="en" tocInclude="tru
<?rfc symrefs="yes"?> e" sortRefs="true" symRefs="true" version="3">
<?rfc strict="yes"?>
<?rfc compact="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<rfc ipr="trust200902" docName="draft-ietf-dispatch-javascript-mjs-17" category=
"info" obsoletes="4329">
<!-- xml2rfc v2v3 conversion 3.12.2 -->
<front> <front>
<title>ECMAScript Media Types Updates</title> <title>Updates to ECMAScript Media Types</title>
<seriesInfo name="RFC" value="9239"/>
<author initials="M." surname="Miller" fullname="Matthew A. Miller"> <author initials="M." surname="Miller" fullname="Matthew A. Miller">
<organization></organization> <organization/>
<address> <address>
<email>linuxwolf+ietf@outer-planes.net</email> <email>linuxwolf+ietf@outer-planes.net</email>
</address> </address>
</author> </author>
<author initials="M." surname="Borins" fullname="Myles Borins"> <author initials="M." surname="Borins" fullname="Myles Borins">
<organization>GitHub</organization> <organization>GitHub</organization>
<address> <address>
<email>mylesborins@github.com</email> <email>mylesborins@github.com</email>
</address> </address>
</author> </author>
<author initials="M." surname="Bynens" fullname="Mathias Bynens"> <author initials="M." surname="Bynens" fullname="Mathias Bynens">
<organization>Google</organization> <organization>Google</organization>
<address> <address>
<email>mths@google.com</email> <email>mths@google.com</email>
</address> </address>
</author> </author>
<author initials="B." surname="Farias" fullname="Bradley Farias"> <author initials="B." surname="Farias" fullname="Bradley Farias">
<organization></organization> <organization/>
<address> <address>
<email>bradley.meck@gmail.com</email> <email>bradley.meck@gmail.com</email>
</address> </address>
</author> </author>
<date year="2022" month="May"/>
<date year="2022" month="March" day="02"/>
<area>ART</area> <area>ART</area>
<workgroup>DISPATCH</workgroup> <workgroup>DISPATCH</workgroup>
<keyword>Internet-Draft</keyword>
<abstract> <keyword>JavaScript</keyword>
<keyword>ECMAScript</keyword>
<t>This document describes the registration of media types for the ECMAScript an <keyword>MIME type</keyword>
d JavaScript programming languages and conformance requirements for implementati <keyword>Content-Type</keyword>
ons of these types. This document obsoletes RFC4329, "Scripting Media Types", re <keyword>modules</keyword>
placing the previous registrations for "text/javascript" and "application/javasc <keyword>TC39</keyword>
ript" with information and requirements aligned with common usage and implementa <keyword>ESM</keyword>
tion experiences.</t>
<abstract>
<t>This document describes the registration of media types for the ECMAScr
ipt and JavaScript programming languages and conformance requirements for implem
entations of these types. This document obsoletes RFC 4329 ("Scripting Media Typ
es)", replacing the previous registrations with information and requirements ali
gned with common usage and implementation experiences.</t>
</abstract> </abstract>
<note title="IESG Note">
<t>This document records the relationship between the work of Ecma
International's Technical Committee 39 and the media types used to
identify relevant payloads.</t>
<t>That relationship was developed outside of the IETF and as a result is
unfortunately not aligned with the best practices of BCP 13.
Consequently, consensus exists in the IETF to document the relationship
and update the relevant IANA registrations for those media types, but
this is not an IETF endorsement of the media types chosen for this work.</t>
</note>
</front> </front>
<middle> <middle>
<section anchor="introduction" numbered="true" toc="default">
<section anchor="introduction"><name>Introduction</name> <name>Introduction</name>
<t>This memo describes media types for the JavaScript and ECMAScript progr
<t>This memo describes media types for the JavaScript and ECMAScript programming amming languages. Refer to the sections "Introduction" and "Overview" in <xref
languages. Refer to the sections "Introduction" and "Overview" in <xref target target="ECMA-262" format="default"/> for background information on these languag
="ECMA-262"/> for background information on these languages. This document upda es. This document updates the descriptions and registrations for these media ty
tes the descriptions and registrations for these media types to reflect existing pes to reflect existing usage on the Internet, and it provides up-to-date securi
usage on the Internet, and provides up-to-date security considerations.</t> ty considerations.</t>
<t>This document replaces the media type registrations in <xref target="RF
<t>This document replaces the media types registrations in <xref target="RFC4329 C4329" format="default"/> and updates the requirements for implementations using
"/>, and updates the requirements for implementations using those media types de those media types defined in <xref target="RFC4329" format="default"/> based on
fined in <xref target="RFC4329"/> based on current existing practices. As a cons current existing practices. As a consequence, this document obsoletes <xref tar
equence, this document obsoletes <xref target="RFC4329"/>.</t> get="RFC4329" format="default"/>.</t>
<section anchor="terminology" numbered="true" toc="default">
<section anchor="terminology"><name>Terminology</name> <name>Terminology</name>
<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>",
"SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this d "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>",
ocument are to be interpreted as described in BCP 14 <xref target="RFC2119"/> "<bcp14>SHOULD NOT</bcp14>",
<xref target="RFC8174"/> when, and only when, they appear in all capitals, as sh "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
own here.</t> "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document
are to be interpreted as described in BCP&nbsp;14
</section> <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only
</section> when, they appear in all capitals, as shown here.</t>
<section anchor="compatibility"><name>Compatibility</name> </section>
</section>
<t>This document defines equivalent processing requirements for the types text/j <section anchor="compatibility" numbered="true" toc="default">
avascript, text/ecmascript, and application/javascript. The most widely support <name>Compatibility</name>
ed media type in use is text/javascript; all others are considered historical an <t>This document defines equivalent processing requirements for the
d obsolete aliases of text/javascript.</t> various script media types. The most widely supported media type in use is text
/javascript; all others are considered historical and obsolete aliases of text/j
<t>The types defined in this document are applicable to scripts written in <xref avascript.</t>
target="ECMA-262"/>. New editions of <xref target="ECMA-262"/> are subjected to <t>The types defined in this document are applicable to scripts written in
strong obligations of backward compatibility, imposed by the standardization pr <xref target="ECMA-262" format="default"/>. New editions of <xref target="ECMA-
ocess of Ecma International's Technical Committee 39 (TC39). As a result, JavaSc 262" format="default"/> are subjected to strong obligations of backward compatib
ript code based on an earlier edition is generally compatible with a JavaScript ility, imposed by the standardization process of Ecma International's Technical
engine adhering to a later edition. The few exceptions to this are documented in Committee 39 (TC39). As a result, JavaScript code based on an earlier edition is
<xref target="ECMA-262"/> in the section "Additions and Changes That Introduce generally compatible with a JavaScript engine adhering to a later edition. The
Incompatibilities with Prior Editions". JavaScript developers commonly use featu few exceptions to this are documented in <xref target="ECMA-262" format="default
re detection to ensure modern JavaScript features are only used when available i "/> in the section "Additions and Changes That Introduce Incompatibilities with
n the current environment. Later editions of <xref target="ECMA-262"/> are not d Prior Editions". JavaScript developers commonly use feature detection to ensure
irectly addressed in this document, although it is expected that implementations that modern JavaScript features are only used when available in the current envi
will behave as if applicability were extended to them. This document does not a ronment. Later editions of <xref target="ECMA-262" format="default"/> are not di
ddress other extensions to <xref target="ECMA-262"/> or scripts written in other rectly addressed in this document, although it is expected that implementations
languages.</t> will behave as if applicability were extended to them. This document does not ad
dress other extensions to <xref target="ECMA-262" format="default"/> or scripts
<t>This document may be updated to take other content into account. Updates of written in other languages.</t>
this document may introduce new optional parameters; implementations must consid <t>This document may be updated to take other content into account. Updat
er the impact of such an update.</t> es of this document may introduce new optional parameters; implementations must
consider the impact of such an update.</t>
<t>This document does not define how fragment identifiers in resource identifier <t>This document does not define how fragment identifiers in resource iden
s (<xref target="RFC3986"/>, <xref target="RFC3987"/>) for documents labeled wit tifiers <xref target="RFC3986" format="default"/> <xref target="RFC3987" format=
h one of the media types defined in this document are resolved. An update of th "default"/> for documents labeled with one of the media types defined in this do
is document may define processing of fragment identifiers.</t> cument are resolved. An update of this document may define processing of fragme
nt identifiers.</t>
<t>Note that this use of the "text" media type tree willfully does not align wit <t>Note that this use of the "text" media type tree willfully does not ali
h its original intent per <xref target="RFC2045"/>. The reason for this is histo gn with its original intent per <xref target="RFC2045" format="default"/>. The r
rical. <xref target="RFC4329"/> registered both the text/* and application/* typ eason for this is historical. <xref target="RFC4329" format="default"/> register
es, marking the text/* ones obsolete. This was done to encourage people toward a ed both the text/* and application/* types, marking the text/* types obsolete. T
pplication/*, matching the guidance in <xref target="RFC4288"/>, the predecessor his was done to encourage people toward application/*, matching the guidance in
to <xref target="RFC6838"/>. Since then, however, the industry widely adopted t <xref target="RFC4288" format="default"/>, the predecessor to <xref target="RFC6
ext/* anyway. The definitions in this document reflect the current state of impl 838" format="default"/>. Since then, however, the industry widely adopted text/*
ementation across the JavaScript ecosystem, in web browsers and other environmen anyway. The definitions in this document reflect the current state of implement
ts such as Node.js alike, in order to guarantee backwards compatibility with exi ation across the JavaScript ecosystem, in web browsers and other environments su
sting applications as much as possible. Future registrations should not view thi ch as Node.js alike, in order to guarantee backward compatibility with existing
s as a repeatable precedent.</t> applications as much as possible. Future registrations should not view this as a
repeatable precedent.</t>
</section> </section>
<section anchor="modules"><name>Modules</name> <section anchor="modules" numbered="true" toc="default">
<name>Modules</name>
<t>In order to formalize support for modular programs, <xref target="ECMA-262"/> <t>In order to formalize support for modular programs, <xref target="ECMA-
(starting with 6th Edition) defines two top-level goal symbols (or roots to the 262" format="default"/> (starting with the 6th Edition) defines two top-level go
abstract syntax tree) for the ECMAScript grammar: Module and Script. The Scrip al symbols (or roots to the abstract syntax tree) for the ECMAScript grammar: Mo
t goal represents the original structure where the code executes in the global s dule and Script. The Script goal represents the original structure where the co
