| 06:21 | <harry383> | 🛡️ Learn Cybersecurity – Top Beginner Courses to protect your self from scammers 💻 Google Cybersecurity | 🖥️ IBM / hacking Cybersecurity Analyst | 🎓 CompTIA Security+ | 📘 Intro to Cyber Security | 🌐 Cybersecurity for Everyone 🔗 Start Learning https://t.me/CyberSecurityExpertsHQ2 |
| 09:04 | <nicolo-ribaudo> | Maybe there should be a bot that automatically bans whoever posts a telegram link |
| 09:39 | <Luke Warlow> | Do we need to have a rule about when the html spec can rely on a w3c spec? They're wildly unstable compared to what the html spec is supposed to be. I'd say it should need to be in a CR or ready to ship/already shipping in a browser? |
| 09:40 | <annevk> | Luke Warlow: I think we have mainly found the CSS WG to be fairly unreliable. What else? |
| 09:41 | <Luke Warlow> | Well I was being general because technically the same applies to them all (none are living standards). But yes really it's them. |
| 09:47 | <annevk> | Yeah, I don't know. https://github.com/w3c/csswg-drafts/issues/1967 is still a mess as far as I can tell, for instance, eight years old now. TabAtkins thoughts on this? |
| 10:12 | <Noam Rosenthal> | Luke Warlow: at least for the parts I was involved in (CSS/WebPerf) we tried to keep the integration hooks themselves relatively stable. It's mostly "hooks" to call into the W3C specs to make things in these specs work (e.g. spin the view-transition algos) rather than having HTML "rely" on them though. |
| 10:21 | <annevk> | I'm not sure, the Rendering section is fairly big and that was most recently impacted by these shenanigans. (Same for the pseudo-class example I gave, of which some would need some integration if they are agreed upon as sketched.) |
| 10:37 | <Luke Warlow> | I'm not sure, the Rendering section is fairly big and that was most recently impacted by these shenanigans. (Same for the pseudo-class example I gave, of which some would need some integration if they are agreed upon as sketched.) |
| 10:52 | <Noam Rosenthal> | Any other examples? Being specific helps |
| 10:55 | <annevk> | Noam Rosenthal: https://github.com/whatwg/html/pull/11656 is what I was referring to above. display: contents has also been a big problem (though of a different category arguably). |
| 14:51 | <evilpie> | Am I looking wrong, or ar there really no WPT for X-Content-Type-Options: nosniff with iframes? |
| 14:53 | <annevk> | evilpie: MIME sniffing is badly tested generally :/ |
| 14:54 | <annevk> | https://github.com/web-platform-tests/wpt/pull/30403 is an unfinished PR in that area |
| 15:01 | <evilpie> | Thanks Anne. That is sadly what I had expected. |
| 15:03 | <annevk> | It often is, but if you fix a couple the next engineer will be less distraught. |
| 15:07 | <evilpie> | Well, I will probably add some, because it really doesn't make sense to write new tests outside of WPT. |
| 15:11 | <evilpie> | Is X-Content-Type-Options even specified anywhere for documents? https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff? only considers script/styles. |
| 15:14 | <evilpie> | Ah, I guess that is part of the MIME sniffing standard. |