2021-08-01

2021-08-02
[02:58:24.0400] <jgraham>
Can someone point out to me what the errors are which are causing https://github.com/whatwg/html/pull/6921/checks?check_run_id=3205414516 to fail?

[03:23:57.0007] <sideshowbarker>
jgraham: https://github.com/whatwg/html/pull/6921/checks?check_run_id=3205414516#step:3:91
```
unloaded</span>, , then invoke <span>WebDriver BiDi navigation failed</span> with
```
The `, ,` there, I guess? (And possibly some other things after — I stopped looking when I found that `, ,`…)

[03:39:07.0053] <jgraham>
sideshowbarker: Apparently not :( Would be nice if this would print out which lint rules are actually failing in each case

[03:39:36.0296] <jgraham>
(for clarity: I fixed the `, ,` and still get the errors)

[05:10:06.0715] <sideshowbarker>
jgraham: I’ll check out the branch now, and try to see if I can debug it locally

[05:37:24.0859] <sideshowbarker>
jgraham: the one that’s failing is this:
>   perl -ne '$/ = "\n\n"; print "$_" if (/chosing|approprate|occured|elemenst|\bteh\b|\blabelled\b|\blabelling\b|\bhte\b|taht|linx\b|speciication|attribue|kestern|horiontal|\battribute\s+attribute\b|\bthe\s+the\b|\bthe\s+there\b|\bfor\s+for\b|\bor\s+or\b|\bany\s+any\b|\bbe\s+be\b|\bwith\s+with\b|\bis\s+is\b/si)' "$1" | perl -lpe 'print "\nPossible typos:" if $. == 1'


[05:37:36.0464] <sideshowbarker>
will look further

[05:38:00.0586] <sideshowbarker>
(And by the way I did not write this code.)

[05:39:03.0683] <jgraham>
Would be nice if it printed the actual re match along with the paragraph

[05:40:23.0548] <sideshowbarker>
indeed yeah it would be nice

[05:40:28.0031] <sideshowbarker>
this is nuts

[05:40:47.0048] <sideshowbarker>
anyway, I spotted a possible cause

[05:41:01.0196] <sideshowbarker>
“with with”

[05:41:12.0173] <sideshowbarker>
in lines 2-3 of the patch

[05:41:25.0969] <sideshowbarker>
will try fixing that now and re-testing

[05:44:26.0441] <sideshowbarker>
OK yeah, fixed three instances of that, and have one remaining other yet-unknown cause. Checking further…

[05:44:47.0075] <sideshowbarker>
ah, same — “with with”

[05:45:21.0212] <sideshowbarker>
yup, all fixed

[05:45:30.0645] <sideshowbarker>
will push a commit to your branch

[05:46:15.0332] <sideshowbarker>
…and done

[05:47:12.0241] <sideshowbarker>
sorry about that linter — we need to fix that

[06:03:07.0781] <jgraham>
sideshowbarker: Thanks!

[06:12:58.0185] <sideshowbarker>
cheers


2021-08-03
[06:21:32.0095] <annevk>
sideshowbarker: Domenic: if you could look at https://github.com/whatwg/dom/pull/1004 at least up until line 2100 that'd be terrific

[06:27:57.0256] <sideshowbarker>
annevk: will look now

[07:53:25.0299] <annevk>
Thanks sideshowbarker. To be clear though, I was thinking of aligning more prose with this new model if it looks good. There's actually quite a lot of text is impacted.

[07:54:00.0639] <sideshowbarker>
annevk: so you want suggestions on what else needs to be changed?

[07:54:25.0726] <annevk>
sideshowbarker: no, just if this direction looks good as a thing to expand upon; I can find the rest :-)

[07:54:43.0918] <sideshowbarker>
OK, I think in general it’s definitely an improvement

[07:55:25.0257] <sideshowbarker>
I am as usual more interested in the use case of web developers reading the spec than I am for implementors

[07:56:25.0269] <sideshowbarker>
as far as implementors, I get the impression that the existing spec works well overall for anybody implementing/writing code from it

[07:56:33.0776] <sideshowbarker>
 * as far as implementors, I get the impression that the existing spec works well overall for anybody implementing/writing code from it

[07:56:55.0931] <sideshowbarker>
but I think it’s a lot harder for developers to learn from

[07:57:07.0004] <annevk>
Apparently jsdom ran into issues with "is a Text node" not clearly including CDATASection nodes

[07:57:14.0710] <sideshowbarker>
aha

[07:57:43.0010] <sideshowbarker>
OK, yeah, I wondered who would actually be implementing these parts at this point

[07:58:39.0298] <annevk>
You don't really want to say Text or CDATASection however as otherwise you also need to say Element or HTMLAnchorElement or ... It gets tricky quickly

[07:59:09.0452] <sideshowbarker>
yeah, I can see that

[07:59:14.0889] <annevk>
Anyway, I hope that depending on CharacterData in a number of cases will make that more clear, as well as more clearly explaining what X node is.

[08:00:26.0929] <sideshowbarker>
I have recently been looking at some of the lowe-level DOM-related content at MDN, and to speak generously… it has a lot of room for improvement

[08:00:55.0943] <sideshowbarker>
there is actually nowhere any good “Introduction to the DOM” for web developers

[08:01:15.0239] <Domenic>
> <@annevk:mozilla.org> You don't really want to say Text or CDATASection however as otherwise you also need to say Element or HTMLAnchorElement or ... It gets tricky quickly

The difference is that when working in "DOM" code as opposed to "HTML" code, it's pretty natural to use .nodeType a lot.

[08:01:58.0359] <annevk>
Domenic: yeah that's fair, but there's nothing that corresponds to nodeType

[08:02:17.0083] <Domenic>
Yeah it's just very easy to think that "is a Text node" means .nodeType === TEXT_NODE

[08:02:32.0291] <Domenic>
I just opened the PR but if you use "implements" that will help.

[11:37:35.0061] <favonia>
Hi, I was checking the standard library of the Go programming language and found that the STD3 rules are disabled by default in the current WHATWG URL standard. I was a bit surprised because many Unicode characters in their KC normal forms could introduce forbidden host code points `@`, `#`, `/`, ... that are dangerous or at least misleading. The STD3 check protects us from those dangerous characters. I understand many existing hosts have the underscore `_` in their names that is forbidden by the STD3, but by disabling the entire STD3 check, we become vulnerable to many other attacks based on Unicode normalization. I believe this must have been carefully discussed somewhere within WHATWG. If not, I wonder how I should comment on the current URL standard and propose new changes. I am familiar with GitHub operations but I never interacted with WHATWG before, and would appreciate your guidance in making a proposal.

TL;DR: I wish to add a warning about the danger of disabling the STD3 check and, if an application chooses to disable the STD3 check (possibly to allow the underscore), it should verify that forbidden host code points would never arise from normalization and mapping.

[13:12:16.0771] <Domenic>
favonia: I don't think I understand the issue. Because those are forbidden host code points parsing will fail if they appear. It doesn't matter for the spec whether the parsing fails due to Unicode STD3 checking or because of the explicit step 7 in https://url.spec.whatwg.org/#concept-host-parser

[13:12:42.0938] <Domenic>
 * favonia: I don't think I understand the issue. Because those are forbidden host code points parsing will fail if they appear. It doesn't matter for the spec whether the parsing fails due to Unicode STD3 checking in step 5 or because of the explicit step 7 in https://url.spec.whatwg.org/#concept-host-parser

[14:06:19.0998] <favonia>
> <@domenicdenicola:matrix.org> favonia: I don't think I understand the issue. Because those are forbidden host code points parsing will fail if they appear. It doesn't matter for the spec whether the parsing fails due to Unicode STD3 checking in step 5 or because of the explicit step 7 in https://url.spec.whatwg.org/#concept-host-parser

As far as I understand, Step 7 does not prevent such attacks. The attack is that the _same_ URL (record) has multiple Unicode normal forms that would be parsed differently. Here is an example: 
```
https://google.com\uFF03@evil.com
```
A parser would give the following results:
- username: `google.com\uFF03`
- host: `evil.com`

But with its NFKC:
```
https://google.com#@evil.com
```
a parser would give these results instead:
- host: `google.com`
- fragment: `@evil.com`

So, the string and one of its normal forms are both valid URL records, but with different structures. The discrepancies can be exploited in many IDNA-aware applications to fool users or even bypass security checking. This attack is known as HostSplit.

