| 06:45 | <annevk> | Domenic: thoughts on using "nullable" instead of "null or": https://github.com/whatwg/notifications/pull/194/files? |
| 06:46 | <Domenic> | Huh. I guess it's OK, but I've never done it and slightly prefer what I do... |
| 06:46 | <annevk> | Yeah, I similarly have mixed feelings. I guess I'll push back a bit and ask for an Infra discussion first, though even in IDL we kinda regret the ?-convention so maybe we should just not. |
| 07:02 | <annevk> | Adam Rice: did you see https://github.com/whatwg/websockets/pull/45? |
| 07:40 | <annevk> | Adam Rice: well that was embarrassing, fortunately tests and code did not make that mistake |
| 07:48 | <jub0bs> | Hi Simon. Sorry to bother you. Any chance you or someone else from Mozilla could make the following ticket public? https://bugzilla.mozilla.org/show_bug.cgi?id=1790311 |
| 07:48 | <jub0bs> | It's related to CVE-2022-45411, which has since been mitigated. |
| 07:49 | <jub0bs> | Oh wrong thread. Sorry. |
| 07:49 | <jub0bs> | zcorpan: Perhaps? |
| 07:59 | <annevk> | Domenic: did you see my ping for review on the timer bits of https://github.com/whatwg/html/pull/4613? It's a relatively small PR, mainly JS asking HTML to run stuff at particular points in time. |
| 08:00 | <Domenic> | No, sorry I did not. Will flag it and get to it soon. |
| 08:10 | <zcorpan> | freddy: ^ |
| 08:12 | <freddy> | Done. |
| 08:15 | <zcorpan> | annevk: for https://github.com/whatwg/websockets/pull/45 maybe we need new tests with multiple globals to check which one is used for the base URL? |
| 08:17 | <jub0bs> | Excellent. Thank you, freddy . |
| 08:20 | <jub0bs> | I have some thoughts about this, though I don't want to go into too much details in public yet. |
| 08:21 | <jub0bs> | Some servers are still vulnerable, even after Chromium's and Firefox's fixes. But the servers in question deviate from the HTTP standard, and protecting them is probably not the responsibility of browser vendors. |
| 08:24 | <jub0bs> | Not sure if it's worth raising an issue about that, but let me know if you're interested. |
| 08:26 | <freddy> | ̉I think we would like to know more. A private issue in the fetch repo might be a good coordination forum, similar to how we dealt with this one. WDYT, annevk? |
| 08:26 | <annevk> | zcorpan: not a bad idea, want to make one? |
| 08:32 | <zcorpan> | annevk: sure. I found https://github.com/web-platform-tests/wpt/blob/master/html/browsers/browsing-the-web/navigating-across-documents/multiple-globals/resources/context-helper.js which seems helpful |
| 08:52 | <annevk> | zcorpan: that looks nice, nothing for current seemingly |
| 08:53 | <annevk> | zcorpan: or maybe current is what you put in scriptToRun? |
| 08:57 | <zcorpan> | annevk: I haven't understood it properly yet, but looks like current isn't covered |
| 09:04 | <zcorpan> | or I guess current is the test file itself |
| 09:14 | <zcorpan> | https://github.com/web-platform-tests/wpt/pull/39978 |
| 09:27 | <jub0bs> | I'm not sure Anne has seen this. Matrix threads aren't ideal for visibility, it seems. |
| 13:19 | <annevk> | Seems fine. Or start with an email to some folks. |
| 13:19 | <annevk> | And yeah, Matrix is hmm... |
| 16:35 | <jub0bs> | annevk: Ok, thanks. |
| 16:35 | <jub0bs> | freddy: Perhaps I should talk to you first. Depending on what you think, we can proceed with a security advisory or do nothing. |
| 16:36 | <jub0bs> | If that's ok with you, let me know how I can contact you. |
| 16:53 | <annevk> | jarhar: belatedly noticed some minor follow-up required in https://github.com/whatwg/html/pull/9178 |
| 16:53 | <annevk> | jarhar: see comment at the end |
| 16:53 | <jarhar> | woo @mention notifications are working |
| 16:53 | <jarhar> | thanks ill take a look |
| 17:15 | <annevk> | jarhar: they work vice versa as well, so feel free to ping if you feel like something is taking too long (though fair warning: my weekend has kinda started) |