cope, while the Module goal represents the module system built into ECMAScript s de executes in the global scope, while the Module goal represents the module sys
tarting with 6th Edition. See the section "ECMAScript Language: Scripts and Mod tem built into ECMAScript starting with the 6th Edition. See the section "ECMAS
ules" of <xref target="ECMA-262"/> for details.</t> cript Language: Scripts and Modules" in <xref target="ECMA-262" format="default"
/> for details.</t>
<t>This separation means that (in the absence of additional information) there a <t>This separation means that (in the absence of additional information) t
re two possible interpretations for any given ECMAScript source text.</t> here are two possible interpretations for any given ECMAScript source text.</t>
<t>Ecma International's Technical Committee 39 (TC39), the standards body
<t>Ecma International's Technical Committee 39 (TC39), the standards body in cha in charge of ECMAScript, has determined that media types are outside of their sc
rge of ECMAScript, has determined that media types are outside of their scope of ope of work <xref target="TC39-MIME-ISSUE" format="default"/>.</t>
work <xref target="TC39-MIME-ISSUE"/>.</t> <t>It is not possible to fully determine if a source text of ECMAScript is
meant to be parsed using the Module or Script grammar goals based upon content
<t>It is not possible to fully determine if a source text of ECMAScript is meant or media type alone. Therefore, as permitted by the media types in this document
to be parsed using the Module or Script grammar goals based upon content or med , scripting environments use out-of-band information in order to determine what
ia type alone. Therefore, as permitted by the media types in this document, scri goal should be used. Some scripting environments have chosen to adopt the file e
pting environments use out-of-band information in order to determine what goal s xtension of .mjs for this purpose.</t>
hould be used. Some scripting environments have chosen to adopt the file extensi </section>
on of .mjs for this purpose.</t> <section anchor="encoding" numbered="true" toc="default">
<name>Encoding</name>
</section> <t>Refer to <xref target="RFC6365" format="default"/> for a discussion of
<section anchor="encoding"><name>Encoding</name> terminology used in this section. Source text (as defined in the section "Sourc
e Text" in <xref target="ECMA-262" format="default"/>) can be binary source text
<t>Refer to <xref target="RFC6365"/> for a discussion of terminology used in thi . Binary source text is a textual data object that represents source text encod
s section. Source text (as defined in <xref target="ECMA-262"/>, section "Sourc ed using a character encoding scheme. A textual data object is a whole text pro
e Text") can be binary source text. Binary source text is a textual data object tocol message or a whole text document, or a part of it, that is treated separat
that represents source text encoded using a character encoding scheme. A textu ely for purposes of external storage and retrieval. An implementation's interna
al data object is a whole text protocol message or a whole text document, or a p l representation of source text is not considered binary source text.</t>
art of it, that is treated separately for purposes of external storage and retri <t>Implementations need to determine a character encoding scheme in order
eval. An implementation's internal representation of source text is not conside to decode binary source text to source text. The media types defined in this do
red binary source text.</t> cument allow an optional charset parameter to explicitly specify the character e
ncoding scheme used to encode the source text.</t>
<t>Implementations need to determine a character encoding scheme in order to dec <t>In order to ensure interoperability and align with widespread implement
ode binary source text to source text. The media types defined in this document ation practices, the charset parameter is optional rather than required, despite
allow an optional charset parameter to explicitly specify the character encodin the recommendation in <xref target="RFC6838" format="default">BCP 13</xref> for
g scheme used to encode the source text.</t> text/* types.</t>
<t>How implementations determine the character encoding scheme can be subj
<t>In order to ensure interoperability and align with widespread implementation ect to processing rules that are out of the scope of this document. For example
practices, the charset parameter is optional rather than required, despite the r , transport protocols can require that a specific character encoding scheme is t
ecommendation in BCP 13 <xref target="RFC6838"/> for text/* types.</t> o be assumed if the optional charset parameter is not specified, or they can req
uire that the charset parameter is used in certain cases. Such requirements are
<t>How implementations determine the character encoding scheme can be subject to not defined by this document.</t>
processing rules that are out of the scope of this document. For example, tran <t>Implementations that support binary source text <bcp14>MUST</bcp14> sup
sport protocols can require that a specific character encoding scheme is to be a port binary source text encoded using the UTF-8 <xref target="RFC3629" format="d
ssumed if the optional charset parameter is not specified, or they can require t efault"/> character encoding scheme. Module goal sources <bcp14>MUST</bcp14> be
hat the charset parameter is used in certain cases. Such requirements are not d encoded as UTF-8; all other encodings will fail. Source goal sources <bcp14>SH
efined by this document.</t> OULD</bcp14> be encoded as UTF-8; other character encoding schemes <bcp14>MAY</b
cp14> be supported but are discouraged. Whether U+FEFF is processed as a Byte O
<t>Implementations that support binary source text MUST support binary source te rder Mark (BOM) signature or not depends on the host environment and is not defi
xt encoded using the UTF-8 <xref target="RFC3629"/> character encoding scheme. ned by this document.</t>
Module goal sources MUST be encoded as UTF-8; all other encodings will fail. So <section anchor="charset-parameter" numbered="true" toc="default">
urce goal sources SHOULD be encoded as UTF-8; other character encoding schemes M <name>Charset Parameter</name>
AY be supported, but are discouraged. Whether U+FEFF is processed as a Byte Ord <t>The charset parameter provides a means to specify the character encod
er Mark (BOM) signature or not depends on the host environment, and is not defin ing scheme of binary source text. If present, the value of the charset paramete
ed by this document.</t> r <bcp14>MUST</bcp14> be a registered charset <xref target="CHARSETS" format="de
fault"/> and is considered valid if it matches the mime-charset production defin
<section anchor="charset-parameter"><name>Charset Parameter</name> ed in <xref target="RFC2978" sectionFormat="of" section="2.3"/>.</t>
<t>The charset parameter is only used when processing a Script goal sour
<t>The charset parameter provides a means to specify the character encoding sche ce; Module goal sources <bcp14>MUST</bcp14> always be processed as UTF-8.</t>
me of binary source text. If present, the value of the charset parameter MUST b </section>
e a registered charset <xref target="CHARSETS"/>, and is considered valid if it <section anchor="character-encoding-scheme-detection" numbered="true" toc=
matches the mime-charset production defined in <xref target="RFC2978"/>, section "default">
2.3.</t> <name>Character Encoding Scheme Detection</name>
<t>It is possible that implementations cannot interoperably determine a
<t>The charset parameter is only used when processing a Script goal source; Modu single character encoding scheme simply by complying with all requirements of th
le goal sources MUST always be processed as UTF-8.</t> e applicable specifications. To foster interoperability in such cases, the foll
owing algorithm is defined. Implementations apply this algorithm until a single
</section> character encoding scheme is determined.</t>
<section anchor="character-encoding-scheme-detection"><name>Character Encoding S <ol spacing="normal" type="1"><li>
cheme Detection</name> <t>If the binary source text is not already determined to be using a
Module goal and starts with a Unicode encoding form signature, the signature de
<t>It is possible that implementations cannot interoperably determine a single c termines the encoding. The following octet sequences, at the very beginning of
haracter encoding scheme simply by complying with all requirements of the applic the binary source text, are considered with their corresponding character encodi
able specifications. To foster interoperability in such cases, the following al ng schemes: </t>
gorithm is defined. Implementations apply this algorithm until a single charact <table align="left" anchor="tab">
er encoding scheme is determined.</t> <name></name>
<thead>
<t><list style="numbers"> <tr>
<t>If the binary source text is not already determined to be using a Module go <th>Leading sequence</th>
al and starts with a Unicode encoding form signature, the signature determines t <th>Encoding</th>
he encoding. The following octet sequences, at the very beginning of the binary </tr>
source text, are considered with their corresponding character encoding schemes </thead>
: <vspace blankLines='1'/> <tbody>
<figure><artwork><![CDATA[ <tr>
+------------------+----------+ <td>EF BB BF</td>
| Leading sequence | Encoding | <td>UTF-8</td>
|------------------+----------| </tr>
| EF BB BF | UTF-8 | <tr>
| FF FE | UTF-16LE | <td>FF FE</td>
| FE FF | UTF-16BE | <td>UTF-16LE</td>
+------------------+----------+ </tr>
]]></artwork></figure> <tr>
<vspace blankLines='1'/> <td>FE FF</td>
Implementations of this step MUST use these octet sequences to determine the cha <td>UTF-16BE</td>
racter encoding scheme, even if the determined scheme is not supported. If this </tr>
step determines the character encoding scheme, the octet sequence representing </tbody>
the Unicode encoding form signature MUST be ignored when decoding the binary sou </table>
rce text.</t> <t>
<t>Else, if a charset parameter is specified and its value is valid and suppor Implementations of this step <bcp14>MUST</bcp14> use these octet sequences to de
ted by the implementation, the value determines the character encoding scheme.</ termine the character encoding scheme, even if the determined scheme is not supp
t> orted. If this step determines the character encoding scheme, the octet sequenc
<t>Else, the character encoding scheme is assumed to be UTF-8.</t> e representing the Unicode encoding form signature <bcp14>MUST</bcp14> be ignore
</list></t> d when decoding the binary source text.</t>
</li>
<t>If the character encoding scheme is determined to be UTF-8 through any means <li>Else, if a charset parameter is specified and its value is valid a
other than step 1 as defined above and the binary source text starts with the oc nd supported by the implementation, the value determines the character encoding
tet sequence EF BB BF, the octet sequence is ignored when decoding the binary so scheme.</li>
urce text.</t> <li>Else, the character encoding scheme is assumed to be UTF-8.</li>
</ol>
</section> <t>If the character encoding scheme is determined to be UTF-8 through an
<section anchor="character-encoding-scheme-error-handling"><name>Character Encod y means other than step 1 as defined above and the binary source text starts wit
ing Scheme Error Handling</name> h the octet sequence EF BB BF, the octet sequence is ignored when decoding the b
inary source text.</t>
<t>Binary source text that is not properly encoded for the determined character </section>
encoding can pose a security risk, as discussed in section 5. That said, becaus <section anchor="character-encoding-scheme-error-handling" numbered="true"
e of the varied and complex environments scripts are executed in, most of the er toc="default">
ror handling specifics are left to the processors. The following are broad guid <name>Character Encoding Scheme Error Handling</name>
elines that processors follow.</t> <t>Binary source text that is not properly encoded for the determined ch
aracter encoding can pose a security risk, as discussed in <xref target="securit
<t>If binary source text is determined to have been encoded using a certain char y-considerations"/>. That said, because of the varied and complex environments
acter encoding scheme that the implementation is unable to process, implementati scripts are executed in, most of the error handling specifics are left to the pr