[14:07:25.0388] <favonia>
> <@domenicdenicola:matrix.org> favonia: I don't think I understand the issue. Because those are forbidden host code points parsing will fail if they appear. It doesn't matter for the spec whether the parsing fails due to Unicode STD3 checking in step 5 or because of the explicit step 7 in https://url.spec.whatwg.org/#concept-host-parser

 * As far as I understand, Step 7 does not prevent such attacks. One attack is that the _same_ URL (record) has multiple Unicode normal forms that would be parsed differently. Here is an example:
```
https://google.com\uFF03@evil.com
```

A parser would give the following results:
- username: `google.com\uFF03`
- host: `evil.com`

But with its NFKC:
```
https://google.com#@evil.com
```

a parser would give these results instead:
- host: `google.com`
- fragment: `@evil.com`

So, the string and one of its normal forms are both valid URL records, but with different structures. The discrepancies can be exploited in many IDNA-aware applications to fool users or even bypass security checking. This attack is known as HostSplit.

[14:08:36.0298] <favonia>
 * As far as I understand, Step 7 does not prevent such attacks. One attack is that the _same_ URL (record) has multiple Unicode normal forms that would be parsed differently. Here is an example:
```
https://google.com\uFF03@evil.com
```

A parser would give the following results:
- username: `google.com\uFF03`
- host: `evil.com`

But with its NFKC (where `\uFF03` is normalized to `#`):
```
https://google.com#@evil.com
```

a parser would give these results instead:
- host: `google.com`
- fragment: `@evil.com`

So, the string and one of its normal forms are both valid URL records, but with different structures. The discrepancies can be exploited in many IDNA-aware applications to fool users or even bypass security checking. This attack is known as HostSplit.

[14:13:46.0165] <Domenic>
That is not how those URLs are parsed

[14:13:51.0903] <Domenic>
See https://jsdom.github.io/whatwg-url/#url=aHR0cHM6Ly9nb29nbGUuY29tI0BldmlsLmNvbQ==&base=YWJvdXQ6Ymxhbms=

[14:14:17.0860] <Domenic>
and https://jsdom.github.io/whatwg-url/#url=aHR0cHM6Ly9nb29nbGUuY29t77yDQGV2aWwuY29t&base=YWJvdXQ6Ymxhbms=

[14:16:28.0893] <Domenic>
I guess your larger point remains though

[14:16:41.0273] <Domenic>
Which is yes, different input strings can product different hosts

[14:16:52.0819] <Domenic>
Opening an issue to discuss that seems fine if you want?

[14:17:39.0317] <favonia>
Oops, sorry for my mistakes. It's hard to construct such contrived examples on the fly. 😛 Maybe `https://localhost＃@evil.com` and `https://localhost#@evil.com` would work.

[14:47:47.0104] <favonia>
After some thinking I realized this is probably more serious than I thought---the STD3 rules in UTS#46 could prevent some attacks but seem powerless to handle `https://localhost＃@evil.com` v.s. `https://localhost#@evil.com` where the problematic character is never part of the host/domain name. 😱

[14:50:18.0803] <favonia>
I can start a GitHub issue, though I will not be able to meaningfully participate in the discussions probably after two weeks. (I'm teaching in a university and the semester is starting...) Also, I am not an expert on Unicode/URL, merely a concerned user after reading these documents. There might be many strange corner cases that I am not aware of. Therefore, perhaps someone else should take the lead? I can still take the initiative.

[14:58:51.0874] <favonia>
PS: consistently applying STD3 rules can probably detect something like `https://cool.asi℀.evil.com` where `℀` could be normalized to `a/c`.

[15:01:01.0933] <Domenic>
https://cool.asi℀.evil.com is just an invalid URL https://jsdom.github.io/whatwg-url/#url=aHR0cHM6Ly9jb29sLmFzaeKEgC5ldmlsLmNvbQ==&base=YWJvdXQ6Ymxhbms=


2021-08-04
[17:12:48.0437] <sideshowbarker>
https://stackoverflow.com/questions/68641231/does-javascripts-abortable-fetch-close-the-http-connection

[17:29:16.0097] <favonia>
> <@domenicdenicola:matrix.org> https://cool.asi℀.evil.com is just an invalid URL https://jsdom.github.io/whatwg-url/#url=aHR0cHM6Ly9jb29sLmFzaeKEgC5ldmlsLmNvbQ==&base=YWJvdXQ6Ymxhbms=

Thank you. Now I see that the Step 7 you mentioned earlier implements a weaker version of the STD3 check that stopped my attack. However, I found another issue showing that whatwg-url probably violated (at least the spirit of) UTS#46. UTS#46 says:

> ...
> U+2260 ( ≠ ) NOT EQUAL TO
> U+226E ( ≮ ) NOT LESS-THAN
> U+226F ( ≯ ) NOT GREATER-THAN 
>
> ... If an implementation uses `UseSTD3ASCIIRules=false` but disallows any of these three ASCII characters, then it must also disallow the corresponding precomposed character for its negation. 

The URL standard forbids `<` and `>`, so I feel `≮` and `≯` should be banned as well. I am happy to open a GitHub issue on this (smaller issue).

https://jsdom.github.io/whatwg-url/#url=d3M6Ly88&base=YWJvdXQ6Ymxhbms=
https://jsdom.github.io/whatwg-url/#url=d3M6Ly/iia4=&base=YWJvdXQ6Ymxhbms=

[17:36:55.0374] <Domenic>
Yes, I think this is a case where conforming to the rules doesn't really buy anything. Encoding ≮ to punycode seems fine.

[17:37:47.0073] <Domenic>
It might be clearer if you think of the URL Standard as a standalone document that gives the full processing model. The fact that it calls into some specific Unicode algorithms with some parameters is interesting, but is just an implementation detail and isn't meant to indicate any greater alignment with the philosophies of those documents.

[17:42:25.0204] <favonia>
alright I will skip the reporting. it's perhaps an interesting technical point, though

[17:46:22.0835] <favonia>
Sorry I accidentally pressed Enter to create an issue when doing some complex editing on GitHub. Please give me some time to fix that :-/

[18:04:24.0614] <favonia>
Domenic: Is https://jsdom.github.io/whatwg-url some website I can/should cite in my reporting? The tool is very convenient and I wonder if it's "permanent" in any sense.

[18:39:11.0805] <Domenic>
favonia: yes, feel free to use that site.

[19:29:00.0506] <favonia>
> <@domenicdenicola:matrix.org> favonia: yes, feel free to use that site.

Done! https://github.com/whatwg/url/issues/626

[07:25:00.0831] <favonia>
> <@domenicdenicola:matrix.org> Yes, I think this is a case where conforming to the rules doesn't really buy anything. Encoding ≮ to punycode seems fine.

After checking the Unicode tables more carefully, I must disagree with this judgment and admit UTS#46 has done the right thing. My latest reporting was mainly about NFKC and NFKD, but if we agree that the standard should prevent problematic characters, then ≮, ≯ or even ≠ could generate <, > or = under NFD.

[07:25:50.0989] <favonia>
> <@domenicdenicola:matrix.org> Yes, I think this is a case where conforming to the rules doesn't really buy anything. Encoding ≮ to punycode seems fine.

 * After checking the Unicode tables more carefully, I must disagree with this judgment and admit UTS#46 has done the right thing. My latest reporting was mainly about NFKC and NFKD, but if we agree that the standard should prevent problematic characters on that basis, then ≮, ≯ or even ≠ could also generate <, > or = under NFD and should be banned as well.

[07:34:59.0516] <annevk>
That reading is only correct under the assumption that NFD(URL string) is a valid operation, which it's not; as long as you do URL parser(URL string) I don't think you have demonstrated an issue

[07:35:42.0023] <annevk>
I could see banning more code points out of caution (though we cannot ban all, e.g., `_` is important), but I wouldn't classify these as a problem with the URL parser

[07:39:53.0433] <favonia>
well... I did not imply that the current URL parser itself is wrong. I was only proposing to restrict valid URLs as you suggested. it would be kind of you to cite exact phrases which gave you such an impression so that I can revise my proposal.

