| 01:04 | <MikeSmith> | jpwhiting: https://gist.github.com/sideshowbarker/6004932 |
| 01:06 | <MikeSmith> | jpwhiting: not sure if that change to the build file is required or not. It depends on how you have the validator using that schema |
| 01:08 | <MikeSmith> | jpwhiting: but I guess you could check by just removing that build-file change temporarily, and if it works without that, you're fine |
| 02:18 | <jpwhiting> | MikeSmith: perfect, thanks |
| 10:38 | <galant> | why iceweasel shows letters wider then chromium? |
| 10:57 | <galant> | I don't udnerstand what is different if I put image that is 16x16 32x32 or 64x64 pixels? are they old shrinked to 16x16? ebacuse I think all favicons that I see have same size? |
| 12:48 | <annevk> | http://www.apple.com/logic-pro why link to a 404 from a press release? |
| 15:44 | <dglazkov> | good morning, Whatwg! |
| 15:52 | <annevk> | morning dglazkov |
| 15:52 | <annevk> | dglazkov: in SF this week by any chance? |
| 17:40 | <gsnedders> | What's a recommendable JS tutorial nowadays? |
| 17:41 | <gsnedders> | (For someone who already knows how to program?) |
| 17:54 | <jgraham> | gsnedders: http://api.jquery.com/ ? :p |
| 17:54 | <jgraham> | My other, equally useless suggestion is http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf |
| 17:57 | <jgraham> | Hixie_: I seem to recall that people don't like accessing window.location.href in possibly non-same-origin cases because the exception is always reported in the js console in weblinkit browsers, even if it is caught |
| 18:00 | <Hixie_> | ah |
| 18:01 | <jgraham> | (actually in my testcase it doesn't even throw if you do that, just returns undefined) |
| 18:02 | <jgraham> | (and logs an error) |
| 18:02 | <jgraham> | Of course it would be nice if they didn't have this behaviour |
| 18:03 | <jgraham> | But I guess you need to convinve abarth it's a bad idea |
| 18:13 | <jsbell> | gsnedders: The canonical answer is "JavaScript: The Good Parts" but I haven't personally read it. |
| 18:15 | <jsbell> | It's also, by definition, an opinionated view of the language, which may diverge a bit from what real people use. Hence jgraham's first answer. |
| 18:21 | <jgraham> | Hint to the people at spotify: there's a reason that I haven't played any Christmas-themed music "for a while now". You might want to consider that in your recommendations page |
| 18:21 | jgraham | knows this is a rather ineffective way to communicate with spotify employees |
| 18:33 | <abarth> | jgraham: what's a bad idea? |
| 18:38 | <jgraham> | abarth: According to webkit-dev you are already convinced :) |
| 18:39 | <jgraham> | (not throwing when accessing location.href cross origin) |
| 18:39 | <abarth> | hum... |
| 18:40 | <abarth> | there's some active discussion about changing this currently |
| 18:40 | <abarth> | why don't you want to throw? |
| 18:40 | <jgraham> | I do want to throw |
| 18:40 | <jgraham> | Sorry, I originally used negatives in a confusing way |
| 18:41 | <abarth> | https://code.google.com/p/chromium/issues/detail?id=17325 |
| 18:41 | <abarth> | ok |
| 18:41 | <abarth> | yeah, that's the direction we're heading in |
| 18:41 | <abarth> | there's just some trickiness in the implementation that we're working through |
| 18:42 | <abarth> | the javascript engine isn't quite prepared for us to throw an exception at that point, but we're fixing it to let us |
| 18:42 | <abarth> | then we'll throw the exception and see what the compat impact is |
| 18:43 | <jgraham> | Sounds good |
| 18:43 | <jgraham> | Hopefully the compat impact it low since Gecko, Presto and, I asssume, IE already throw |
| 22:11 | <philandy> | Hi, I'm trying to emulate the xmp tag with outside source. |
