| 05:47 | <zcorpan> | dsheets could maybe use <svg><svript> although that has a different set of quirks |
| 05:47 | <zcorpan> | i didn't follow what his use case was |
| 05:48 | <SamB> | zcorpan: he seemed intent on doing the "polyglot" thing without any explanation |
| 05:49 | <zcorpan> | he doesn't need different parsing of script to do polyglot... |
| 05:50 | <SamB> | anyway he wasn't terribly coherent :-( |
| 05:52 | <zcorpan> | if his problem was that <script><![CDATA[ doesn't work then the fix is js comments |
| 05:53 | <zcorpan> | or stop using polyglot of course |
| 07:40 | <annevk> | zcorpan: I think I used http://www.fileformat.info/convert/image/svg2raster.htm or some such |
| 07:40 | <annevk> | zcorpan: might not give the best results |
| 07:40 | <annevk> | SamB was working on something better |
| 08:20 | <annevk> | JakeA: note that get() takes a dictionary argument for filtering, defaulting to all |
| 08:21 | <JakeA> | annevk: I guess you can only have one notification per tag? |
| 08:22 | <annevk> | JakeA: there can be multiple |
| 08:23 | <JakeA> | annevk: Still feels like it should be getAll then, but it's not a big deal. Eg we have cache.match and cache.matchAll, both methods take a filtering arg |
| 08:24 | <annevk> | fair, querySelector/querySelectorAll |
| 08:24 | <annevk> | but I don't think there's really a case here where you'd want the first so from that perspective... |
| 08:26 | <JakeA> | annevk: also map.get |
| 08:26 | <JakeA> | But yeah, if Firefox already has an impl, that seems like a stronger reason to leave it as .get |
| 08:41 | <annevk> | I wonder why Mark Watson of Netflix is pushing back on requiring HTTPS for new APIs |
| 08:41 | <annevk> | http://lists.w3.org/Archives/Public/public-webappsec/2014Aug/0062.html |
| 08:42 | <annevk> | I guess it's mostly because of https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332 |
| 08:42 | <annevk> | But Netflix goes over TLS so what is the big deal? |
| 08:42 | <annevk> | Perhaps the TV environment where they care less about security? |
| 08:42 | <annevk> | hsivonen: ^^ |
| 11:16 | <annevk> | foolip: Firefox throws if you try to modify an attribute's child list |
| 11:17 | <annevk> | foolip: and in fact it pretends there are no children |
| 11:18 | <annevk> | foolip: e.g. attr.firstChild returns null, childList is an empty NodeList |
| 11:26 | <foolip> | annevk: that sounds so sweet |
| 11:27 | <foolip> | I bet there's a FIXME that fortunately never got fixed :) |
| 11:36 | <zcorpan> | does anyone use http://resources.whatwg.org/status-warning.js ? |
| 11:39 | <annevk> | foolip: I put a summary in https://www.w3.org/Bugs/Public/show_bug.cgi?id=26609 |
| 11:40 | <annevk> | Domenic: could we deploy HSTS on resources.whatwg.org? |
| 11:46 | <annevk> | jgraham: "In addition, wildcards themselves can have subjectAltName extensions, including other wildcards. For example: The wildcard certificate *.wikipedia.org has *.m.wikimedia.org as an Subject Alternative Name." seems to be what we want? |
| 11:46 | <annevk> | jgraham: that's 360 USD a year? |
| 11:49 | <jgraham> | annevk: Yeah, I think a SAN cert would work |
| 11:49 | <jgraham> | But IANASSLE |
| 11:49 | <annevk> | jgraham: well wildcard + SAN right? |
| 11:50 | <jgraham> | Yes |
| 12:09 | <Ms2ger> | foolip, actually, not a FIXME... We used to support that, kinda, but I killed it |
| 12:28 | <gsnedders> | what's the correct behaviour of vh on paged media? |
| 12:33 | <JakeA> | Bothers me that the quota API doesn't really specify the units of the quota |
| 12:34 | <JakeA> | I'm guessing bytes. The 'usage' property is in bytes. |
| 12:45 | <foolip> | Ms2ger: in that case you're the hero of the day! |
| 12:47 | <Ms2ger> | \o/ |