ons can consider the resource unsupported (i.e., do not decode the binary source ocessors. The following are broad guidelines that processors follow.</t>
text using a different character encoding scheme).</t> <t>If binary source text is determined to have been encoded using a cert
ain character encoding scheme that the implementation is unable to process, impl
<t>Binary source text can be determined to have been encoded using a certain cha ementations can consider the resource unsupported (i.e., do not decode the binar
racter encoding scheme but contain octet sequences that are not valid according y source text using a different character encoding scheme).</t>
to that scheme. Implementations can substitute those invalid sequences with the <t>Binary source text can be determined to have been encoded using a cer
replacement character U+FFFD (properly encoded for the scheme), or stop process tain character encoding scheme but contain octet sequences that are not valid ac
ing altogether.</t> cording to that scheme. Implementations can substitute those invalid sequences
with the replacement character U+FFFD (properly encoded for the scheme) or stop
</section> processing altogether.</t>
</section> </section>
<section anchor="security-considerations"><name>Security Considerations</name> </section>
<section anchor="security-considerations" numbered="true" toc="default">
<t>Refer to <xref target="RFC3552"/> for a discussion of terminology used in thi <name>Security Considerations</name>
s section. Examples in this section and discussions of interactions of host env <t>Refer to <xref target="RFC3552" format="default"/> for a discussion of
ironments with scripts, modules, and extensions to <xref target="ECMA-262"/> are terminology used in this section. Examples in this section and discussions of i
to be understood as non-exhaustive and of a purely illustrative nature.</t> nteractions of host environments with scripts, modules, and extensions to <xref
target="ECMA-262" format="default"/> are to be understood as non-exhaustive and
<t>The programming language defined in <xref target="ECMA-262"/> is not intended of a purely illustrative nature.</t>
to be computationally self-sufficient, rather, it is expected that the computat <t>The programming language defined in <xref target="ECMA-262" format="def
ional environment provides facilities to programs to enable specific functionali ault"/> is not intended to be computationally self-sufficient; rather, it is exp
ty. Such facilities constitute unknown factors and are thus not defined by this ected that the computational environment provides facilities to programs to enab
document.</t> le specific functionality. Such facilities constitute unknown factors and are t
hus not defined by this document.</t>
<t>Derived programming languages are permitted to include additional functionali <t>Derived programming languages are permitted to include additional funct
ty that is not described in <xref target="ECMA-262"/>; such functionality consti ionality that is not described in <xref target="ECMA-262" format="default"/>; su
tutes an unknown factor and is thus not defined by this document. In particular ch functionality constitutes an unknown factor and is thus not defined by this d
, extensions to <xref target="ECMA-262"/> defined for the JavaScript programming ocument. In particular, extensions to <xref target="ECMA-262" format="default"/
language are not discussed in this document.</t> > defined for the JavaScript programming language are not discussed in this docu
ment.</t>
<t>Uncontrolled execution of scripts can be exceedingly dangerous. Implementatio <t>Uncontrolled execution of scripts can be exceedingly dangerous. Impleme
ns that execute scripts MUST give consideration to their application's threat mo ntations that execute scripts <bcp14>MUST</bcp14> give consideration to their ap
dels and those of the individual features they implement; in particular, they MU plication's threat models and those of the individual features they implement; i
ST ensure that untrusted content is not executed in an unprotected environment.< n particular, they <bcp14>MUST</bcp14> ensure that untrusted content is not exec
/t> uted in an unprotected environment.</t>
<t>Module scripts in ECMAScript can request the fetching and processing of
<t>Module scripts in ECMAScript can request the fetching and processing of addit additional scripts; this is called "importing". Implementations that support mo
ional scripts, called importing. Implementations that support modules need to pr dules need to process imported sources in the same way as scripts. See the secti
ocess imported sources in the same way as scripts. See the section "ECMAScript L on "ECMAScript Language: Scripts and Modules" in <xref target="ECMA-262" format=
anguage: Scripts and Modules" in <xref target="ECMA-262"/> for details. Further, "default"/> for details. Further, there may be additional privacy and security c
there may be additional privacy and security concerns depending on the location oncerns, depending on the location(s) the original script and its imported modul
(s) the original script and its imported modules are obtained from. For instance es are obtained from. For instance, a script obtained from "host-a.example" coul
, a script obtained from "host-a.example" could request to import a script from d request to import a script from "host-b.example", which could expose informati
"host-b.example", which could expose information about the executing environment on about the executing environment (e.g., IP address) to "host-b.example".</t>
(e.g., IP address) to "host-b.example".</t> <t>Specifications for host environment facilities and for derived programm
ing languages should include security considerations. If an implementation supp
<t>Specifications for host environment facilities and for derived programming la orts such facilities, the respective security considerations apply. In particul
nguages should include security considerations. If an implementation supports s ar, if scripts can be referenced from or included in specific document formats,
uch facilities, the respective security considerations apply. In particular, if the considerations for the embedding or referencing document format apply.</t>
scripts can be referenced from or included in specific document formats, the co <t>For example, scripts embedded in application/xhtml+xml <xref target="RF
nsiderations for the embedding or referencing document format apply.</t> C3236" format="default"/> documents could be enabled through the host environmen
t to manipulate the document instance, which could cause the retrieval of remote
<t>For example, scripts embedded in application/xhtml+xml <xref target="RFC3236" resources; security considerations regarding retrieval of remote resources of t
/> documents could be enabled through the host environment to manipulate the doc he embedding document would apply in this case.</t>
ument instance, which could cause the retrieval of remote resources; security co <t>This circumstance can further be used to make information that is norma
nsiderations regarding retrieval of remote resources of the embedding document w lly only available to the script also available to a web server by encoding the
ould apply in this case.</t> information in the resource identifier of the resource, which can further enable
eavesdropping attacks. Implementation of such facilities is subject to the sec
<t>This circumstance can further be used to make information, that is normally o urity considerations of the host environment, as discussed above.</t>
nly available to the script, available to a web server by encoding the informati <t>The programming language defined in <xref target="ECMA-262" format="def
on in the resource identifier of the resource, which can further enable eavesdro ault"/> does include facilities to loop, cause computationally complex operation
pping attacks. Implementation of such facilities is subject to the security con s, or consume large amounts of memory; this includes, but is not limited to, fac
siderations of the host environment, as discussed above.</t> ilities that allow dynamically generated source text to be executed (e.g., the e
val() function); uncontrolled execution of such features can cause denial of ser
<t>The programming language defined in <xref target="ECMA-262"/> does include fa vice, which implementations <bcp14>MUST</bcp14> protect against.</t>
cilities to loop, cause computationally complex operations, or consume large amo <t>With the addition of SharedArrayBuffer objects in ECMAScript version 8,
unts of memory; this includes, but is not limited to, facilities that allow dyna it could be possible to implement a high-resolution timer, which could lead to
mically generated source text to be executed (e.g., the eval() function); uncont certain types of timing and side-channel attacks (e.g., <xref target="SPECTRE" f
rolled execution of such features can cause denial of service, which implementat ormat="default"/>). Implementations can take steps to mitigate this concern, su
ions MUST protect against.</t> ch as disabling or removing support for SharedArrayBuffer objects, or can take a
dditional steps to ensure that this shared memory is only accessible between exe
<t>With the addition of SharedArrayBuffer objects in ECMAScript version 8, it co cution contexts that have some form of mutual trust.</t>
uld be possible to implement a high-resolution timer which could lead to certain <t>A host environment can provide facilities to access external input. Scr
types of timing and side-channel attacks (e.g., <xref target="SPECTRE"/>). Imp ipts that pass such input to the eval() function or similar language features ca
lementations can take steps to mitigate this concern, such as disabling or remov n be vulnerable to code injection attacks. Scripts are expected to protect again
ing support for SharedArrayBuffer objects, or take additional steps to ensure ac st such attacks.</t>
cess to this shared memory is only accessible between execution contexts that ha <t>A host environment can provide facilities to output computed results in
ve some form of mutual trust.</t> a user-visible manner. For example, host environments supporting a graphical u
ser interface can provide facilities that enable scripts to present certain mess
<t>A host environment can provide facilities to access external input. Scripts t ages to the user. Implementations <bcp14>MUST</bcp14> take steps to avoid confu
hat pass such input to the eval() function or similar language features can be v sion of the origin of such messages. In general, the security considerations fo
ulnerable to code injection attacks. Scripts are expected to protect against suc r the host environment apply in such a case as discussed above.</t>
h attacks.</t> <t>Implementations are required to support the UTF-8 character encoding sc
heme; the security considerations of <xref target="RFC3629" format="default"/> a
<t>A host environment can provide facilities to output computed results in a use pply. Additional character encoding schemes may be supported; support for such
r-visible manner. For example, host environments supporting a graphical user in schemes is subject to the security considerations of those schemes.</t>
terface can provide facilities that enable scripts to present certain messages t <t>Source text is expected to be in Unicode Normalization Form C. Scripts
o the user. Implementations MUST take steps to avoid confusion of the origin of and implementations <bcp14>MUST</bcp14> consider security implications of unnorm
such messages. In general, the security considerations for the host environmen alized source text and data. For a detailed discussion of such implications, re
t apply in such a case as discussed above.</t> fer to the security considerations in <xref target="RFC3629" format="default"/>.
</t>
<t>Implementations are required to support the UTF-8 character encoding scheme; <t>Scripts can be executed in an environment that is vulnerable to code in
the security considerations of <xref target="RFC3629"/> apply. Additional chara jection attacks. For example, a Common Gateway Interface (CGI) script <xref tar
cter encoding schemes may be supported; support for such schemes is subject to t get="RFC3875" format="default"/> echoing user input could allow the inclusion of
he security considerations of those schemes.</t> untrusted scripts that could be executed in an otherwise trusted environment.