[07:42:17.0763] <favonia>
Another thing is, according to your statements "You cannot apply Unicode normalization to all inputs" on GitHub, you seemed assume no normalization should be applied to URL strings. that's against the standard and W3C recommendations. NFC _must_ be applied to URL strings as well. There is a related page made by W3C Internationalization Activity: https://www.w3.org/International/questions/qa-html-css-normalization

[07:43:59.0055] <favonia>
 * Another thing is, according to your statement "You cannot apply Unicode normalization to all inputs" on GitHub, you seemed assume no normalization should be applied to URL strings. That's against the W3C recommendations. NFC _must_ be applied to URL strings as well. There is a related page made by W3C Internationalization Activity: https://www.w3.org/International/questions/qa-html-css-normalization

[07:44:08.0933] <favonia>
 * Another thing is, according to your statement "You cannot apply Unicode normalization to all inputs" on GitHub, you seemed assume no normalization should be applied to URL strings. That's against the W3C recommendations. NFC should be applied to URL strings as well. There is a related page made by W3C Internationalization Activity: https://www.w3.org/International/questions/qa-html-css-normalization

[07:45:22.0929] <favonia>
 * Another thing is, according to your statement "You cannot apply Unicode normalization to all inputs" on GitHub, you seemed assume no normalization should be applied to URL strings. That's against (at least the spirit of) the W3C recommendations. NFC should be applied to URL strings as well. There is a related page made by W3C Internationalization Activity: https://www.w3.org/International/questions/qa-html-css-normalization

[07:47:14.0263] <favonia>
 * Also, you seemed assume no normalization should be applied to URL strings. That's against (at least the spirit of) the W3C recommendations. NFC should be applied to URL strings as well. There is a related page made by W3C Internationalization Activity: https://www.w3.org/International/questions/qa-html-css-normalization

[07:51:17.0049] <annevk>
favonia: if you apply normalization at that level though, there is nothing the URL parser can do about it, because you cannot distinguish it from a URL that contains ASCII `#`

[07:52:58.0271] <favonia>
I want to repeat that I never implied that the URL parsing is at fault. Could you possibly cite the phrases that gave you such an impression? It seems we miscommunicated and I want to clear up the misunderstanding.

[07:53:08.0197] <annevk>
favonia: it might be worth raising with www-international@w3.org as it's a somewhat interesting case; you cannot take a URL from somewhere, validate its scheme and host, then put the input string in HTML that gets normalized; you'd have to put the serialization in which might not be something folks realize

[07:54:10.0555] <annevk>
favonia: you start out with talking about URL records, and URL records are the result of parsing

[07:54:32.0077] <favonia>
yes, but the parser is not the problem. at least not in my opinion.

[07:55:09.0269] <annevk>
"A proper fix would probably be similar to the sanitization of host names." Isn't that a parser change?

[07:55:52.0737] <favonia>
> <@annevk:mozilla.org> I could see banning more code points out of caution (though we cannot ban all, e.g., `_` is important), but I wouldn't classify these as a problem with the URL parser

no, this is what I meant. thank you for citing exact phrases so that I can prevent other people from misunderstanding the proposal

[07:57:45.0024] <annevk>
To be clear, that would be a change to the URL parser aimed at helping scenarios where people parse a URL string to validate it and then somehow output NFX(URL string) elsewhere, which is a somewhat problematic practice for various reasons

[07:58:37.0261] <annevk>
E.g., the changes to the URL's path or query are not something we could prevent in that way

[07:58:56.0767] <annevk>
(I gotta go for a bit)

[08:02:51.0777] <favonia>
> <@annevk:mozilla.org> To be clear, that would be a change to the URL parser aimed at helping scenarios where people parse a URL string to validate it and then somehow output NFX(URL string) elsewhere, which is a somewhat problematic practice for various reasons

technically yes, but I think there's a difference between only enlarging the set of forbidden/disrecommended characters and changing the structure of the parser

[08:06:54.0561] <annevk>
A difference in what sense?

[08:30:49.0237] <favonia>
Could you possibly elaborate more so that I can better answer it? I am happy to simply admit it's a change to the parser.

[08:32:53.0933] <favonia>
I don't feel how I personally classify different levels of changes matter here. If WHATWG thinks it's a major change, then it's a major change. If WHATWG thinks it's a minor change, then it's a minor change. I am happy to eliminate different usages in terminology. 

[08:33:13.0528] <favonia>
 * I don't feel how I personally classify different levels of changes matter here. If WHATWG thinks it's a major change, then it's a major change. If WHATWG thinks it's a minor change, then it's a minor change. I am happy to eliminate different usages in terminology in case it helps communication.

[08:33:33.0866] <favonia>
 * I don't feel how I personally classify different levels of changes matters here. If WHATWG thinks it's a major change, then it's a major change. If WHATWG thinks it's a minor change, then it's a minor change. I am happy to eliminate different usages in terminology in case it helps communication.

[08:38:46.0203] <annevk>
I just noticed that `＃` is already rejected when it's part of a host, but it's not rejected when used as a username or password. So STD3 Rules wouldn't matter there either way.

[08:39:11.0455] <annevk>
As in, `https://test＃test/` results in failure.

[08:39:41.0848] <favonia>
that's correct. proper checking has been done for host names in the current standard.

[08:40:23.0582] <annevk>
So yeah, I don't think this is something that can be changed. Those components are expected to allow arbitrary scalar values.

[08:41:43.0441] <annevk>
It might be worth calling out somewhere though and I also think raising this with www-international could be worthwhile.

[08:42:07.0456] <favonia>
as a disclaimer I only read these documents like three days ago. as a naive suggestion how about demanding percentage-encoding? 

[08:42:14.0217] <favonia>
 * as a disclaimer I only read these documents like three days ago. as a naive suggestion how about demanding percent-encoding? 

[08:42:24.0130] <favonia>
 * as a disclaimer I only started reading these documents like three days ago. as a naive suggestion how about demanding percent-encoding? 

[08:42:30.0433] <favonia>
 * as a disclaimer I only started reading these documents like 2-3 days ago. as a naive suggestion how about demanding percent-encoding? 

[08:47:50.0835] <annevk>
favonia: it would be a breaking change, URL strings have allowed U+FF03 (＃) for well over a decade

[08:48:22.0050] <annevk>
It's easier to ban certain things in hosts because they don't resolve anyway, but we cannot do that for paths and such

[08:54:05.0685] <favonia>
got it. well, I feel no one is a warning against any normalization forms other than NFC. following your comment, I guess banning ≮, ≯ in host names would be fine, then? it has almost zero practical impacts while saving us from some terrible situations due to mishandling of host names.

[08:54:29.0562] <favonia>
 * got it. well, I feel no one is a warning against any normalization forms other than NFC, then? I can actually be satisfied with just that. following your comment, I guess banning ≮, ≯ in host names would be fine, then? it has almost zero practical impacts while saving us from some terrible situations due to mishandling of host names.

[08:55:00.0241] <favonia>
 * got it. well, I feel no one is a warning against any normalization forms other than NFC, then? I can actually be satisfied with just that. following your comment, I guess banning ≮, ≯ in host names would be fine? it has almost zero practical impacts while saving us from some terrible situations due to mishandling of host names.

[08:55:54.0869] <favonia>
 * got it. well, I feel no one is aganist a warning about normalization forms other than NFC, then? I can actually be satisfied with just that. following your comment, I guess banning ≮, ≯ in host names would be fine? it has almost zero practical impacts while saving us from some terrible situations due to mishandling of host names.

[08:57:27.0462] <annevk>
Well, e.g., ≮ becomes xn--gdh, and it's not clear we can make that inaccessible. And generally we forbid things after ToASCII succeeds, not before. So for that one I'm not sure. It would also depend on how we resolve various other longstanding IDNA issues.

[08:58:42.0243] <annevk>
If you apply NFD or some such to a domain name and then pass it to a host parser you are already likely to end up on the wrong website so it's not clear this would prevent all of these attacks so it might be better if sites address the root cause.

[09:00:13.0837] <annevk>
Heck, if you apply NFD to HTML in general you would open yourself up to all kinds of attacks.

[09:00:38.0270] <annevk>
There's a reason you want NFC unless you do some kind of specialized text processing.

[09:01:33.0677] <annevk>
You might enjoy http://www.diveintomark.link/2004/unicode-normalization-form-c

[09:02:53.0776] <favonia>
Hah, it's funny and to the point. :laugh

[09:03:03.0746] <favonia>
 * Hah, it's funny and to the point. 😆

[09:03:38.0073] <favonia>
to be fair KD would be even worse

[09:11:36.0849] <favonia>
> <@annevk:mozilla.org> If you apply NFD or some such to a domain name and then pass it to a host parser you are already likely to end up on the wrong website so it's not clear this would prevent all of these attacks so it might be better if sites address the root cause.