| 13:02 | <foolip> | Ms2ger: was that change simply making Attr not a container Node like Element, Document and DocumentFragment? |
| 13:05 | <Ms2ger> | https://bugzilla.mozilla.org/show_bug.cgi?id=737122 |
| 13:08 | <annevk> | jgraham: per https://www.startssl.com/ it seems we can do this for USD 60 |
| 13:08 | <annevk> | if Hixie_ had an account with them already it might not be too bad |
| 13:09 | <annevk> | EV is getting cheaper too, I thought someone recently told me it was 10k or so |
| 13:10 | <foolip> | Ms2ger: thanks |
| 13:45 | <jgraham> | annevk: EV doesn't work with wildcard certs anyway |
| 13:45 | <annevk> | jgraham: yeah, wasn't really considering EV for us, it's mostly a scam |
| 13:58 | <zcorpan> | https://github.com/whatwg/html-mirror/commit/7c23a0789467f3c3d9659b75db963e31e21c9d76 is gold |
| 14:06 | <foolip> | zcorpan: I like that one too :) |
| 15:00 | <annevk> | JakeA: perhaps we should float the Fetch part on the WHATWG list? |
| 15:01 | <annevk> | JakeA: I can do that tomorrow |
| 15:02 | <JakeA> | annevk: I'm happy to do it, will post a summary tomorrow morning |
| 15:02 | <annevk> | sgtm |
| 15:09 | <annevk> | Domenic: if only we had someone to maintain IDL :p |
| 15:09 | <Domenic> | annevk: hehehe... |
| 15:10 | <heycam> | Domenic, send more PRs! :) |
| 15:11 | <Domenic> | yeah, if people like this observable idea I'd be happy to PR it in |
| 15:13 | <Ms2ger> | heycam, accept the PRs you get first! |
| 15:14 | heycam | looks at Ms2ger's PR |
| 15:14 | <heycam> | sorry i haven't looked at your CSSRule rejigging patch yet either |
| 15:14 | <Ms2ger> | heycam, and ArtB's that's been sitting for 5 months? |
| 15:16 | <zcorpan_> | MikeSmith: can you make a whatwg html-differences bugzilla component please? |
| 15:17 | <MikeSmith> | yup |
| 15:17 | <MikeSmith> | gimme a minute |
| 15:18 | <annevk> | heycam: in Europe already? |
| 15:18 | <heycam> | annevk, yep, just arrived |
| 15:18 | <heycam> | annevk, did you move to Switzerland yet? |
| 15:18 | <annevk> | yeah I have |
| 15:18 | <heycam> | ah cool |
| 15:19 | <annevk> | it is a bit, very rainy summer |
| 15:23 | <MikeSmith> | zcorpan_: https://www.w3.org/Bugs/Public/buglist.cgi?component=HTML%20Differences&list_id=42473&product=WHATWG&resolution=--- |
| 15:23 | <zcorpan_> | MikeSmith: thanks!! |
| 15:29 | <annevk> | I wonder if https://twitter.com/hfiguiere/status/498885668937170945 is still true. Really seems like someone ought to reinvent the CA business |
| 15:32 | <JakeA> | It's in dire need of "disrupting" as them business folks would say |
| 15:35 | <Ms2ger> | "Orca screen reader now supports longdesc (in Gecko)" |
| 15:35 | <Ms2ger> | Progress! |
| 15:36 | <foolip> | why is everyone talking about https for whatwg.org these days? |
| 15:40 | <jgraham> | foolip: https jusst became fashionable |
| 15:59 | <annevk> | foolip: well, seems like a good place to start with TLS |
| 16:00 | <annevk> | Also, if that's what is required to have a normal site these days, it would be nice to set a good example |
| 16:07 | <zcorpan> | please review http://html-differences.whatwg.org/ |
| 16:08 | <Ms2ger> | zcorpan, weird underline for " and stopSorting(). " |
| 16:08 | <Ms2ger> | Also " and border attribute" |
| 16:11 | <zcorpan> | fixed thx |
| 16:11 | <estellevw> | there are a few areas matching p > span:not([title=""]):not([class~="XXX"]):not([class~="impl"]):not([class~="note"]), li > span:not([title=""]):not([class~="XXX"]):not([class~="impl"]):not([class~="note"]) that get a green underline. |
| 16:11 | <zcorpan> | estellevw: reload? |
| 16:11 | <estellevw> | fixed |
| 16:12 | <estellevw> | took me longer to write that line than for you to fix it ;) |
| 16:12 | <zcorpan> | :-) |
| 16:35 | <Ms2ger> | TabAtkins, so, about -goog-... What's the advantage over doing the same thing without -goog-? |