This threat scenario is subject to security considerations that are out of the s
<t>Source text is expected to be in Unicode Normalization Form C. Scripts and im cope of this document.</t>
plementations MUST consider security implications of unnormalized source text an <t>The "data" resource identifier scheme <xref target="RFC2397" format="de
d data. For a detailed discussion of such implications refer to the security co fault"/>, in combination with the types defined in this document, could be used
nsiderations in <xref target="RFC3629"/>.</t> to cause execution of untrusted scripts through the inclusion of untrusted resou
rce identifiers in otherwise trusted content. Security considerations of <xref
<t>Scripts can be executed in an environment that is vulnerable to code injectio target="RFC2397" format="default"/> apply.</t>
n attacks. For example, a CGI script <xref target="RFC3875"/> echoing user inpu <t>Implementations can fail to implement a specific security model or othe
t could allow the inclusion of untrusted scripts that could be executed in an ot r means to prevent possibly dangerous operations. Such failure could possibly b
herwise trusted environment. This threat scenario is subject to security consid e exploited to gain unauthorized access to a system or sensitive information; su
erations that are out of the scope of this document.</t> ch failure constitutes an unknown factor and is thus not defined by this documen
t.</t>
<t>The "data" resource identifier scheme <xref target="RFC2397"/>, in combinatio </section>
n with the types defined in this document, could be used to cause execution of u <section anchor="iana-considerations" numbered="true" toc="default">
ntrusted scripts through the inclusion of untrusted resource identifiers in othe <name>IANA Considerations</name>
rwise trusted content. Security considerations of <xref target="RFC2397"/> appl <t>The media type registrations herein are divided into two major categori
y.</t> es: (1)&nbsp;the sole media type "text/javascript", which is now in common usage
and (2)&nbsp;all of the media types that are obsolete (i.e., "application/ecmas
<t>Implementations can fail to implement a specific security model or other mean cript", "application/javascript", "application/x-ecmascript", "application/x-jav
s to prevent possibly dangerous operations. Such failure could possibly be expl ascript", "text/ecmascript", "text/javascript1.0", "text/javascript1.1", "text/j
oited to gain unauthorized access to a system or sensitive information; such fai avascript1.2", "text/javascript1.3", "text/javascript1.4", "text/javascript1.5",
lure constitutes an unknown factor and is thus not defined by this document.</t> "text/jscript", "text/livescript", and "text/x-ecmascript").</t>
<t>For both categories, the "Published specification" entry for the media
</section> types is updated to reference <xref target="ECMA-262" format="default"/>. In add
<section anchor="iana-considerations"><name>IANA Considerations</name> ition, a new file extension of .mjs has been added to the list of file extension
s with the restriction that contents should be parsed using the Module goal. Fin
<t>The media type registrations herein are divided into two major categories: th ally, the <xref target="HTML" format="default"/> specification uses "text/javasc
e sole media type "text/javascript" which is now in common usage, and all of the ript" as the default media type of ECMAScript when preparing script tags; theref
media types that are obsolete.</t> ore, "text/javascript" intended usage has been moved from OBSOLETE to COMMON.</t
>
<t>For both categories, the media types are updated to reference <xref target="E <t>These changes have been reflected in the IANA "Media Types" registry in
CMA-262"/>. In addition, a new file extension of .mjs is added to the list of fi accordance with <xref target="RFC6838" format="default"/>. All registrations wi
le extensions with the restriction that contents should be parsed using the Modu ll point to this document as the reference. The outdated note stating that the "
le goal. Finally, the <xref target="HTML"/> specification uses "text/javascript" text/javascript" media type has been "OBSOLETED in favor of application/javascri
as the default media type of ECMAScript when preparing script tags; therefore, pt" has been removed. The outdated note stating that the "text/ecmascript" media
"text/javascript" intended usage is to be moved from OBSOLETE to COMMON.</t> type has been "OBSOLETED in favor of application/ecmascript" has been removed.
IANA has added the note "OBSOLETED in favor of text/javascript" to all registrat
<t>These changes are to be reflected in the IANA Media Types registry in accorda ions except "text/javascript"; that is, this note has been added to the "text/ec
nce with <xref target="RFC6838"/>. All registrations will point to this document mascript", "application/javascript", and "application/ecmascript" registrations.
as reference. The outdated note stating that the "text/javascript" media type h </t>
as been "OBSOLETED in favor of application/javascript" is to be removed. The out <t>Four of the legacy media types in this document have a subtype starting
dated note stating that the "text/ecmascript" media type has been "OBSOLETED in with the "x-" prefix:</t>
favor of application/ecmascript" is to be removed. IANA is requested to add the <ul spacing="normal">
note "OBSOLETED in favor of text/javascript" to all registrations except "text/j <li>application/x-ecmascript</li>
avascript".</t> <li>application/x-javascript</li>
<li>text/x-ecmascript</li>
<t>Four of the legacy media types in this document have a subtype starting with <li>text/x-javascript</li>
the "x-" prefix:</t> </ul>
<t>Note that these are grandfathered media types registered as per <xref t
<t><list style="symbols"> arget="RFC6838" sectionFormat="of" section="A"/>. These registrations predate <x
<t>application/x-ecmascript</t> ref target="RFC6648" format="default">BCP 178</xref>, which they violate, and ar
<t>application/x-javascript</t> e only included in this document for backward compatibility.</t>
<t>text/x-ecmascript</t> <section anchor="common-javascript-media-types" numbered="true" toc="defau
<t>text/x-javascript</t> lt">
</list></t> <name>Common JavaScript Media Types</name>
<section anchor="textjavascript" numbered="true" toc="default">
<t>Note that these are grandfathered media types registered as per Appendix A of <name>text/javascript</name>
<xref target="RFC6838"/>. These registrations predate BCP 178 <xref target="RFC <dl newline="false" spacing ="normal">
6648"/>, which they violate, and are only included in this document for backward <dt>
s compatibility.</t>
<section anchor="common-javascript-media-types"><name>Common JavaScript Media Ty
pes</name>
<section anchor="textjavascript"><name>text/javascript</name>
<dl>
<dt>
Type name: </dt> Type name: </dt>
<dd> <dd>
<t>text</t> text
</dd> </dd>
<dt> <dt>
Subtype name: </dt> Subtype name: </dt>
<dd> <dd>
<t>javascript</t> javascript
</dd> </dd>
<dt> <dt>
Required parameters: </dt> Required parameters: </dt>
<dd> <dd>
<t>N/A</t> N/A
</dd> </dd>
<dt> <dt>
Optional parameters: </dt> Optional parameters: </dt>
<dd> <dd>
<t>charset, see section 4.1 of [this document].</t> charset. See <xref target="charset-parameter"/> of RFC 9239.
</dd> </dd>
<dt> <dt>
Encoding considerations: </dt> Encoding considerations: </dt>
<dd> <dd>
<t>Binary</t> Binary
</dd> </dd>
<dt> <dt>
Security considerations: </dt> Security considerations: </dt>
<dd> <dd>
<t>See section 5 of [this document].</t> See <xref target="security-considerations"/> of RFC 9239.
</dd> </dd>
<dt> <dt>
Interoperability considerations: </dt> Interoperability considerations: </dt>
<dd> <dd>
<t>It is expected that implementations will behave as if this registration a It is expected that implementations will behave as if this registr
pplies to later editions of <xref target="ECMA-262"/>, and its published specifi ation applies to later editions of <xref target="ECMA-262" format="default"/>, a
cation references may be updated accordingly from time to time. Although this ex nd its published specification references may be updated accordingly from time t
pectation is unusual among media type registrations, it matches widespread indus o time. Although this expectation is unusual among media type registrations, it
try conventions. See section 2 of [this document].</t> matches widespread industry conventions. See <xref target="compatibility"/> of R
</dd> FC 9239.
<dt> </dd>
<dt>
Published specification: </dt> Published specification: </dt>
<dd> <dd>
<t><xref target="ECMA-262"/></t> <xref target="ECMA-262" format="default"/>
</dd> </dd>
<dt> <dt>
Applications which use this media type: </dt> Applications that use this media type: </dt>
<dd> <dd>
<t>Script interpreters as discussed in [this document].</t> Script interpreters as discussed in RFC 9239.
</dd> </dd>
</dl> </dl>
<dl newline="true" spacing="normal">
<t>Additional information:</t> <dt>Additional information:</dt>
<dd>
<dl> <dl newline="false" spacing="compact">
<dt> <dt>
Deprecated alias names for this type: </dt> Deprecated alias names for this type: </dt>
<dd> <dd>
<t>application/javascript, application/x-javascript, text/javascript1.0, tex application/javascript, application/x-javascript, text/javascript1
t/javascript1.1, text/javascript1.2, text/javascript1.3, text/javascript1.4, tex .0, text/javascript1.1, text/javascript1.2, text/javascript1.3, text/javascript1
t/javascript1.5, text/jscript, text/livescript</t> .4, text/javascript1.5, text/jscript, text/livescript
</dd> </dd>
<dt/> <dt>
<dd>
<dl>
<dt>
Magic number(s): </dt> Magic number(s): </dt>
<dd> <dd>
<t>n/a</t> N/A
</dd> </dd>
<dt> <dt>
File extension(s): </dt> File extension(s): </dt>
<dd> <dd>
<t>.js, .mjs</t> .js, .mjs
</dd> </dd>
<dt> <dt>
Macintosh File Type Code(s): </dt> Macintosh File Type Code(s): </dt>
<dd> <dd>
<t>TEXT</t> TEXT
</dd> </dd>
</dl> </dl>
</dd> </dd>
<dt> </dl>
<dl newline="false" spacing="normal">
<dt>
Person &amp; email address to contact for further information: </dt> Person &amp; email address to contact for further information: </dt>
<dd> <dd>
<t>See Author's Address section of [this document] and <xref target="RFC4329 See the Authors' Addresses sections of RFC 9239 and <xref target="
"/>.</t> RFC4329" format="default"/>.
</dd> </dd>
<dt> <dt>
Intended usage: </dt> Intended usage: </dt>
<dd> <dd>
<t>COMMON</t> COMMON
</dd> </dd>
<dt> <dt>
Restrictions on usage: </dt> Restrictions on usage: </dt>
<dd> <dd>
<t>The .mjs file extension signals that the file represents a JavaScript mod The .mjs file extension signals that the file represents a JavaScr
ule. Execution environments that rely on file extensions to determine how to pro ipt module. Execution environments that rely on file extensions to determine how
cess inputs parse .mjs files using the Module grammar of <xref target="ECMA-262" to process inputs parse .mjs files using the Module grammar of <xref target="EC
/>.</t> MA-262" format="default"/>.