No you will be fine even after NFD unless the application has serious bugs. See <https://unicode.org/reports/tr46/#ProcessingStepNormalize>. You need to compute NFC which would undo the "damage". At least Firefox got this correct.

[09:20:38.0808] <favonia>
`whatwg-url` gives the correct result as well (which is not really surprising because the `tr46` package used by `whatwg-url` correctly implements UTS46) https://jsdom.github.io/whatwg-url/#url=aHR0cHM6Ly88zLg=&base=YWJvdXQ6Ymxhbms=

[09:24:04.0499] <favonia>
anyways, personally I am much less motivated to promote the banning of ≮ and ≯ in host names because it seems significantly harder to construct concrete attacks.

[09:24:18.0614] <favonia>
 * anyways, personally I am much less motivated to promote the banning of ≮ and ≯ in host names because it seems significantly harder to construct concrete attacks. it's just a possibility.

[09:25:24.0236] <annevk>
Ah right, I guess you would need to apply one of the NFKx variants as those cannot be reversed if I remember correctly

[09:25:32.0210] <annevk>
It's been a long time since I looked at this in detail

[09:28:12.0865] <favonia>
as far as I have read (did I say I started the reading only days ago?), that seems to be the case. to be more precise, NFX is in general irreversible, but we only care about whether NFC(NFX(input)) = NFC(input) for some X here.

[16:14:40.0291] <favonia>
annevk Domenic Thank you for your guidance on GitHub. I however think the issue is going nowhere---I did not sense any positive support even for the suggestion to put in some warnings in the standard, and I am not willing to put in more efforts in convincing members of WHATWG. Is it okay for me to simply close the issue?

[16:15:46.0521] <favonia>
 * annevk Domenic Thank you for your guidance on GitHub. I however think the issue is going nowhere---I did not sense any positive support even for the suggestion to put in some warnings in the standard, and I am not willing to put in more efforts in convincing members of the WHATWG community. Is it okay for me to simply close the issue?


2021-08-05
[18:10:46.0852] <bakkot>
annevk: on https://github.com/whatwg/html/issues/5407, it might be worth posting an update pointing to https://bugs.chromium.org/p/chromium/issues/detail?id=1065085#c72, so that future readers know the status? (the issue is locked, understandably, so I can't do it myself)

[21:45:46.0411] <Domenic>
bakkot: I don't think so; there's still cross-browser agreement to remove the feature, so the spec reflects that.

[21:46:25.0301] <Domenic>
Individual shipping decisions are up to browsers to communicate as they wish.

[22:28:44.0929] <bakkot>
as someone coming across that thread, I would find it useful to know that Chrome's intent is to remove the feature _not before January 2022_, rather than to remove it as soon as resources permit

[22:29:10.0027] <bakkot>
not suggesting a change to the spec, just an informative post in the thread

[23:13:37.0729] <annevk>
bakkot: I unlocked it, feel free to add a comment

[00:29:20.0698] <sideshowbarker>
By the way, while I support that change, I can also say it did break quite a few embedded interactive examples at MDN

[00:31:12.0262] <sideshowbarker>
But those are entirely or almost entirely cases of examples that were using `alert()`, which is just bad anyway. So we're gonna fix those regardless.

[00:31:16.0938] <sideshowbarker>
https://github.com/mdn/content/issues/7566

[01:45:50.0737] <sideshowbarker>
PSA for people using the web-based Element client: If you don’t want to have to use the mouse to switch among rooms, you can use Ctrl-K or ⌘-K to focus the search box, and then use the arrow keys to navigate your rooms list

[01:46:35.0763] <sideshowbarker>
(tab doesn’t work as expected, but it’s a tree view)

[01:47:09.0654] <jgraham>
That would have been vry helpful to know yesterday when the android emulator decided to prevent mouse interactions with part of my screen, even when it wasn't focused :)

[01:48:59.0011] <sideshowbarker>
 * PSA for people using the web-based Element client: To switch among rooms, if you want to use keyboard navigation rather than the mouse, first do Ctrl-K or ⌘-K to focus the search box, and then use the arrow keys to navigate your rooms list

[01:49:08.0320] <sideshowbarker>
 * PSA for people using the web-based Element client: To switch among rooms, if you want to use keyboard navigation rather than the mouse, first do Ctrl-K or ⌘-K to focus the search box, and then use the arrow keys to navigate  through your rooms list

[01:49:22.0626] <sideshowbarker>
 * PSA for people using the web-based Element client: To switch among rooms, if you want to use your keyboard rather than the mouse, first do Ctrl-K or ⌘-K to focus the search box, and then use the arrow keys to navigate  through your rooms list

[01:49:48.0753] <sideshowbarker>
 * But those are entirely or almost entirely cases of examples that were using `alert()`, which is just bad anyway. So we're gonna fix those regardless.

[01:50:01.0692] <sideshowbarker>
haha

[01:50:19.0679] <annevk>
You can also do Option + Down/Up

[01:50:29.0893] <annevk>
(on macOS anyway)

[01:51:25.0549] <sideshowbarker>
annevk: oh wow, cool — didn’t know. I like that even better

[01:53:16.0529] <jgraham>
Appears to be alt+arrows here

[01:53:23.0572] <jgraham>
Not on macOS

[01:55:51.0048] <annevk>
What even is alt?

[01:59:08.0600] <sideshowbarker>
alt is an actual key on Linux keyboards, right?

[02:00:09.0117] <jgraham>
Honestly can't tell if people are trolling or if you've all been using macOS too long :p

[02:02:48.0794] <annevk>
Don't worry, I remember Ctrl+Alt+Del, also Alt+F4; not sure about Linux shortcuts anymore though, even though I used that more recently than Windows

[02:02:55.0602] <sideshowbarker>
anyway, as long as were at this this: Option (or Alt) + *Shift* + Down/up cycles you through just the list of your rooms with unread messages — like Option (or Alt) + a, in irrssi

[03:04:48.0982] <sideshowbarker>
https://github.com/WebKit/explainers/issues/55

[03:05:11.0502] <sideshowbarker>
WebKit implemented a `model` element?

[03:05:38.0296] <sideshowbarker>
Is there an associated proposal in the HTML spec issue tracker?

[03:06:17.0010] <sideshowbarker>
https://trac.webkit.org/changeset/279451/webkit/

[04:28:26.0817] <annevk>
Somehow Safari TP keeps disappearing from my computer, but last I checked HTMLModelElement was not exposed

[04:32:17.0287] <annevk>
Yeah, `document.querySelector("model")` with `<model>` somewhere in the document yields `HTMLUnknownElement`

[04:36:54.0190] <annevk>
👋 Surma 

[05:10:09.0149] <sideshowbarker>
Ah ok

[05:34:55.0950] <annevk>
Domenic: so thinking more about obj is/implements Y; I imagine we have that elsewhere too with Blob/File, but I guess there's not a lot of it as outside DOM there's not a lot of hierarchy in classes (I think)

[11:00:11.0072] <sideshowbarker>
https://github.com/mdn/content/issues/7457 is it right for `window.orientation` be flagged in MDN as deprecated? If so, given that the compat spec doesn’t say it’s deprecated or discouraged, is there some other authoritative so which does?

[11:00:36.0093] <sideshowbarker>
 * https://github.com/mdn/content/issues/7624 is it right for `window.orientation` be flagged in MDN as deprecated? If so, given that the compat spec doesn’t say it’s deprecated or discouraged, is there some other authoritative so which does?

[11:00:54.0620] <sideshowbarker>
 * https://github.com/mdn/content/issues/7624 is it appropriate for `window.orientation` to be flagged in MDN as deprecated? If so, given that the compat spec doesn’t say it’s deprecated or discouraged, is there some other authoritative so which does?

[11:01:10.0825] <sideshowbarker>
 * https://github.com/mdn/content/issues/7624 is it appropriate for `window.orientation` to be flagged in MDN as deprecated? If so, given that the compat spec doesn’t say it’s deprecated or discouraged, is there some other authoritative source which does?

[11:03:40.0138] <sideshowbarker>
or is it the case that pretty much everything in the Compat spec should be considered discouraged/deprecated?