| 16:42 | <Hixie_> | marcosc: yt? |
| 16:50 | <annevk> | Ah, answer is at http://lists.w3.org/Archives/Public/public-webappsec/2014Aug/0067.html |
| 16:50 | <annevk> | Netflix streams encrypted content over HTTP |
| 16:50 | <Hixie_> | yay unencrypted signalling |
| 16:50 | <annevk> | And Netflix does not want to upgrade their infrastructure so instead they argue that new features should be enabled over HTTP |
| 16:51 | <annevk> | I guess Mixed Content allows that kind of thing :-( |
| 16:57 | <zcorpan> | is https the new utf-8? |
| 17:01 | <TabAtkins> | Ms2ger: Ah, easy to answer. |
| 17:02 | <TabAtkins> | Ms2ger: If you ship to 1% *without* prefixing, then the page feature-tests for the unprefixed feature. When we eventually turn on the feature for real, possibly with changes, it triggers that codepath, and possibly causes errors. |
| 17:03 | <TabAtkins> | Ms2ger: So instead, you use a prefix, so the eventual final thing won't be hit by the "experimental code" branch. And by only shipping it to 1% or so of people, you ensure that it really *is* a branch, not the program just relying on the prefix all the time. |
| 17:03 | <TabAtkins> | 1% is nice, because it still gives plenty of hits and data-collection opportunity, but takes far too long to restart-cycle yourself into having it working. |
| 17:04 | <TabAtkins> | We discussed this as an option back when we were planning the Blink fork, but decided to just follow Firefox's lead instead. We're back to experimenting with it now. |
| 17:10 | <Hixie_> | prefixing doesn't work because people just assume the non-prefixed version will be the same and preemptively give both |
| 17:12 | <TabAtkins> | Hixie_: It's possible that might still happen. We'll see. |
| 17:13 | <TabAtkins> | We're optimistic that the fact that you have to provide fallbacks and explicitly feature-test will mean that people don't just auto-provide unprefixed paths as well. |
| 17:15 | <Ms2ger> | I'm doubtful |
| 17:17 | <TabAtkins> | Welp, we'll see. Not a huge deal for this thing if people still screw it up. |
| 17:22 | <annevk> | zcorpan: yeah something like that |
| 17:23 | <annevk> | zcorpan: the new http://www.webstandards.org/ |
| 17:24 | <annevk> | zcorpan: the new XHTML 1.1 |
| 17:24 | <annevk> | oh wait |
| 17:24 | <annevk> | that didn't go so well |
| 17:26 | <Ms2ger> | XHTML2? |
| 17:29 | <SamB> | annevk: what, SSL certs aren't already a scam ;-P? |
| 17:30 | <SamB> | (those signed by the CArtel, I mean) |
| 17:30 | <annevk> | SamB: via startssl you can get one for free |
| 17:30 | <SamB> | so it's not a very-well-run scam |
| 17:30 | <annevk> | but yes, replacing the CA system would be great if that was feasible |
| 17:31 | <annevk> | bit of a shame that it took us this long to realize everyone needs TLS |
| 17:31 | <SamB> | heck, even restricting the national CAs to their own TLDs would be an improvement |
| 17:49 | <annevk> | If we could make it part of DNS somehow and just let the registrars deal with it |
| 17:49 | <Hixie_> | do we have a spec for real-world content-disposition? |
| 17:49 | <annevk> | Everyone that has a domain has figured out how to deal with registrars |
| 17:50 | <annevk> | Hixie_: jreschke has tests for that at least |
| 17:50 | <annevk> | Hixie_: http://greenbytes.de/tech/tc2231/ |
| 17:50 | <Hixie_> | yeah but i'm sure his tests just show that browsers don't follow the spec |
| 17:58 | <SamB> | annevk: well, obviously that's only sane if you have dnssec working |
| 18:03 | <SamB> | and, say, the glibc people are understandably not too enthusiastic about pulling in the requisite crypto code to check dnssec results in-process |
| 18:12 | <SamB> | annevk: though they seem open to adding support for declaring external resolvers (e.g. dnsmasq) as trusted to check dnssec results, and adding flags to treat failure to obtain a dnssec-verified result as an error ... |