| 22:11 | <Hixie_> | emulate in what sense? |
| 22:11 | <philandy> | meaning not using the xmp tag since the src attribute doesn't work with it. |
| 22:13 | <philandy> | would I need to use scripting? I'd love to avoid that if possible. |
| 22:14 | <Hixie_> | i don't understand what you mean |
| 22:14 | <Hixie_> | what are you trying to do? |
| 22:17 | <philandy> | well xmp displays the utf characters within the tags. I was intending to get an external file to display the utf characters there into the xmp tag. Since xmp does not have a src attribute, I have to use something else. |
| 22:18 | <philandy> | <html><head /><body><xmp><html></xmp></body></html> |
| 22:19 | <philandy> | will display: <html> |
| 22:19 | <philandy> | in a browser |
| 22:19 | <philandy> | I want to do <xmp src="page.html" /> |
| 22:20 | <philandy> | since that does not work, I am here to see if anyone knows another solution. |
| 22:21 | <Hixie_> | what do you mean by "utf characters"? |
| 22:21 | <galant> | Hixie_, see pm :) |
| 22:21 | <Hixie_> | are you saying you just want to display a text file in a page without interpreting as html? |
| 22:22 | <philandy> | no, an html file as if it were a text file. |
| 22:22 | <Hixie_> | galant: saw it, wasn't sure what you wanted me to do with it :-) |
| 22:22 | <philandy> | and yes, without interpreting it as html |
| 22:22 | <galant> | haha nothing :)) |
| 22:22 | <Hixie_> | philandy: just change the MIME type on the server to text/plain, and load it in an iframe |
| 22:23 | <Hixie_> | philandy: or fetch the file using XMLHttpRequest, then set a <pre> element's "textContent" idl attribute to the document's text source |
| 22:23 | <galant> | that site has plenty transitions and canvas and is slow on my old laptop :( |
| 22:24 | <dglazkov> | did tests in https://code.google.com/p/html5lib/source/browse/#hg%2Ftestdata%2Ftree-construction make it to https://github.com/w3c/web-platform-tests/tree/master/html? |
| 22:25 | <dglazkov> | I sort of see naming parallels, but the tests in github look nasty: https://github.com/w3c/web-platform-tests/blob/master/html/syntax/parsing/test_adoption01.html |
| 22:25 | <GPHemsley> | so apparently the new Chrome implementation of mouse(enter|leave) patterns with Opera on entry and nobody on exit |
| 22:25 | <GPHemsley> | https://www.w3.org/Bugs/Public/show_bug.cgi?id=22641#c4 |
| 22:26 | <philandy> | I was considering the pre tag, but was unsure there was a quick solution. I dislike iframe, object, and embed because they have issues with height that aren't exactly simple to resolve. |
| 22:38 | <gsnedders> | dglazkov: That's them in jgraham's wrapper. |
| 22:38 | <gsnedders> | dglazkov: I don't claim they're clean. |
| 22:39 | <gsnedders> | dglazkov: Also, see the home page of the html5lib project on Google Code. (Hint: you want https://github.com/html5lib/html5lib-tests) |
| 22:44 | <Hixie_> | http://www.w3.org/mid/CAEeYn8hWz9QA53VSseB=xFLwo+WuS4YPH19Ad+wHpheQp-nwpA⊙mgc christ, w3c are forking more of anne's specs |
| 22:46 | <philandy> | Hixie_: do you know what xmp broke in SGML? |
| 22:47 | <gsnedders> | 23:38 < gsnedders> dglazkov: That's them in jgraham's wrapper. |
| 22:47 | <gsnedders> | 23:38 < gsnedders> dglazkov: I don't claim they're clean. |
| 22:47 | <gsnedders> | 23:39 < gsnedders> dglazkov: Also, see the home page of the html5lib project on Google Code. (Hint: you want https://github.com/html5lib/html5lib-tests) |
| 22:48 | <Hixie_> | philandy: i don't understand the question |
| 22:50 | <philandy> | It was sort of a parting question. The reason that xmp was depreciated was that it broke SGML. I was wondering if you knew what parts. |