</dd> </dd>
<dt> <dt>
Author: </dt> Author: </dt>
<dd> <dd>
<t>See Author's Address section of [this document] and <xref target="RFC4329 See the Authors' Addresses sections of RFC 9239 and <xref target="
"/>.</t> RFC4329" format="default"/>.
</dd> </dd>
<dt> <dt>
Change controller: </dt> Change controller: </dt>
<dd> <dd>
<t>IESG &lt;iesg@ietf.org&gt;</t> IESG &lt;iesg@ietf.org&gt;
</dd> </dd>
</dl> </dl>
</section>
</section> </section>
</section> <section anchor="historic-javascript-media-types" numbered="true" toc="def
<section anchor="historic-javascript-media-types"><name>Historic JavaScript Medi ault">
a Types</name> <name>Historic JavaScript Media Types</name>
<t>The following media types and legacy aliases are added or updated for
<t>The following media types and legacy aliases are added or updated for histori historical purposes. All herein have an intended usage of OBSOLETE and are not
cal purposes. All herein have an intended usage of OBSOLETE, and are not expecte expected to be in use with modern implementations.</t>
d to be in use with modern implementations.</t> <section anchor="textecmascript" numbered="true" toc="default">
<name>text/ecmascript</name>
<section anchor="textecmascript"><name>text/ecmascript</name> <dl>
<dt>
<dl>
<dt>
Type name: </dt> Type name: </dt>
<dd> <dd>
<t>application</t> text
</dd> </dd>
<dt> <dt>
Subtype name: </dt> Subtype name: </dt>
<dd> <dd>
<t>ecmascript</t> ecmascript
</dd> </dd>
<dt> <dt>
Required parameters: </dt> Required parameters: </dt>
<dd> <dd>
<t>N/A</t> N/A
</dd> </dd>
<dt> <dt>
Optional parameters: </dt> Optional parameters: </dt>
<dd> <dd>
<t>charset, see section 4.1 of [this document].</t> charset. See <xref target="charset-parameter"/> of RFC 9239.
</dd> </dd>
<dt> <dt>
Encoding considerations: </dt> Encoding considerations: </dt>
<dd> <dd>
<t>Binary</t> Binary
</dd> </dd>
<dt> <dt>
Security considerations: </dt> Security considerations: </dt>
<dd> <dd>
<t>See section 5 of [this document].</t> See <xref target="security-considerations"/> of RFC 9239.
</dd> </dd>
<dt> <dt>
Interoperability considerations: </dt> Interoperability considerations: </dt>
<dd> <dd>
<t>It is expected that implementations will behave as if this registration a It is expected that implementations will behave as if this registr
pplies to later editions of <xref target="ECMA-262"/>, and its published specifi ation applies to later editions of <xref target="ECMA-262" format="default"/>, a
cation references may be updated accordingly from time to time. Although this ex nd its published specification references may be updated accordingly from time t
pectation is unusual among media type registrations, it matches widespread indus o time. Although this expectation is unusual among media type registrations, it
try conventions. See section 2 of [this document].</t> matches widespread industry conventions. See <xref target="compatibility"/> of R
</dd> FC 9239.
<dt> </dd>
<dt>
Published specification: </dt> Published specification: </dt>
<dd> <dd>
<t><xref target="ECMA-262"/></t> <xref target="ECMA-262" format="default"/>
</dd> </dd>
<dt> <dt>
Applications which use this media type: </dt> Applications that use this media type: </dt>
<dd> <dd>
<t>Script interpreters as discussed in [this document].</t> Script interpreters as discussed in RFC 9239.
</dd> </dd>
</dl> </dl>
<dl newline="true" spacing="normal">
<t>Additional information:</t> <dt>Additional information:</dt>
<dd>
<dl> <dl newline="false" spacing="compact">
<dt> <dt>
Deprecated alias names for this type: </dt> Deprecated alias names for this type: </dt>
<dd> <dd>
<t>application/ecmascript, application/x-ecmascript, text/x-ecmascript</t> application/ecmascript, application/x-ecmascript, text/x-ecmascrip
</dd> t
<dt> </dd>
<dt>
Magic number(s): </dt> Magic number(s): </dt>
<dd> <dd>
<t>n/a</t> N/A
</dd> </dd>
<dt> <dt>
File extension(s): </dt> File extension(s): </dt>
<dd> <dd>
<t>.es, .mjs</t> .es, .mjs
</dd> </dd>
<dt> <dt>
Macintosh File Type Code(s): </dt> Macintosh File Type Code(s): </dt>
<dd> <dd>
<t>TEXT</t> TEXT
</dd> </dd>
<dt> </dl>
</dd>
</dl>
<dl newline="false" spacing="normal">
<dt>
Person &amp; email address to contact for further information: </dt> Person &amp; email address to contact for further information: </dt>
<dd> <dd>
<t>See Author's Address section of [this document] and <xref target="RFC4329 See the Authors' Addresses sections of RFC 9239 and <xref target="
"/>.</t> RFC4329" format="default"/>.
</dd> </dd>
<dt> <dt>
Intended usage: </dt> Intended usage: </dt>
<dd> <dd>
<t>OBSOLETE</t> OBSOLETE
</dd> </dd>
<dt> <dt>
Restrictions on usage: </dt> Restrictions on usage: </dt>
<dd> <dd>
<t>This media type is obsolete; current implementations should use text/java This media type is obsolete; current implementations should use te
script as the only JavaScript/ECMAScript media type. The .mjs file extension sig xt/javascript as the only JavaScript/ECMAScript media type. The .mjs file extens
nals that the file represents a JavaScript module. Execution environments that r ion signals that the file represents a JavaScript module. Execution environments
ely on file extensions to determine how to process inputs parse .mjs files using that rely on file extensions to determine how to process inputs parse .mjs file
the Module grammar of <xref target="ECMA-262"/>.</t> s using the Module grammar of <xref target="ECMA-262" format="default"/>.
</dd> </dd>
<dt> <dt>
Author: </dt> Author: </dt>
<dd> <dd>
<t>See Author's Address section of [this document] and <xref target="RFC4329 See the Authors' Addresses sections of RFC 9239 and <xref target="
"/>.</t> RFC4329" format="default"/>.
</dd> </dd>
<dt> <dt>
Change controller: </dt> Change controller: </dt>
<dd> <dd>
<t>IESG &lt;iesg@ietf.org&gt;</t> IESG &lt;iesg@ietf.org&gt;
</dd> </dd>
</dl> </dl>
</section>
</section> </section>
</section> </section>
</section>
</middle> </middle>
<back> <back>
<references>
<name>References</name>
<references>
<name>Normative References</name>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.2045.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.2119.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.2397.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.2978.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.3552.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.3629.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.4288.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.4329.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6365.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6648.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6838.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8174.xml"/>