| 18:13 | <SamB> | annevk: so were you thinking that thing where you can put your SSL key fingerprint or whatever into a DNS record, or something else? |
| 18:37 | <Hixie_> | annevk: so... for load-settings=""... do we want to do a JSON blob? |
| 18:37 | <Hixie_> | annevk: or something more user-friendly? |
| 18:37 | <Hixie_> | annevk: and do we want to reflect that as a DOMString? or something more usable? |
| 18:37 | <Hixie_> | annevk: it's just a flat name-value pair dictionary, no? nothing complex? |
| 18:38 | <Hixie_> | annevk: maybe it should just be a semi-colon separated set of colon-separated name/value pairs? |
| 18:53 | <annevk> | Hixie_: if you want both headers and settings, it'll be more complex than name-value |
| 18:54 | <Hixie_> | ah, right |
| 18:54 | <annevk> | Hixie_: well, it's name-value, but not string-string |
| 18:56 | <annevk> | SamB: I haven't really considered it in detail, it's mostly a thought |
| 18:57 | <annevk> | SamB: would require quite a bit more effort to turn this into something tangible |
| 19:17 | <annevk> | Array.prototype.slice has a fast path for NodeList https://twitter.com/bz_moz/status/500121412523532288 |
| 19:17 | <annevk> | Oh DOM, you so bad |
| 20:53 | <miketaylr> | is there a specified behavior for https://miketaylr.com/bzla/docwrite.html? |
| 20:53 | <miketaylr> | firefox/presto and blink/webkit disagree |
| 20:55 | <caitp> | typeof undefined is usually not "function" |
| 20:55 | <Ms2ger> | Probably, yes |
| 20:56 | <Ms2ger> | I'll bet that hsivonen even knows which one is right |
| 20:57 | <Ms2ger> | I suspect it's Fx/Presto |
| 20:57 | <Ms2ger> | Because the inner window changes |
| 20:57 | <caitp> | I get the same results in FF nightly and chrome stable |
| 20:57 | <caitp> | so... go figure? |
| 21:00 | <miketaylr> | caitp: really |
| 21:01 | <miketaylr> | i get different results in chrome stable and canary... and chrome mobile |
| 21:01 | <miketaylr> | naturally there are sites depending on this... https://bugzilla.mozilla.org/show_bug.cgi?id=1015725#c2 |
| 21:02 | <caitp> | seems to be same results in canary (39.0.2129.0 (Official Build 290688) canary) too |
| 21:02 | <miketaylr> | let me take out document.googWrite |
| 21:02 | <miketaylr> | you might be hitting that |
| 21:02 | <miketaylr> | :P |
| 21:03 | <miketaylr> | caitp: so once you click the button, Chrome and Firefox both say ____? |
| 21:03 | <miketaylr> | for me, chrome says true, fx false |
| 21:03 | <caitp> | ah I see |
| 21:04 | <caitp> | yes, different results there |
| 21:04 | <miketaylr> | ok, phew |
| 21:20 | <caitp> | well, the applicable spec that matters here is probably http://www.whatwg.org/specs/web-apps/current-work/#dom-document-open |
| 21:24 | <caitp> | so you get a new "window" global, effectively an entirely new script isolate really |
| 21:24 | <caitp> | so I guess we're doing the wrong thing in blink/v8 |
| 21:43 | <smaug____> | miketaylr: Gecko does the right thing |
| 21:45 | <miketaylr> | thx caitp smaug____ |
| 21:46 | <caitp> | wonder if there's a crbug for that |
| 21:47 | <miketaylr> | dunno, will probably file one if not |
| 21:47 | <miketaylr> | but every site that uses mobify.js relies on their current behavior |
| 21:47 | <caitp> | i dunno if you can really call it a change that would "break the web" if other popular browsers are doing the right thing |
| 21:49 | <miketaylr> | heh, doing the right thing (and have broken mobile sites as a result) |
| 21:49 | <caitp> | https://crbug.com/149785 looks like there's a bug |
| 21:49 | <miketaylr> | yep, looks like it |
| 23:34 | <Domenic> | annevk: sorry missed HSTS question. I dunno really anything about HSTS. I think the cert was $15 so.… |