| 22:50 | <Hixie_> | why do you think the reason <xmp> was deprecated was that it broke SGML? |
| 22:51 | <Hixie_> | ("depreciated" means "lost value", "deprecated" means "warned against") |
| 22:52 | <philandy> | wow, okay. deprecated. |
| 22:53 | <philandy> | I had to refer back to the html 3.2 reference to see it |
| 22:54 | <Hixie_> | http://whatwg.org/html#xmp mentions it |
| 23:03 | <philandy> | Hixie_: I see it. I think I'm going to use an iframe, object, or embed depending on which doesn't feel like breaking everything. |
| 23:04 | <Hixie_> | <embed> is for plugins |
| 23:05 | <Hixie_> | <object> and <iframe> should be basically the same thing, though <iframe> is the better choice in your case |
| 23:10 | <philandy> | Hixie_ I agree. I want to follow the standards to do it right if possible. I seem to want to do the worst possible things from time to time >_< |
| 23:18 | <Hixie_> | abarth: ping? |
| 23:18 | <abarth> | Hixie_: hi |
| 23:18 | <Hixie_> | oooh, that was quick |
| 23:18 | <Hixie_> | hey |
| 23:19 | <Hixie_> | what do you know about CSP and cross-origin seamless iframes and so forth? |
| 23:19 | <Hixie_> | i have feedback saying it's wanted, and some says that CSP and/or X-Frame-Options and/or other things are supposed to do the security model aspect of this |
| 23:19 | <Hixie_> | so i don't have to reinvent an origin-opt-in mechanism a la CORS |
| 23:24 | <Hixie_> | abarth: ^ |
| 23:24 | <abarth> | sorry |
| 23:24 | <abarth> | yeah |
| 23:24 | <abarth> | i don't think anyone has done anythign in that area yet |
| 23:24 | <abarth> | I think Ojan or I raised it on the list |
| 23:24 | <abarth> | and the feedback we got (maybe from you) was to wait for more seamless adoption before adding featuers |
| 23:25 | <abarth> | that's what we've been doing |
| 23:25 | <abarth> | I think moz has an implementation now |
| 23:25 | <abarth> | maybe even finished it. I haven't checked their status in a bit |
| 23:25 | <abarth> | My understanding is that folks are still asking for the feature |
| 23:27 | <Hixie_> | abarth: can you elaborate on http://lists.w3.org/Archives/Public/public-whatwg-archive/2012Dec/0012.html ? |
| 23:27 | <Hixie_> | did anything happen with that? |
| 23:28 | <abarth> | X-Frame-Options did become a CSP directive |
| 23:28 | <abarth> | the folks who were pushing the HTTP header approach in the IETF agreed to move to the W3C |
| 23:28 | <abarth> | there's still an informational RFC in the works in the IETF that documents the existing X-Frame-Options implementations |
| 23:29 | <abarth> | but the Frame-Options iteration got moved into CSP |
| 23:29 | <Hixie_> | still wouldn't help with seamless though right? |
| 23:29 | <Hixie_> | for seamless it seems we need a way for a page to give an opt-in list of domains that can do the seamless embedding |
| 23:29 | <Hixie_> | very similar to CORS |
| 23:29 | <Hixie_> | but not CORS, obviously |
| 23:30 | <Hixie_> | i'm so skeptical about introducing yet another mechanism |
| 23:35 | <abarth> | do you mean directly? |
| 23:35 | <abarth> | it's a bit different than frame-options |
| 23:35 | <abarth> | which doesn't grant anyone additional privileges |
| 23:35 | <Hixie_> | yeah |
| 23:35 | <abarth> | just revokes privieleges from everyone else |
| 23:36 | <abarth> | you're looking for something more like CORS... |
| 23:36 | <abarth> | i guess the question |
| 23:36 | <abarth> | ... |
| 23:37 | <abarth> | do you want to be able to specify a list of origins? |
| 23:37 | <abarth> | CORS only lets you say one |
| 23:37 | <abarth> | e.g., *.example.com |
| 23:37 | <Hixie_> | it's unclear to me what the use cases are, so i don't know if one is enough or not. |