[12:35:27.0912] <Domenic>
Weird case. Is there some better replacement?

[14:24:20.0937] <Sam Sneddon [:gsnedders]>
> <@sideshowbarker:mozilla.org> or is it the case that pretty much everything in the Compat spec should be considered discouraged/deprecated?

this would be my expectation, FWIW

[14:24:39.0268] <miketayl_r>
maybe screen orientation API?

[14:27:01.0174] <miketayl_r>
sideshowbarker: i guess we could include some text for given entries in compat like, prefer this standard thing instead (not sure how useful that is, but it wouldn't be hard)


2021-08-06
[18:20:37.0667] <sideshowbarker>
> <@miketayl_r:mozilla.org> sideshowbarker: i guess we could include some text for given entries in compat like, prefer this standard thing instead (not sure how useful that is, but it wouldn't be hard)

Yeah, I vote for that

[20:38:57.0977] <karlcow>
Compat spec has been conceived as a transition document. Nothing in there should be considered the source of truth. It just **attempts** to document things that need to be taken elsewhere in a proper spec **if the spec wants to take it on**.

[20:39:52.0760] <karlcow>
And yes having section pointing to the right place when it has been described in a proper spec would be great.

[20:41:07.0702] <karlcow>
sideshowbarker: 

> or is it the case that pretty much everything in the Compat spec should be considered discouraged/deprecated?


[20:41:18.0111] <karlcow>
do you mean on the authoring side of things?

[20:41:27.0256] <karlcow>
or implementation side of things?

[20:42:42.0911] <karlcow>
Definitely everything which is mentioned in compat spec should not be perceived as ok to write code. 

[20:50:26.0039] <sideshowbarker>
howdy karlcow yeah I meant strictly the author side of things

[07:35:29.0066] <EveryOS>
My HTML parser is 1400 lines and *still* fails to implement a *lot* of the parsing spec. That is one really long spec xD. My parser is worth about 14% of my project's code. Wow, that spec is long

[07:44:58.0461] <jgraham>
Tokei tells me that html5lib-python is ~13,000 lines of Python code (exclusing comments, but including the test harness and so on)

[07:46:51.0089] <jgraham>
Weirdly html5ever has the same number of lines of Rust to within 2%

[07:47:02.0541] <jgraham>
(as html5ever has of Python)

[07:47:08.0954] <jgraham>
 * (as html5lib has of Python)

[07:49:16.0683] <jgraham>
The validator.nu HTML parser seems to be about 28,000 lines of Java (also including infrastructure, etc.)

[07:49:19.0596] <EveryOS>
Wow, that's giant
Looks like I got my work cut out.
(I still need to learn Rust btw)

[07:52:32.0173] <EveryOS>
My unit tests also completely fail to exist
So I will have to write those someday.

[07:54:39.0633] <jgraham>
You know about https://github.com/html5lib/html5lib-tests/ ?

[07:59:23.0391] <EveryOS>
> <@jgraham_:matrix.org> You know about https://github.com/html5lib/html5lib-tests/ ?

No
But I do know about https://wpt.live/
I'll have to star that other one.

[12:49:05.0999] <bkardell>
Domenic: fwiw on https://github.com/openui/open-ui/issues/380#issuecomment-894404741 I think this is referring to HTMLOptionsList

[13:42:51.0619] <Domenic>
> <@bkardell:igalia.com> Domenic: fwiw on https://github.com/openui/open-ui/issues/380#issuecomment-894404741 I think this is referring to HTMLOptionsList

Sorry, I still don't quite understand... how is HTMLOptionsCollection an example, how is it related to me, and what do the principles Nicole referenced have to do with it?

[13:45:50.0692] <bkardell>
ah... it's possible I am wrong anyway- it might refer to this comment you made on the issue https://github.com/openui/open-ui/issues/380#issuecomment-891268912 - but I thought in the call it was brought up that you mentioned that, for example, the new select-like element should probably not reuse HTMLOptionsElement... In fact, it is probably the comment you made on the issue tho

[13:46:24.0694] <bkardell>
 * ah... it's possible I am wrong anyway- it might refer to this comment you made on the issue https://github.com/openui/open-ui/issues/380#issuecomment-891268912 - but I thought in the call it was brought up that you mentioned that, for example, the new select-like element should probably not reuse HTMLOptionsList... In fact, it is probably the comment you made on the issue tho

[13:46:42.0331] <bkardell>
s/list/collection

[13:48:51.0112] <bkardell>
the group had some decision to see if we could articulate principles about why we would choose to match or not and write them down, I think it was an attempt to summarize them

[13:49:31.0688] <bkardell>
 * Domenic:  ah... it's possible I am wrong anyway- it might refer to this comment you made on the issue https://github.com/openui/open-ui/issues/380#issuecomment-891268912 - but I thought in the call it was brought up that you mentioned that, for example, the new select-like element should probably not reuse HTMLOptionsList... In fact, it is probably the comment you made on the issue tho

[13:50:18.0383] <bkardell>
 * Domenic:  the group had some decision to see if we could articulate principles about why we would choose to match or not and write them down, I think it was an attempt to summarize them..  it's possible I am wrong anyway- it might refer to this comment you made on the issue https://github.com/openui/open-ui/issues/380#issuecomment-891268912 - but I thought in the call it was brought up that you mentioned that, for example, the new select-like element should probably not reuse HTMLOptionsList... In fact, it is probably the comment you made on the issue tho

[13:50:36.0240] <bkardell>
 * Domenic:  the group had some decision to see if we could articulate principles about why we would choose to match or not and write them down, I think it was an attempt to summarize them..  it's possible I am wrong anyway- it might refer to this comment you made on the issue https://github.com/openui/open-ui/issues/380#issuecomment-891268912 - but I thought in the call it was brought up that you mentioned that, for example, the new select-like element should probably not reuse HTMLOptionsCollection... In fact, it is probably the comment you made on the issue tho

[13:53:08.0611] <bkardell>
 * Domenic:  the group had some decision to see if we could articulate principles about why we would choose to match or not and write them down, I think it was an attempt to summarize them..  it's possible I am wrong anyway- I was thinking that in the call it was brought up that you mentioned that, for example, the new select-like element should probably not reuse HTMLOptionsCollection... In fact, it is probably the comment you made on the issue https://github.com/openui/open-ui/issues/380#issuecomment-891268912

[13:54:23.0633] <bkardell>
/me apologizes for multiple editing attempts to get that right if anyone was watching :)

[14:39:19.0687] <Domenic>
Yeah, to me it felt like reading the minutes they didn't really discuss the API at all...


2021-08-07
[20:07:51.0409] <sideshowbarker>
incidentally, if the html5lib Python parser has 13,000, the fact the vnu Java parser only having 28,000 seems to suggests that Java code is written pretty economically

[20:10:30.0612] <sideshowbarker>
it seems like Java code is almost always going to take significantly more than twice as many lines than most other common languages

[20:26:24.0763] <sideshowbarker>
https://www.python.org/doc/essays/comparisons/
> Python programs are typically 3-5 times shorter than equivalent Java programs. 

[20:26:55.0634] <sideshowbarker>
 * incidentally, if the html5lib Python parser has 13,000 lines of code, the fact the vnu Java parser only having 28,000 seems to suggests that Java code is written pretty economically

[20:27:15.0080] <sideshowbarker>
 * incidentally, if the html5lib Python parser has 13,000 lines of code, the fact the vnu Java parser only has 28,000 line seems to suggests the vnu Java code is written pretty economically

[23:22:59.0717] <sideshowbarker>
https://portswigger.net/research/http2

[00:12:57.0369] <sideshowbarker>
not quite sure what to do about https://github.com/mdn/content/issues/7667 — help welcome (even just issue comments)

[10:28:55.0924] <Domenic>
That issue seems based on some pretty bad confusions on how software works... like, how would the data belong to the "site"? Some sort of behind-the-scenes magic server-side syncing?

[10:33:22.0982] <Domenic>
I dunno though, maybe I'm just too deep into the ecosystem; maybe people coming to web dev from other ecosystems have different expectations.

[10:33:36.0649] <sideshowbarker>
yeah, I don’t know where to even begin on that one

[10:34:53.0643] <Domenic>
Like I feel like if you really wanted to address this in good faith you'd need a whole article or so on how browsers work (being self-contained, relying on the site for any long-term storage, etc.) which would make this clear?