<references title='Normative References'> <reference anchor="CHARSETS" target="https://www.iana.org/assignments/ch
aracter-sets">
&RFC2045; <front>
&RFC2119; <title>Character Sets</title>
&RFC2397; <author>
&RFC2978; <organization>IANA</organization>
&RFC3552; </author>
&RFC3629; </front>
&RFC4288; </reference>
&RFC4329; <reference anchor="ECMA-262" target="https://262.ecma-international.org/
&RFC6365; 12.0/">
&RFC6648; <front>
&RFC6838; <title>ECMA-262 12th Edition, June 2021. ECMAScript 2021 language s
&RFC8174; pecification</title>
<reference anchor="CHARSETS" target="https://www.iana.org/assignments/character- <author>
sets"> <organization>Ecma International</organization>
<front> </author>
<title>Assigned character sets</title> <date year="2021" month="June"/>
<author > </front>
<organization>IANA</organization> </reference>
</author> </references>
<date year="n.d."/> <references>
</front> <name>Informative References</name>
</reference> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
<reference anchor="ECMA-262" target="https://262.ecma-international.org/12.0/"> FC.3236.xml"/>
<front> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
<title>ECMAScript 2021 language specification, ECMA-262 12th Edition, June 2 FC.3875.xml"/>
021</title> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
<author > FC.3986.xml"/>
<organization>Ecma International</organization> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
</author> FC.3987.xml"/>
<date year="2021" month="June"/>
</front>
</reference>
</references>
<references title='Informative References'> <reference anchor="HTML" target="https://html.spec.whatwg.org/multipage/
scripting.html#prepare-a-script">
<front>
<title>HTML Living Standard</title>
<author>
<organization>WHATWG</organization>
</author>
<date year="2022" month="May"/>
</front>
</reference>
&RFC3236; <reference anchor="SPECTRE" target="https://arxiv.org/abs/1801.01203">
&RFC3875; <front>
&RFC3986; <title>Spectre Attacks: Exploiting Speculative Execution</title>
&RFC3987; <author initials="P." surname="Kocher" fullname="Paul Kocher">
<reference anchor="HTML" target="https://html.spec.whatwg.org/multipage/scriptin <organization/>
g.html#prepare-a-script"> </author>
<front> <author initials="D." surname="Genkin" fullname="Daniel Genkin">
<title>HTML Living Standard</title> <organization/>
<author > </author>
<organization>WHATWG</organization> <author initials="D." surname="Gruss" fullname="Daniel Gruss">
</author> <organization/>
<date year="2017" month="August"/> </author>
</front> <author initials="W." surname="Haas" fullname="Werner Haas">
</reference> <organization/>
<reference anchor="SPECTRE" target="https://arxiv.org/abs/1801.01203"> </author>
<front> <author initials="M." surname="Hamburg" fullname="Mike Hamburg">
<title>Spectre Attacks: Exploiting Speculative Execution</title> <organization/>
<author initials="P." surname="Kocher" fullname="Paul Kocher"> </author>
<organization></organization> <author initials="M." surname="Lipp" fullname="Moritz Lipp">
</author> <organization/>
<author initials="A." surname="Fogh" fullname="Anders Fogh"> </author>
<organization></organization> <author initials="S." surname="Mangard" fullname="Stefan Mangard">
</author> <organization/>
<author initials="D." surname="Gerkin" fullname="Daniel Gerkin"> </author>
<organization></organization> <author initials="T." surname="Prescher" fullname="Thomas Prescher">
</author> <organization/>
<author initials="D." surname="Gruss" fullname="Daniel Gruss"> </author>
<organization></organization> <author initials="M." surname="Schwarz" fullname="Michael Schwarz">
</author> <organization/>
<author initials="W." surname="Haas" fullname="Werner Haas"> </author>
<organization></organization> <author initials="Y." surname="Yarom" fullname="Yuval Yarom">
</author> <organization/>
<author initials="M." surname="Hamburg" fullname="Mike Hamburg"> </author>
<organization></organization> <date year="2018" month="January"/>
</author> </front>
<author initials="M." surname="Lipp" fullname="Moritz Lipp"> <seriesInfo name="DOI" value="10.48550/arXiv.1801.01203"/>
<organization></organization> </reference>
</author>
<author initials="S." surname="Mangard" fullname="Stefan Mangard">
<organization></organization>
</author>
<author initials="T." surname="Prescher" fullname="Thomas Prescher">
<organization></organization>
</author>
<author initials="M." surname="Schwarz" fullname="Michael Schwarz">
<organization></organization>
</author>
<author initials="Y." surname="Yarom" fullname="Yuval Yarom">
<organization></organization>
</author>
<date year="2018" month="January"/>
</front>
</reference>
<reference anchor="TC39-MIME-ISSUE" target="https://web.archive.org/web/20170814
193912/https://github.com/tc39/ecma262/issues/322">
<front>
<title>Add `application/javascript+module` mime to remove ambiguity</title>
<author >
<organization>TC39</organization>
</author>
<date year="2017" month="August"/>
</front>
</reference>
<reference anchor="TC39-MIME-ISSUE" target="https://web.archive.org/web/
20170814193912/https://github.com/tc39/ecma262/issues/322">
<front>
<title>Add 'application/javascript+module' mime to remove ambiguity<
/title>
<author>
<organization>TC39</organization>
</author>
<date year="2017" month="August"/>
</front>
<refcontent>Wayback Machine archive</refcontent>
</reference>
</references>
</references> </references>
<section anchor="changes-from-rfc-4329" numbered="true" toc="default">
<section anchor="acknowledgements"><name>Acknowledgements</name> <name>Changes from RFC 4329</name>
<ul spacing="normal">
<t>This work builds upon its antecedent document, authored by Bjoern Hoehrmann. <li>Added a section discussing ECMAScript modules and the impact on proc
The authors would like to thank essing.</li>
Adam Roach, <li>Updated the Security Considerations section to discuss concerns asso
Alexey Melnikov, ciated with ECMAScript modules and SharedArrayBuffers.</li>
Allen Wirfs-Brock, <li>Updated the character encoding scheme detection to remove normative
Anne van Kesteren, guidance on its use, to better reflect operational reality.</li>
Ben Campbell, <li>Changed the intended usage of the media type "text/javascript" from
Benjamin Kaduk, OBSOLETE to COMMON.</li>
Éric Vyncke, <li>Changed the intended usage for all other script media types to obsol
Francesca Palombini, ete.</li>