| 23:37 | <Hixie_> | but in principle, if it's enough for CORS, it should be enough for this. |
| 23:38 | <abarth> | I can tell you about use cases that I have personally |
| 23:38 | <abarth> | if that would be helpful |
| 23:38 | <Hixie_> | sure |
| 23:39 | <abarth> | https://bugs.webkit.org/show_bug.cgi?id=110252 <--- This is just a random WebKit bug, but you can see the red and green bubbles next to each attachment? |
| 23:39 | <abarth> | those are an iframe to a page hosted on another server |
| 23:40 | <abarth> | it would be nice if the iframe could automatically resize to fit the number of bubbles that are there |
| 23:40 | <abarth> | today, someone has to go edit the bugzilla code to change the constant whenever the max number of bubbles changes |
| 23:41 | <Hixie_> | but presumably you'd want anyone to be able to embed those |
| 23:41 | <abarth> | seamless would do the job, except the reason I used an iframe in the first place is because the data is hosted on another server |
| 23:41 | <abarth> | yeah, * would be fine here |
| 23:41 | <abarth> | this is public data |
| 23:41 | <Hixie_> | if it was a non-open project, you'd want anyone inside the intranet to be able to use it |
| 23:41 | <Hixie_> | which would be hard without a list of domains |
| 23:41 | <Hixie_> | if your intranet is like some companies' |
| 23:42 | <abarth> | yes, you'd want to be able to say something like *.corp.example.com |
| 23:43 | <Hixie_> | i was thinking of "intranets" that are more "extranets" and have a number of domains |
| 23:46 | <abarth> | well, the issue arises even for intranets |
| 23:46 | <abarth> | because the framing site could be on the internet |
| 23:46 | <abarth> | and the browser could be inside the firewall |
| 23:47 | <abarth> | i.e., if the project was closed source and internal to some company |
| 23:47 | <abarth> | but the bubble server said allow-seamless=* |
| 23:48 | <Hixie_> | right, my argument was that this use case, in the private case, implied you'd need a list. |
| 23:48 | <abarth> | then an internet site could determine how many bubbles were tehre |
| 23:48 | <abarth> | ah, yess |
| 23:48 | <abarth> | sorry, i misunderstood |
| 23:48 | <Hixie_> | but i guess we could do what CORS does, which is require the server to send the right header based on the incoming Origin header |
| 23:48 | <philandy> | btw, I was told Chrome isn't using WebKit anymore? Something called Blink? |
| 23:49 | <Hixie_> | philandy: blink is a fork of webkit, see http://www.chromium.org/blink |
| 23:49 | <Hixie_> | abarth: although i don't know if we can send the origin header for all iframe requests... |
| 23:49 | <Hixie_> | abarth: i guess we only need to send it if the seamless attribute is set |
| 23:50 | <Hixie_> | abarth: in any case, my original contention was that i didn't want to invent a new cors-like mechanism |
| 23:51 | <abarth> | philandy: that's true, but I created this bubble system, which is why I'm familiar with it ;) |
| 23:52 | <abarth> | Hixie_: yeah, like many issues, the question boils down to whether you think the Vary header works |
| 23:52 | <abarth> | if you think it works, then the server can Vary: Origin and still get reasonable caching |
| 23:52 | <abarth> | IMHO, CORS is probably a good place to start |
| 23:53 | <abarth> | that makes it clear that by allowing someone to embed you seamlessly |
| 23:53 | <abarth> | you're letting them read the contents of your document |
| 23:53 | <abarth> | that's not 100% accurate |
| 23:53 | <abarth> | but it's a good, conservative first approximation |
| 23:53 | <abarth> | (e.g., you might be able to keep CSRF tokens secret because they're hidden) |