[10:35:32.0567] <sideshowbarker>
I am not aware of other systems where if you have two arbitrary clients that are using some client-side persistent local storage, the state of the local storage from one arbitrary client gets automatically reflected to the local state for every other arbitrary client you might use

[10:36:09.0509] <sideshowbarker>
> <@domenicdenicola:matrix.org> Like I feel like if you really wanted to address this in good faith you'd need a whole article or so on how browsers work (being self-contained, relying on the site for any long-term storage, etc.) which would make this clear?

yeah. I don’t know how to respond to it productively without sounding dismissive

[10:36:19.0536] <Domenic>
Yeah like this person must not be thinking of browsers in that sense of the word "client", or maybe is new enough to development that they don't have the client-server dichotomy in their mental model

[10:37:12.0274] <Domenic>
I dunno it just seems like a really hard part of writing docs; what is the baseline level of understanding you require before the docs make sense. Given MDN's seeming mission to be everything (e.g. it has tutorials not just reference docs), that seems hard.

[10:39:12.0213] <sideshowbarker>
yeah this issue is not a completely isolated case — it’s just a matter of degree

[10:39:37.0519] <sideshowbarker>
same with the HTML issue tracker, actually

[10:40:50.0967] <sideshowbarker>
we have people show up and raise issues that the immediate reaction to is going to be, You really should probably read up a lot more about how all this works

[10:41:59.0600] <sideshowbarker>
but for MDN issues, I try to first take a breath and then really consider in good faith if there’s any possible useful refinement to the docs that could be salvaged out of the issue

[10:42:05.0285] <sideshowbarker>
sometimes there is

[10:42:35.0297] <sideshowbarker>
but anyway, this particular issue does make me realize that there’s a common misunderstanding that a lot of people have

[10:43:25.0341] <sideshowbarker>
…which is, they don’t realize that the code for a web application executes on their machines locally, inside the browser

[10:44:15.0516] <sideshowbarker>
I guess they imagine it somehow running out in the “cloud” somewhere, at some abstract “origin”

[10:55:04.0462] <sideshowbarker>
hmm, I guess that’s a bit of what it is in this case — the OP understands what a unique origin is, and they imagine that if code running at a particular origin creates some persistent thing, then that persistent thing should persist at that origin regardless of which browser you use to access it

[10:58:27.0334] <sideshowbarker>
and I suppose then that a fundamental they’re overlooking is that the persistent things are necessarily persisted per-user — otherwise, every user who ran some code at that origin would clobber the persisted stuff

[10:59:09.0922] <sideshowbarker>
and two different browsers is two different users — regardless of whether those browsers happen to be running on the same person’s machine

[10:59:24.0545] <sideshowbarker>
maybe I can try to write up a comment along those lines

[11:37:36.0058] <sideshowbarker>
commented: https://github.com/mdn/content/issues/7667#issuecomment-894691081


2021-08-08

2021-08-09
[23:51:38.0682] <annevk>
sideshowbarker: is there an equivalent to commit-snapshots/ for snapshots published on TR/? I.e., some kind of index

[01:21:23.0842] <sideshowbarker>
> <@annevk:mozilla.org> sideshowbarker: is there an equivalent to commit-snapshots/ for snapshots published on TR/? I.e., some kind of index

I know only https://www.w3.org/2002/01/tr-automation/tr.rdf

[01:21:36.0470] <sideshowbarker>
…and the related docs at https://www.w3.org/2002/01/tr-automation/tr.rdf

[01:22:21.0400] <sideshowbarker>
there’s also now https://api.w3.org/doc

[01:23:20.0235] <annevk>
sideshowbarker: I see, that RDF document only lists latest versions and doesn't list the full history as far as I can tell

[01:23:41.0362] <sideshowbarker>
OK

[01:24:24.0373] <sideshowbarker>
might be able to get more from one of the API endpoints at https://api.w3.org/doc#operations-tag-Specifications

[01:24:56.0607] <sideshowbarker>
…or some series of calls to some of those endpoints

[01:26:32.0489] <annevk>
I see, that seems to require a key

[01:26:40.0126] <annevk>
Thanks though

[01:26:57.0363] <sideshowbarker>
you can generate a key yourself

[01:27:06.0947] <sideshowbarker>
docs on that are at https://w3c.github.io/w3c-api/

[01:28:43.0618] <annevk>
Ah cool, I'll hand these to my colleague who was wondering about this

[01:29:21.0160] <sideshowbarker>
super

[01:29:55.0329] <sideshowbarker>
certainly plh or Dom or especially Denis could be more helpful than me

[01:30:14.0775] <sideshowbarker>
Denis develops and maintains the API

[01:30:53.0402] <sideshowbarker>
so also, if there’s something missing from the API that your colleague needs, there’s a good chance that Denis could add it

[01:31:33.0692] <annevk>
I kinda doubt they were looking for an API, but it might suffice 😊

[01:31:43.0576] <sideshowbarker>
hai


2021-08-10
[05:58:16.0925] <Domenic>
annevk: ping on re-review for https://github.com/whatwg/html/pull/6869 ?

[07:44:25.0364] <annevk>
Domenic: so to make sure I understand correctly, the remaining Window-object reuse question is about a subsequent navigation of this about:blank document, right?

[07:50:04.0345] <annevk>
Anyway, approved modulo that assumption and an optional nit

[08:11:07.0832] <Domenic>
annevk: yes, because you can't observe the Window before this initial pseudo-load, so you can't tell whether it was reused or not.

[08:20:20.0329] <jgraham>
TabAtkins: https://github.com/w3c/webdriver-bidi/pull/131 seems to have a bikeshed error that looks like a bug in the CSS SPec Preprocessor deployment (maybe I should file an issue as it suggests, but also I'm not sure how much attention is paid to issues on repos in tobie's personal GH).

[08:21:05.0323] <annevk>
Cool. Initially I was wondering if the Window would end up being replaced somewhere during the lifetime of the about:blank document (where Firefox would navigate to about:blank), but I realized that probably wasn't it.

[08:34:03.0872] <TabAtkins>
jgraham: looking

[08:34:52.0049] <TabAtkins>
Yup, bug on my end, apologies for that. I don't exercise that code path in my local test files... I should figure out how to.

[08:35:09.0584] <jgraham>
Thanks for investigating!

[08:39:34.0637] <TabAtkins>
Okay, GH is having issues atm, but as soon as it's up I'll push the fix.

[11:04:29.0342] <TabAtkins>
jgraham: GH is up and fix is pushed, lmk

[12:20:18.0483] <wanderview>
my PRs seem to be failing to build the preview with a bikeshed error... https://github.com/tobie/pr-preview/issues/93

[12:20:22.0031] <wanderview>
FYI, in case its related

[12:24:30.0341] <TabAtkins>
It was the same; I forgot that the processor relies on the pypi version. Update published.

[12:37:31.0840] <wanderview>
thanks

[13:40:37.0984] <wanderview>
TabAtkins: hmm, still seem to be getting 500's from pr-preview

[14:14:57.0682] <TabAtkins>
wanderview: learn something new about Python every day. confirmed it's fixed now, just pushed up, lmk


2021-08-11
[06:05:49.0794] <zcorpan>
hsivonen: looks like https://developer.mozilla.org/en-US/docs/Mozilla/Gecko/HTML_parser_threading no longer exists. Has it moved?

[06:15:22.0432] <jgraham>
I think everything Gecko related was removed from MDN

[06:15:41.0367] <zcorpan>
jgraham: ok ;_;

[06:17:07.0680] <jgraham>
https://web.archive.org/web/20201021003137/https://developer.mozilla.org/en-US/docs/Mozilla/Gecko/HTML_parser_threading still exists

[06:17:39.0385] <zcorpan>
thanks

[06:20:47.0949] <jgraham>
https://udn.realityripple.com/docs/Mozilla/Gecko/HTML_parser_threading also seems to be a thing, but I have no idea what the story behind that site is

[07:01:21.0843] <hsivonen>
> <@zcorpan_:matrix.org> hsivonen: looks like https://developer.mozilla.org/en-US/docs/Mozilla/Gecko/HTML_parser_threading no longer exists. Has it moved?

Thanks. Stuff like this was supposed to move in-tree, but I'll need to check if I need to actually take action to make it happen for this one.