James Snell, <li>Updated various references where the original has been obsoleted.</l
Kirsty Paine, i>
Mark Nottingham, <li>Updated references to ECMA-262 to match the version at the time of p
Murray Kucherawy, ublication.</li>
Ned Freed, </ul>
Robert Sparks, and </section>
Suresh Krishnan <section anchor="acknowledgements" numbered="false" toc="default">
<name>Acknowledgements</name>
<t>This work builds upon its antecedent document, authored by <contact ful
lname="Björn Höhrmann"/>. The authors would like to thank
<contact fullname="Adam Roach"/>,
<contact fullname="Alexey Melnikov"/>,
<contact fullname="Allen Wirfs-Brock"/>,
<contact fullname="Anne van Kesteren"/>,
<contact fullname="Ben Campbell"/>,
<contact fullname="Benjamin Kaduk"/>,
<contact fullname="Éric Vyncke"/>,
<contact fullname="Francesca Palombini"/>,
<contact fullname="James Snell"/>,
<contact fullname="Kirsty Paine"/>,
<contact fullname="Mark Nottingham"/>,
<contact fullname="Murray Kucherawy"/>,
<contact fullname="Ned Freed"/>,
<contact fullname="Robert Sparks"/>, and
<contact fullname="Suresh Krishnan"/>
for their guidance and feedback throughout this process.</t> for their guidance and feedback throughout this process.</t>
</section>
</section>
<section anchor="changes-from-rfc-4329"><name>Changes from RFC 4329</name>
<t><list style="symbols">
<t>Added a section discussing ECMAScript modules and the impact on processing.
</t>
<t>Updated the Security Considerations to discuss concerns associated with ECM
AScript modules and SharedArrayBuffers.</t>
<t>Updated the character encoding scheme detection to remove normative guidanc
e on its use, to better reflect operational reality.</t>
<t>Changed the intended usage of the media type text/javascript from obsolete
to common.</t>
<t>Changed the intended usage for all other script media types to obsolete.</t
>
<t>Updated various references where the original has been obsoleted.</t>
<t>Updated references to ECMA-262 to match the version at time of publication.
</t>
</list></t>
</section>
</back> </back>
<!-- ##markdown-source:
H4sIAA4ZH2IAA+1c624bOZb+r6cgHGA7npbk2E4cx1ksWnbsjqfjJBs729uY
HuxQVZTEuC6aYpVldSYPsM+1L7bnQrLIUsnp7h1ggcE0BhO5isXLuX7n8JCj
0WhQ6zpTJ+L87GpynVR6WYsrlWopbtZLZcTHZSprZQZyOq3U3ckgLZNC5tA+
reSsHmlVz0apNktZJ4vRJ3knDfUxyj+Z0f7zQQIfz8tqfSJ0MSsHA72sTkRd
NaY+ePLkxZODgayUPBGTDzeDVVndzquyWZ6IV5fX7yc3Z68Ht2oNj9MTcVnU
qipUPXqFww7KqSkzBfM6EU8PD14MBqaWRfpfMisLmFpRDpb6RPypLpOhgP/T
RaqKeihMWdWVmhn4tc7tj7rSCbxKynwp7Y8cGsMrXWS6UH8eDGRTL8rqZCBG
AwH/6QJGvRqLK51lqqJHTJErWdcLtRKT6F1ZzWWhf5G1LosTeqJyqbMTAb03
96sym32LRPyubGCFo2UmC2XGsNLucKdlBT/D4dYZ8Cd4HI0kvtf162YaDpjj
B1Nq/91c14tmOobVboyzLlQ8jqwXWprwRWekspxnKhqpXsAQ9HhjiNOxuJAV
dBgMcVrJNFPr8MVWsk257ThXye13c3xGQwyKssqh9Z3C1h8uzg6ePH3mfu7v
v3A/D188dz9fPD+2Pw+fPTtwP48OXNunB8euAQqZ/Xl0eOT6PTp66hocHR/2
/Dzef/70ZAC/z15PPlyf31zzSrxACbtSkO/J2wn9bbVxZ2KMnhcqFclCViCZ
qhJG1WaHG8lqruoTsajrpTnZ21utVmMtCzmGvvYkfUlCvOc/HuHH8C1q+ejg
6GDrRM6TXFptI9rLLJpWYCUOnhzsCxDXeSPnSpilSvRMJ/TR0I8j9g/qhThP
NT/+Y1Mo+pDXgablpH3YuzboZKxgUiMdTopWun8wfrIHNgUsi+e95eLB4ZFj
6PFzx6/DF8dH7U+Sg9c3V2+20uLH15ObH78P14/NxRt9p4u5uEaTI6s0WMmk
mYNlg7WA5etby6LOszFSarxayHo1p1XkTVbrJdBwj00n9D3Gho+WlVqCeRzJ
Eb/AtV2/Pz+7+XDeN+WR/dcp1XvZZOKHMllYQ7TZYgJ2sTLiopwvtrR4BTqo
MvG9qm518ZU2YNTNliY/ou2uxGspt7W40rcK3ufTpppvawKWq/4FqL9cbmlx
XauZLMBgFXPHl81GN4syB2v2vlLmAdJcaVAdWNV1sljJ6pctrX5q7mQmfpIV
GqBATHaugcfgasSkrmVyC1bv/H6ZlbomuYF3TUbiCo/hN0p0pA+yaGS1RjE6
7hUjWd3rO9b1qdnbP36yP36yf/DkEOdwA6I9urq8Oh9dXl9/7BUUkm1sFxuc
NBV/kctlZnV4r3Xm3+Zl2mTqLyLXuQKHKiqVlzB7YJeeN7peh7P/mg6s1HQs
q2QBy6clwN972PjJ8f7T/ReHL/YP9lzT1knt1cnhiz00A2AO9rQxjTJ7hwcH
g8FgNBoJIEONdm4wuFloIwCjNGj/RKpwAVNwk+CYYdZzje1wdaKciZxgTk0w
BywItQnsG2g3sOJO2j+XVTmvZJ4jC53VM9QoKdkAFQmO8ddGA3nQ+lKnOl9m
9CcNa3BcGMcoHncs4gl7XOOczhBkyVmFEJftDGEoAAsJPseJg7G402VjolXy
FHZqdV8H7NyhWe/083pHrIDqwttUIBW2jtYlM3ZN1BIBEzRqDHoBbBqvWKj7
paq0AuKYMXMr1yl48MHgEfqZCkQrwYaWdzmIVsC3Ph4FTMHxApb18mgMBl/N
wPyA4OLnRiVMm51weEuUd3equtNqtQMUEJ8/Ozf25QuNPgVlRoiKqwwIBP9j
noZjxoxtGEbTBHh1S54EE7fLMu4uXDxp3SyDuQNFoTUukWnOo3uEPKQugRJ3
GgaCgUd1OcLBceENmNA1CqyBl3bAcVdrWLDsZMM5xPMkAlkx/fKFhw2X+VVV
aAwLb9lZaqpmGsUrHgCIb+AhrBZWUeE8PR2WqPsaBUxMgKK0PhgcZQ7w/xYF
C7oGCjx6JG5UBYJTZuV8jRRRAoIPgdEHSMrVx+sbUDn6V7x9R78/nP/7x8sP
56/w9/XryZs3/odrcf363cc3r9pf7Zdn766uzt++4o/hqeg8upr8tDO0Evn+
5vLd28kbksh4MQAOUC6mShA2AhNQA4Wk8fpDNDw9ey/2nwpeMEJhoCX/gfAU
/lgtVMGDlUW2tn8CB9cCTISSFXYis0wkcqlrmUFoBEOYRbkqBDhQhdQTZxg/
1XqqMxCwTTOMDDUCBQIcJj4C+QR+kQBsyAkKjxX62HAN+QG6AfcAZ91vyEgF
QbBKcEYrkHZYmWmWSwgBgSytuOHiGhBAvTHaS1p0CbMBjISkdmoD38PyaoAj
CXh/opuVKrSMIKVs5ePexixTGxK+yVG7nGlGzOWvjViB5taq6JqlsXgLEadi
fE3jRkYL+zPN9BOYDRgOuwOLBzQvp2DCW4+Edg1gTsphsGPjEDW2RKWbrtly
WsRrwzLHROxhM2z4xoBGJYuCiATikeP8lTh8IR4j9ti1ugowDPDvMDTqSZmq
VtsB0IEMZhoMuF0m8mquAFACf9Z+ykAu8kcy7EoVcyC0kCkwkYxNCe8Be7Wd
jUlKZkjE+0RZo0yeQjPXHW+cQQqoq4vQoRCE0q1VP1uANwBm3wDU954O7XRI
ZA0NaNrvKw2ibwMlszMOV5GqO5WVS5RD9rawbJTZmZJ1g1ME0eMpwMQhRsdn
ANmAF2EvtjWvyvWRkroLaKUzEjm7Jm9jizsNEoMEGIs3IeH6ha0oYbqgzUkN
/cs0hfFMj6CD4mZg+Js5II0a+YkogWUUqdX1FCsNmjhVC4mgEzzPzCsJCapY
gVJCF6AfKYs5LCHvYqu0hLXj/Oy0WLX5M+PYHi0IGNKjfvxZ6+q71i6XazTJ
7Ap5NhKCG/4MbEiNjcBggygmCWAJtFQ2y8bosNuZ9rJTgJiWS9YvAbEhBCHA
EfNyg2A5QnBnr4ihmvJbOIBpkgVqFU9wY/qeTGykBNh5MavknF5qTKRBmI+i
CKQAMpZNBRMLnz8m34KxNqIC98fzL192ybq7gQyQcKoyByNLGIqx8TYssGkp
cfjsTqVAwIlbTz8J7VoCrwPN+lYF5HhbQi8khtQPKpqdGAHpndB5QIynSDpn
DdqiVsQQIVskDSsFVwF2CHimmfugytYdP3n6DI34DeElaUCF2QPCwPC/1s2M
IyjEQIw80RTkij0m+puf/7DhEeERkXIIhMAofh61LtEvO/dlNWaFCAL5QdYE
RLRCmLlU5ZJcEjmKeATsu4aQznYOMWFK0ZBHcAfHxygMNlBJFXKhrFjhbMoM
yXCt8auaAAjIHZi9ij/SRQoSDTGx9eQyBTVA5fKLXq/kmulIvNYeo9YdbMsY
OrRx4NZYbjqRi0yq0phuyKGS0qyB+DlmiMHyTMW0KleGQAJCATYqrdk0VuGM
eAsmefyJwqdbRV8DuOS4BExJJQv0j84Vm9gXsyx5xBuQ32DXuR0C3LVBVzgW
Fw25hhiyA2hrspQkFIMc6+TYDQPSq8kDAIMShRpBwO6KQn8zGFwG06XQJ9O/
KAepSGopSwBw0UZhZhhb08dA54pmT2s5avOCux4h1iuwluVylKHHE/MSVMas
82mZgVmBEaqyrI2L41zQDy2AY/eki7t9gTyFhLI6sWshNl2HGNG1w+GAEGBW
iG/YjddcGAsCRSTpCkEvCxACFUUpHGWc55xn5RTbJ+Cwh9BYZ9zYDt43CKdX
BIuVmDY6sw4iWMRW4sEarpWKgUjw3Rvrp07sKllKLVd3Nnw4WWhVAxrwjs1g
FpI1IlcS3STaxsd2ucAFjLOwI2nhD9k5Hx3vYjOEtUg0YK8T0TZmCeJe0GMx
13fgaMOls49BXYc5/XakOYzAqwGTmaJTpcz6nGbeDgZ2h+KnmoJBh0dCj0To
qanRs1q/oCvmNv6Jm1hA0U4WjkLMSwI6qHueBKhK7DjcgIRtwhXH0xOUIQFL
YeM+4AzCKxdJeykDUsbCT3JnLKpulhhFWySCits6NNpBIzsKlrKsFMV6S5xb
XbeBQEiPTWjn09ixGSRH2tSjcjaayk4GJbSFLS0wSW6NABsuhFUG/f11matt
4xBKTDCrQHiYXAXNeoaq6OEeEnacfzKtw102FYY7ZPbOwe+l0PVg4HNH7KkO
j55ZNZEAdE3SGNdZ3eYPGFk7yli1REUN+PpYdjIdrRYOW022X9wg8NiFCLxA
GkzBIoEvDPVCiNONhygskn41QEIARxI8/Sf2frIOjVD4EXr81MuUDPaflKWJ
wMR5rhB19fZOw64WZWZ7BH9Ql0mZgdgYzlhVcYNWdOgNCDWJvcaAn8IBg8ad
0LQ1RogBkAeWZQSckbMVm+qycslIMC+VVncIoBAjxh7+GyPsplJgkn16uENJ
