| 08:56 | <annevk> | Similarly, maybe we should start thinking about our TPAC meeting (we almost missed the window to register): https://github.com/whatwg/meta/issues/398 |
| 11:47 | <Tom Schuster> | Noam Rosenthal: Which APIs would accept TrustedParserOptions? |
| 11:52 | <Noam Rosenthal> | whatever accepts a SetHTMLUnsafeOptions |
| 11:52 | <Noam Rosenthal> | Eg setHTMLUnsafe |
| 11:52 | <Noam Rosenthal> | And beforeHTMLUnsafe, streamHTMLUnsafe etc |
| 11:57 | <Tom Schuster> | Okay that makes sense. |
| 11:58 | <Tom Schuster> | I didn't see this, but I guess those changes go into the HTML spec. |
| 11:58 | <Tom Schuster> | Otherwise we could have just eliminated that type completely. |
| 11:59 | <Tom Schuster> | What is the ineraction if you pass both TrustedHTML and TrustedParserOptions to setHTMLUnsafe? |
| 13:22 | <Noam Rosenthal> | There is a draft PR (https://github.com/whatwg/html/pull/12583). Waiting for https://github.com/whatwg/html/pull/12528 to land first. |
| 13:23 | <Noam Rosenthal> | Something like trusted_options.sanitizer.sanitize(trusted_html) |
| 13:23 | <Noam Rosenthal> | What type? |
| 13:26 | <Noam Rosenthal> | you mean TrustedHTML? Yea I think it would be great to completely deprecate that and use enforced sanitizer instead. not sure re. web-compat etc and if people use TT for weird stuff like escaping instead of sanitizing |
| 13:28 | <zcorpan> | FYI I will be OOO June 29 – July 31 |
| 13:50 | <Andreu Botella> | Hi, when the HTML spec talks about "obtaining images on demand" (e.g. https://html.spec.whatwg.org/multipage/images.html#:~:text=When%20obtaining%20images%20on%20demand), this refers to a browser not fetching images by default and only doing so when the user requests it, right? |
| 13:52 | <annevk> | Yes, it says so two paragraphs prior. |
| 13:56 | <Andreu Botella> | oh, right 🤦 |
| 13:58 | <annevk> | jmdyck: if you want me to use NewGlobalEnvironment just say it, it's pretty easy to do, just not sure if it's better or not. But you might be able to judge that better. |
| 14:01 | <Tom Schuster> | No, not TrustedHTML. I first thought we might only need TrustedParserOptions internally, but it makes sense that setHTMLUnsafe accepts it now. |
| 14:02 | <Tom Schuster> | I doubt we can remove TrustedHTML again. |
| 14:02 | <jmdyck> | I think it's slightly worse to import NewGlobalEnv. Not really up me, but nobody else was suggesting it. |
| 14:03 | <Noam Rosenthal> | ok gotcha! |
| 14:04 | <annevk> | jmdyck: okay, then I guess we need review for all the changes and can move ahead assuming there's no new issues. |
| 14:05 | <jmdyck> | Separately, I was going to bring up null vs undefined as the signal for "use the default", but then you changed null to undefined. |
| 14:05 | <smaug> | A reminder, please remove agenda+ from the issues and PRs which have been discussed already and don't need to be on the agenda anymore. |
| 14:07 | <annevk> | jmdyck: ah, I'm okay either way. Web platform typically uses null (if there's no need to distinguish), but undefined works. |
| 14:15 | <jmdyck> | 'undefined' was the old signal for "use the default", before https://github.com/tc39/ecma262/pull/3139, which is maybe why I used it in https://github.com/tc39/ecma262/pull/3728 |
| 14:16 | <jmdyck> | but now I'm thinking null would be better |
| 14:16 | <annevk> | So html-dfn.js should now mostly work for whatpr.org. Let me know if you run into any issues although I hope not as I already used enough of Tobie's time. |
| 14:18 | <annevk> | jmdyck: okay, if null works for nicolo-ribaudo we can both switch to that |
| 14:21 | <jmdyck> | annevk: So was 'is exposed' the only thing that HTML was using the global object for during the execution of customizations? |
| 14:23 | <annevk> | jmdyck: yeah and that was already backwards as we pulled stuff from the global that we needed to create the global |
| 14:24 | <jmdyck> | I was worried it would be harder to disentangle. |
| 14:32 | <jmdyck> | annevk: https://github.com/tc39/ecma262/pull/3728#issuecomment-4780302743 |
| 14:53 | <annevk> | Noam Rosenthal: my thinking was we would attempt to merge HTML & DOM PI and all the tests around the same time. Maybe tomorrow or Thursday in case zcorpan also wants to have a look. |
| 14:54 | <Noam Rosenthal> | OK SGTM! |
| 14:58 | <zcorpan> | Sounds good. I'll take a look |
| 18:00 | <jmdyck> | What is "PI"? |
| 18:19 | <annevk> | jmdyck: oh sorry, Processing Instruction, as in <?xml-stylesheet?> (except that one won't work in HTML for reasons). |
| 19:30 | <jmdyck> | Huh, I thought "The only PI I know is processing instruction, but that's probably not what he means." |
| 19:47 | <jmdyck> | Ah, now I see it: upstream/foolip/pi-parsing |
| 21:10 | <nektro> | sometimes i really wish there was a [hidden="visible"] |
| 21:53 | <nektro> | i refactored to not need it |