[07:07:56.0673] <jgraham>
hsivonen: AFAICT gecko docs in general weren't moved in-tree.

[07:56:17.0623] <hsivonen>
Filed as https://bugzilla.mozilla.org/show_bug.cgi?id=1725183


2021-08-12
[18:27:49.0841] <bakkot>
random q: in step 3.1 of Formatter in the console spec, it calls `String(arg)`: https://console.spec.whatwg.org/#formatter

[18:28:15.0853] <bakkot>
this implies to me that `console.log(">%s<", ({ toString: () => { return 'custom' } }))` should print `>custom<`, which it does in FF, but not in Chrome (which instead prints `>Object<`)

[18:28:28.0094] <bakkot>
am I misreading, or is Chrome not following the spec?

[03:56:00.0779] <Luca Casonato>
Could someone explain why running the below snippet on https://google.com results in different output than https://source.chromium.org/? As far as I can tell neither are in quirks mode.

```js
const target = new EventTarget()
target.addEventListener("f", () => {
    console.log("f");
    queueMicrotask(() => console.log("f mt"));
});
target.addEventListener("x", () => {
    console.log("x");
    queueMicrotask(() => console.log("x mt"));
});
target.dispatchEvent(new Event("f"));
target.dispatchEvent(new Event("x"));
```

[03:56:35.0864] <Luca Casonato>
google.com logs
```
f
VM143:7 x
VM143:4 f mt
VM143:8 x mt


[03:56:57.0489] <Luca Casonato>
 * google.com logs
```
f
x
f mt
x mt
```
while source.chromium.org logs
```
f
f mt
x
x mt
```

[04:00:42.0316] <Luca Casonato>
Oh, source.chromium.org has a custom `queueMicrotask`. Should have looked for that right away. Please ignore :-)

[05:06:10.0577] <freddy>
this is why I test on example.com (.net, .org)

[05:06:16.0643] <freddy>
 * this is why I test on example.com (.net, .org) :P

[08:12:13.0858] <smaug>
anyone recalls why getElementsByTagName and such didn't end up to ShadowRoot?

[08:12:44.0135] <smaug>
ah, I guess because of HTMLCollection

[11:15:55.0957] <sideshowbarker>
https://stackoverflow.com/questions/68742660/when-response-text-promise-will-reject

[12:29:11.0428] <travisleithead>
👋

[12:31:28.0845] <Seirdy>
hey

[12:31:35.0113] <Seirdy>
just copying a question from irc:

[12:31:37.0655] <Seirdy>
question about the navigate-to csp directive (https://w3c.github.io/webappsec-csp/#directive-navigate-to): if i understand it correctly, this doesn't restrict links the user can click on to navigate; it only restricts navigations initiated by JS, redirects, and forms. is this accurate, or is its scope broader?

[12:40:55.0141] <Seirdy>
also: w3.org directed me to irc.w3.org and #whatwg on fleenode. irc.w3.org is mostly empty. freenode -> libera happened, and i was directed from irc to matrix here. so...are questions about w3c specs welcome here, or is there a better place?

[12:47:15.0082] <jgraham>
Seirdy: W3C is theoretically mostly still on IRC, although it's fragmented a bit. You can bridge from matrix to the IRC server if you want to have a single interface.

I think the answer to "are questions about W3C specs welcome here" is "it depends on the spec". 

[12:47:52.0816] <jgraham>
I think there are some people who can answer webappsec questions, and I don't know of a better place.

[12:51:19.0969] <Seirdy>
> <@jgraham_:matrix.org> Seirdy: W3C is theoretically mostly still on IRC, although it's fragmented a bit. You can bridge from matrix to the IRC server if you want to have a single interface.
> 
> I think the answer to "are questions about W3C specs welcome here" is "it depends on the spec". 

the biggest room on irc.w3.org has three members. the second biggest has two members.

[12:51:56.0712] <Seirdy>
i generally prefer using weechat anyway

[12:53:06.0914] <jgraham>
Seirdy: I"m in #_w3c_#webdriver:matrix.org and there are definitely more than 3 members

[12:53:38.0069] <Alan Stearns>
#css currently has 116 people

[12:53:44.0305] <Seirdy>
wait what

[12:54:22.0865] <Seirdy>
oh wait my usercount script us messed up

[12:54:29.0336] <Seirdy>
nevermind

[12:54:56.0546] <Seirdy>
kids, don't code while sleep deprived or you'll end up like me

[12:57:07.0722] <Seirdy>
ok thanks guys, cya.


2021-08-13
[19:05:23.0678] <devsnek>
what if the websocket constructor accepted protocol-relative urls

[19:05:42.0056] <devsnek>
is there a security reason or smth that it doesn't 

[23:39:41.0733] <annevk>
devsnek: I guess your actual question is why it doesn't accept HTTP(S) schemes? It probably could...

[01:05:00.0207] <nektro>
is there any json data (similar to https://html.spec.whatwg.org/entities.json) that lists the elements and what type they are apart of re: https://html.spec.whatwg.org/multipage/syntax.html#elements-2

[01:05:13.0346] <nektro>
 * is there any json data (similar to https://html.spec.whatwg.org/entities.json) that lists the elements and what type they are apart of re: <https://html.spec.whatwg.org/multipage>/syntax.html#elements-2

[01:05:25.0176] <nektro>
 * is there any json data (similar to https://html.spec.whatwg.org/entities.json) that lists the elements and what type they are apart of re: <https://html.spec.whatwg.org/multipage/syntax.html#elements-2>

[03:52:38.0212] <devsnek>
> <@annevk:mozilla.org> devsnek: I guess your actual question is why it doesn't accept HTTP(S) schemes? It probably could...

I suppose that's also a good question. Perhaps I'll open an issue.

[04:04:29.0128] <zcorpan>
do we have TPAC agenda for whatwg?

[05:31:38.0425] <annevk>
zcorpan: I don't think there is anything planned

[08:29:26.0284] <Domenic>
Given how lackluster last TPAC felt I am not inclined to do much.

[08:29:34.0933] <Domenic>
(it is online again this year)

[10:36:17.0964] <Luca Casonato>
anyone familiar with WebCrypto that might be able to answer https://github.com/w3c/webcrypto/issues/269?

[10:53:36.0679] <Domenic>
I pinged internally to see if whoever maintains WebCrypto in Chrome knows...

[11:00:26.0906] <Luca Casonato>
Awesome, thanks Domenic 

[11:41:21.0359] <TabAtkins>
Yeah virtual TPAC is *really* disappointing. The entire value-add of TPAC is hallway-conf.

[12:19:40.0021] <Domenic>
annevk: smaug: thoughts or straw-poll votes welcome for renaming app history's `respondWith()`: https://github.com/WICG/app-history/issues/94#issuecomment-888248569

[13:14:14.0519] <smaug>
well, I'd like to get rid of that, as you know 😉 But reading

[13:44:32.0889] <miketayl_r>
are whatwg specs taking ages to load for anyone else, or am i just lucky?

[13:44:59.0201] <miketayl_r>
just took like 2 minutes to load https://dom.spec.whatwg.org/

[13:46:52.0864] <Domenic>
DigitalOcean seems to be having trouble

[13:46:56.0742] <Domenic>
Although https://status.digitalocean.com/ is green still

[13:47:15.0999] <miketayl_r>
eventually HTML loaded for me

[13:47:20.0527] <miketayl_r>
but yeah, feels like network drama

[13:47:24.0221] <Domenic>
If you don't refresh the service worker will work for non-HTML specs

[13:57:01.0559] <Domenic>
Everything's back up

[13:59:31.0860] <miketayl_r>
awesome, thanks


2021-08-14
[21:50:57.0629] <sideshowbarker>
Anybody familiar with autoplay behavior in Firefox: Help wanted with https://github.com/mdn/content/issues/7908

[07:39:14.0053] <Domenic>
https://twitter.com/KawarabeEcma/status/1426420194109394947 is a good reminder that although linking to Infra definitions may seem a bit silly sometimes, i.e. "everybody knows what continue means in a loop", it can be helpful for first-time readers and people for whom English is not their first language.


2021-08-15
[10:24:48.0088] <annevk>
Domenic: that's a great thread <3; I'm on board

[10:28:10.0468] <Benny Powers>
hello! I'm thinking of making a proposal for a new web platform API that lets web developers imperatively set the `prefers-color-scheme` media query, or an allowlist of other keys.

something like
```js
await navigator.setMedia('prefers-color-scheme', 'dark');
```
the case I have in mind is "toggle color scheme" buttons, which right now typically set a class on the body. This works, but leads to duplication of code, as users would have to 
```css
body {
  --my-theme-color: darkgrey;
}
@media(prefers-color-scheme: dark) {
  body {
    --my-theme-color: lightgrey;
  }
}
body.dark {
    --my-theme-color: lightgrey;

[10:28:34.0536] <Benny Powers>
 * hello! I'm thinking of making a proposal for a new web platform API that lets web developers imperatively set the `prefers-color-scheme` media query, or an allowlist of other keys.

something like
```js
await navigator.setMedia('prefers-color-scheme', 'dark');
```

the case I have in mind is "toggle color scheme" buttons, which right now typically set a class on the body. This works, but leads to duplication of code, as users would have to
```css
body {
  --my-theme-color: darkgrey;
}
@media(prefers-color-scheme: dark) {
  body {
    --my-theme-color: lightgrey;
  }
}
body.dark {
    --my-theme-color: lightgrey;
}
```

Is this something that WHATWG might consider? is it worth my time trying a formal proposal?