VNwgA9DDA1DxDgwvFAcArUg/QM+OEnAUvMlUDOIjxt/8asicZYDlQYR8CIFz
MapuQwmCfPeILTQGcLypxzq/fd4k7BYrptYTxWQJFmbDU6I7hrQuhCPY2qJm
xHkGOCI38sk+2Tf004qXAEv2CwRRWVAAJAuXZ0qHmB5b6lrZLCXv+KfeEFG+
7DAEpmwiLNTkvP1g8Bpo2Q27Wj4/TDGrxzYzg2QJ82HomVnwra9x8Yf3MhFf
QQQuSoxjJc4GqAJI0hAoc4pnaEC7ftuz37B9SCCNdTPSGBgqRedEoGi7/FhF
sZ0jsRmPrTensJV7zngmqgIgAv9iSg2tJ4LceCPCZRysyJN7CkmzqZI0tEOt
PepFGd4H3sfmEdfw8eZidGzj3CMKzx4ymSEM5H4Njwlkdn2DZ6BOgwyk78km
Q2ZY9+AdStSbzTX39meTENvmB1OZ/MSSaTOlQ4CjLIfo7DgUxHj7x4Wirj5+
e3F+cYFcsxLMw0lxugYFe0dafwVxp3h8+u5qV2BlAuesQCyYc0vQPeM2MRaY
rQ28OSd4tfkalx89wnQbidJ7J0qccN2UML81Ih2eLX+locNMaZ/rvZwJ6zzY
JoG7aXzSYHMCjt0yjONds8+fXa2I21PRJvQ70LcmRdQ1B91un0bnauTH8tta
G5spWPUSIoyD8eF4G6XQksZ5wsBMyShsYoK83C7eMoMA3RBmDQWF5LJlINPd
gS/cfUe6v3L5TQeiWwDdly0ES4PiEriYCGGD6YO+s4cYbbDLNQoaBuHZ2sdd
qI+RBbJMDnL2USEMbQRivGyInl2nB0yh5ABZOJadWYlemgiczbHiYZHjii0b
Udg6q8WhrUK0XzRFrbNfs1IdBjvAh/0xSjNOpMf2aZfcQr+8jqKkkrE5C0Yo
BCjBFLsal57/CIEaBc5uKhgGtJbBRmveUPhRWM7dVxb4tOQqYX1g2e2+H25S
sYu5UxXmYyGKL2zer391w+4eD02Xw7ukrEC/IWqi+W43nycDXyDy7Wjjv+DR
t77d38QbICb1YacOj7wC/K1t92B/QTtxfiFOT8XphWgfsYvCn0E7MNsX5yL4
j9vtH705j9udY9Oedqdhu6+tlxp2ZddBGdCOJZsJDBJ587vDzxhGP2inh0Jh
BsGClUBKW5knjOJ8HFvwdiIdiXtgHAJD0TzbOMLDg4fF3XsDeFBWzs4S/Hc9
9IYaB2NxnhlMI85sULFhuz0IYzcCGsiOSRvrRUg3/Z6oje1jaxo6tF9LF5jd
oZvdww6Vso8MLdmCOHdwOfv6lxvmh6W8XlS0r4SpJPbvZRsDEH/3RRB6yylV
MhXpNqMXGq8efjtt6xUGzOL/NrY+6AfPq6rEKroizSg10RPyu3iZ0kzka8A5
OBzocqMB5XoojEAdg2p0H65ipNLmllJBNuXBgMJhiGdkjBFXS42IUSUy2DW5
k5WTQfKm6r6THnd5yconU7H3IW/d204ULX1hl+6dLH+VqVntssIWXZSV2fAQ
2HRalRBS4gaFyqwkyzr4yDZnEex3gbHcUbZpqoC5G4kTF75sFWIfBnVCXIyB
ClcAYOc27IM58Raf341rilarH+uxGkPIW1oI7UP0nsW5mad6NlO0NbJ17rvj
XvGzge3fj0QYfWCmEltteAQXItN+Blu0BFx1anf6OdRzgVfX9+BUIQA3ta4b
ygWgyOuC+2kH8Xpvq6LymCwQ/1xcvBKPt+qaJRfFwaYulxGEzupyTnEU5Ryv
nbadRfVZ3RQkFqv//hTkOacJTPcV6WfbG/lmwqsy8b66G51Z6lgFHtp9DMNh
ywP76m3dUkMVyHVZUjBQlMVI3S/AeFBxLG2noXdbgp8E0kLc2/BeFrxk72lD
l766v23JVWcdaSs29c4DTVNT2x0FTH2pbDYyzQyMjKbAjlNJw956Bd4MCjoI
qdQGnDOZuJoPVmzaJuOsWBQ7iFlTJNwTyINLfQSfo95bwW2K2wJLseBtXdpN
SCLwovlq2PxKVUDLdFtta6WC1D/MUhdJ1qQq3OiJJhp5n6gGLWTAS4554i/b
BRmqTYgW5cLgry8J1Lyg/LHGEmvg1gNS6DrpKSvtlae2vCVwgV2KfizQWlXg
RFRqvZlLJ1s3Z00kVhsptFQYm2KhEKAWcFm96SrrFX0XBBlxmyyu5LQuEOKV
YHv4G+wDk+dUEZQZC3XK1j9riGpAPjGL70uEKGPnHc5LXGlIVXpNs7DpXJom
BJ14sEulbZULsyvw6sxcTEyy+oT1RYOBDRzdOnW0DegSiMrY7RxlSw5svWtQ
2REIqDdOiSSeYEkbbaRuobVL/Vlb5lP4rtaNv8dgwmY3XBEY4G6xkmuqjeQx
x/+Xjdm+8mO3MSsumoqNEW+t2oqjYNVL0GuZcFY9LPsFh0tpaky6Ea148lnJ
wvLY7HZ2vdsya4wf/OIddShBPUXvjIpUlfmYctG6wN1WrL6VrouoldhBVzKS
Y5u03oG54f6eZ29ph2q/Dz6b+s9ofx3zJ/Q12GT24UHp+hTT5wQgWRfjzULx
WI3ngI4u37uisF0cuzsMSOZ1lNUhbnS9YWifkWDMsYcMrN3VdGZ1W302haey
u3nlJNXWl7SDDx0YRA+FRmJLv5w52jSZesNWVYrgYOK4RxymOXMY4LyW32li
BrgdmnhUZ25VDr6BhbDyI+CfnV7sNAeDaJPDzZB7saYlqEm6xxNU397nmcVM
B4dHaPJ97Vni9pPZ86Y+bOzLQqNM5LLQSzy2wxrtJ9mKeiiKHAAxH+wGJNol
PDdTt0DdvNzKm0rhESYuj36gAx8eeWL6ia1oIpwddI4K84yurCPRFbTkyROj
Z2xU3CY7L/o20qdh4OGxAgi6pgRxWz7qzli48uzwhaRqKaOqOxxl3WJ99kJR
NUAUz7T1eW697pWnejB/i6UURB0mBVi+JB/BB7E24gBfEBkoL4LidmfO2u9e
LtnZ9OxahJEypRh+D1KlckJnHWLwmJXlcmjFrAtdXZRNmWaaKEUfOHcQDRgW
q15kjqWnhs9B5WW1fskiYoczvPFjHXimAQSSSAyjeVAARrvK6bqQORbgwPhc
m936SL9vPQ0CfGt5SXhBuB/vekC4+xIQwlYURbxyMIVCYKIBSIhmFUH50q1k
dKNmQi0Wfwg5l6i/wJsfXZjnnCh2dQ1hnkonVSXXpw2GxLbCoYtMQJ4pAjum
6MCblrDMx08DtGCh54sR1a7ysmqdQ9eh+chw3xu+cvExb+yjtOncIR6UQ9zw
KQqVOfF2VP382Z4T/fJld0voSzXJmA4jcQL24nkAZc0EA4Whr1wEWQad8rY6
L+kAbFj7t5VUvAGMg4WgzI1r4SOE7YitXNm9oc6sXPpdKG5EBJ2qekX5BC8a
hDjvayuTlHEwWCNEyVaU8YbKVAigArsnmzae0l4cqXV0zc7O15foAtRt7GEb
Z5CksY6Y3jrD0RFtSgIAC7FK0mt/JM0gNndNVtCmFQkO5Wt08clF6c6OXUdZ
s6U/4NERbctC+9VvXDhgpyXlX9C+qNSe1SDpl+gjqtGdZobkKIZVtxJhM19g
RYazP2AIlwsq2sO+ONsAE1BbZ0SxkI2UHfFLt/XqlcVWGfk6Uey8RwnIEMRa
IO9Kzcc5G59R8WjYWx/XPyMnexBl+KCfcJhng/bePTObyEH3O4+Nbb/Kn7Dj
gz1WGduKhK1JtZdf82lhLYMDiZNWex8oH7CRiE8/voyMBC3SNf2NXhaRvf0U
4Xickg0VgE7D+V2Xt7ZSmZ39BVqDs3EUcfU6CJ9X9XPCZh7+w4yaonBF0LGf
ozyarKVVBmmjNpV2cnVsLMJeq84p1V5iuH18Zg+SoptXiGLtCMVa7PbrDEys
ylKcfX/pYjGewPFzrIRUyaLks6ikwmwvCHkSLmBoB5DCLbtNEpjQfrZ4PJ4/
7d2sNIJp+1l0IokPLNgEh0nAOFS67IjWNkr+hgorxm47yNadXlhqs9VcYXH4
4jlWWGBeu8wxzU6E9Ynkh6v0hi0pHApnhBPBoD4qtvHLFoL3ntbRfTS2+Rsq
LX/YSvBifYzWhzSwVKkLgXzI6JlD2Sn0j7xb5ytz8Fw7JVEZTAXJsgDfthlS
nTW0i48k9J+QWNH9C0xQdI24w0K3IpACtwBEujJ8tFeYOqQQOohOXPrSD/V3
SVzSafjJ28lG7j+u7uyc58DsD+oJlWehu0z53ADW2efyE4J+vn9J401JXJiZ
Rf1t3g1gYTPOd2Vl2J/vt+dts6zvqFarT+44EcfsdEKpncdw40P8Jjgt57MN
nYOu4GwdhER7hGfhtlR047Zy2p4EhPCFNxLj5tHeDt8DRWiczREpgAkKz7eV
2mOVy1hcaIq9eHGfP+M9MaAWUS0Q6rPpu4zB3Qowk4CuQubEpf+2AAsLoNnl
0tNazs1LzgNyvf7mAH6ng+8L8FWdeIeHzei8O71+9+b85hzf4EH0d2/Z5hna
gy/cbgB/Z89QOeOlWHDDS8OslBKy4S05yjIQvaMDXxOqpwpFmqobl+BSah8O
tAXMphUOPusFppvlpsC0CB7kYu7YPZlNWgTUxYMetCu541b/Cuc7AxRIeYZt
92N4+vEtKOlvmEl7cv13zyTsYnMmxAltXCKVVQB0geZAM9syxAah8LsN5vAR
6U2ykqY3PjuTqTkmnx86JcIhmkQ/TSSIjzcRxe5HOyjuM31/Mhj8Ic7ujVoy
bLxq5wWvaKad5vZZ0C4684lCj8IO4UmRzmjXL7oxwIk3PebTMWKypIz6vZh4
z+hEnLUopiOegcRom0rNn9viYbxNDHEDG2DaYrnTJWYch35TjwLhMPcaE9Xd
UdJzgNDWlrAxD7a6ArXFFo+6kgBmAPlD9x0NBif0GkCnZZt/HH7wwYUl7Qll
avN2bzIYvNs8vkwvbQUTFqa2+yVPx/tIz5//FC3zz3gKzFerRP6SuuK6BJhk
P3ahNtfBKM+2jHHZLdfs6efyd51ep6Gi64hIhG1q78FT9kO/GbNspuDYFogB
IzfjTaTpHkX31RF4egbNfm3vc8J/0RjbI/k0PV5TUJDSGMygyBzvj9iGSIZh
WXJ4hsOd3wUSIpxj0BYy4WALE973r5KIH9JlMJiEZ2JZiTgJr8NrhJj79jCd
vzWlMhvFTT1zmfQecKSiz1dY9pcwlfEOENKM4GyZHVqIky1+ZbjVig27Krk/
ftLzbL/n2UHPs8OeZ097nj1zz6JZZICGnZ7j1ZBzwPBFk09V9djs2gUWexJ/
XERoq309/gRigjgN/7zCG6zq0iy4OdmaMwgF2uY35/95A2IALAIp+Re+BdJf
4UDxKyhawrbPbQHE3GFtnxDa/8ZgJoO+dZLXI3ekY/EFQZcRiKJeGSihvfPo
kQ4ytC0QGPAZwxioUvVnZlp4QO+DA3nRJSa82TpuL4uLc2r2MB/txWxA3Khq
Fq9yCLeyMVo3DGzbaZoeiGvPkHZMEWqEvVju70NjvjFF+Nw/d3x5fv29+Plf
wTrOv8ObUvHWuJ//bUD+7LW9IGGrR4srAKOoo0gdUHG39tDtOxQ4gCw5o0lb
ve11P+7EIWNXG4CxaS+6SBtW7dBW68K5IKKbr0JLRdDH3tvS8SHjwDcHWKbj
mwML0uOiw+/+6aL/6aL/6aJ/lYuObhvbEoMMe+IMcm6/xz2qfxD36Ezfww4y
4jzt9dns0Ut/P0tXWW1OhiQnRi0ul0JhUusS9oIsSjvY+B/fPf//+me86xOj
UXTVYpJgYjRT6ZxPztkqFLovA288SQ1fS6FpW6a2V9CEF4bR3Dl3evqpRCf5
ulQLvHe1sKX+3MTY0he8ZceWgRe3YBhkLj6UMlkMB5NM3WMBo8oKfVve4YNM
FeJHXc3M6BTIfwuPigKPLhTiB0WhfjEcnEKbM5kvpyrL6K9PEvgmfpBpAx/8
z38jDvmPdZHcquHgosKMl0mkeC8z2gXQw8EfyeBcF/T9D7oy4LDeY1XccEBn
ZN+WNeZAFjKHBw3upYsfGrykWK7Ww8FbWPtFpVQ6HHwowaLU4hpk45bLrcHd
A0MX4ocKLHEhi4HdctRVexsTFaXB98gTt1/A5XHt8V2+zNGm/MgBgQDYO/b/
gGKD1tOLjdvRAnkMVcwVB9pDNe7qsfD46Bh6++hyvtBmS+07KQgP0pYvSmPK
RNOnBJm2DL1RkmC6g24/dhDdqGdvO/YXzLcUtfLa0EknhHI1dubumPL7E3S9
BJdywwyYupY0G4AxTo5vGDiuv3PXTZJ9x4zOV/qlswL+KLnpWkLe7PdZ+5ZI
eHSH7xT2eKW9/cgXifr0pesiDfsIvrU3GtG98FRdVnOiyxfQoLnVfNCaoBO7
2vHgfwGjvoBsp2IAAA==
</rfc> </rfc>
 End of changes. 57 change blocks. 
947 lines changed or deleted 746 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/