[10:47:39.0992] <TabAtkins>
Benny Powers: That's a CSSWG issue, actually. And as it so happens, I started a thread on this exact thing, for that exact use-case, a few days ago: https://github.com/w3c/csswg-drafts/issues/6517

[10:48:02.0528] <Benny Powers>
thank you, @tab

[10:48:10.0817] <Benny Powers>
 * thank you, TabAtkins 


2021-08-16
[22:11:22.0491] <hsivonen>
Regarding the `meta` prescan discussion from mid-July, I filed https://github.com/whatwg/html/issues/6962

[00:51:19.0046] <sideshowbarker>
annevk: is the answer at https://stackoverflow.com/questions/68793536/why-cant-i-use-a-wildcard-on-access-control-allow-headers-when-allow-credenti/68799055#68799055 a correct reading of that note in the spec?

[00:53:21.0135] <sideshowbarker>
that is, responses that include credentials can’t have `Access-Control-Allow-Headers: *` but must instead explicitly list all the allowed header names?

[00:54:41.0472] <sideshowbarker>
(or more precisely, in responses that include credentials, the `*` in the `Access-Control-Allow-Headers` is interpreted by browsers as the literal header name `*` — not as the wildcard meaning “any header name”)

[00:55:02.0651] <sideshowbarker>
 * (or more precisely, in responses that include credentials, the `*` in the `Access-Control-Allow-Headers` value is interpreted by browsers as the literal header name `*` — not as the wildcard meaning “any header name”)

[04:38:22.0540] <annevk>
sideshowbarker: yeah

[06:02:52.0153] <hsivonen>
html5lib-tests expect `<!DOCTYPE>` to have `null` name. See https://github.com/validator/htmlparser/issues/35 . Yet, per https://dom.spec.whatwg.org/#documenttype , the name isn't nullable in the DOM, and is `""` rather than `null` in Chrome. Is the difference between `null` and `""` visible via the Web? Should the spec and test suite change instead of implementations?

[06:03:53.0271] <hsivonen>
(Context, trying to merge https://github.com/validator/htmlparser/commit/3be25a0e44adda338c99bcc85ae9b6167522bc75 to Gecko and wrote a WPT expecting `null`.)

[06:34:11.0139] <Sam Sneddon [:gsnedders]>
> <@hsivonen:mozilla.org> html5lib-tests expect `<!DOCTYPE>` to have `null` name. See https://github.com/validator/htmlparser/issues/35 . Yet, per https://dom.spec.whatwg.org/#documenttype , the name isn't nullable in the DOM, and is `""` rather than `null` in Chrome. Is the difference between `null` and `""` visible via the Web? Should the spec and test suite change instead of implementations?

> DOCTYPE tokens have a name, a public identifier, a system identifier, and a force-quirks flag. When a DOCTYPE token is created, its name, public identifier, and system identifier must be marked as missing (which is a distinct state from the empty string), and the force-quirks flag must be set to off (its other state is on).

That said, I don't think _anything_ (even parse errors) differ between null and "" for the name

[06:36:27.0333] <Sam Sneddon [:gsnedders]>
(for public identifiers and system identifiers it can be observed _if_ you can observe parse errors, and in certain combinations by quirks mode activation)

[06:37:34.0028] <Sam Sneddon [:gsnedders]>
there's some kinda broad questions about how useful/accurate the tokeniser tests are, given for many implementations it's not possible to run the tokeniser in isolation 

[07:09:30.0091] <zcorpan>
"Each Entity must: identify individuals who are authorized to participate in each Workstream, " - how do I do this?

[07:32:02.0415] <zcorpan>
Also can I just invite colleagues to the whatwg github org?

[07:39:08.0318] <Domenic>
> <@zcorpan_:matrix.org> "Each Entity must: identify individuals who are authorized to participate in each Workstream, " - how do I do this?

Using the GitHub org

[07:39:14.0549] <Domenic>
> <@zcorpan_:matrix.org> "Each Entity must: identify individuals who are authorized to participate in each Workstream, " - how do I do this?

 * Using the per-entity GitHub org

[07:39:47.0526] <Domenic>
> <@zcorpan_:matrix.org> Also can I just invite colleagues to the whatwg github org?

Yeah historically we've used org membership as just "do you want a cool WHATWG badge on your profile" so anyone can join.

[07:41:29.0129] <zcorpan>
Domenic: so members of bocoup github org are allowed to participate in whatwg workstreams?

[07:42:05.0731] <Domenic>
Yes, since you set that as the org in https://github.com/whatwg/participant-data/blob/8a6e5999042588478cadb24c8e0480accc7c9b9a/entities.json#L189

[07:43:34.0232] <zcorpan>
aha, thanks. I'll check if we should use a dedicated org for standards stuff

[08:31:57.0662] <zcorpan>
hsivonen: I wonder if it's feasible to kill <noscript> and always parse as "scripting enabled"

[08:47:16.0148] <Ms2ger 💉💉>
What's a workstream?

[08:49:50.0074] <Luca Casonato>
> "Workstream" means a unified technical development effort (in most cases developing a single Living Standard, more than one only if inextricably bound together). Workstreams and Contributions are publicly visible.

[08:49:51.0902] <Luca Casonato>
From https://whatwg.org/workstream-policy#definitions

[08:54:05.0777] <Ms2ger 💉💉>
So a kind of mini-WG?

[08:54:20.0482] <zcorpan>
Domenic: https://github.com/whatwg/infra/commit/cd60f9e3b54e915d4b86b4e09bda6d6ba6d4eb08#diff-9f2a5a182d15704e72509db6ba7bbb4e246b193e1775be20d70f8e96de33d990R948 can't start be equal to 0?

[08:56:33.0062] <Luca Casonato>
> <@ms2ger:igalia.com> So a kind of mini-WG?

WHATWG is in itself a working group, so having more working groups inside that working group would be confusing. So indeed, its comparable to a working group in W3C for example, except more "low overhead".

[08:58:35.0650] <Ms2ger 💉💉>
Back in my day, we didn't have any of this stuff :)

[08:59:02.0472] <zcorpan>
An Entity can participate in only some Workstreams, so I guess it's a way to limit IP concerns

[09:16:49.0902] <Domenic>
> <@zcorpan_:matrix.org> Domenic: https://github.com/whatwg/infra/commit/cd60f9e3b54e915d4b86b4e09bda6d6ba6d4eb08#diff-9f2a5a182d15704e72509db6ba7bbb4e246b193e1775be20d70f8e96de33d990R948 can't start be equal to 0?

Oof, good catch, thank you.

[09:17:53.0647] <Domenic>
Hmm and length being 0 would be useful too, I think that must have been part of what annevk meant.


2021-08-17
[17:57:46.0917] <sideshowbarker>
We don’t seem to have any where a definition of what _“transient activation”_ or _“transient user activation”_ is.

[17:58:57.0625] <sideshowbarker>
I mean, I developer-friendly definition (vs something for implementors that’s just implied through what’s affected by the relevant spec requirements).

[17:59:55.0918] <sideshowbarker>
Is it possible to state in one or two sentences what _“transient activation”_ actually means?

[18:00:31.0902] <sideshowbarker>
Does it mean “requires a user gesture”? Or does it mean more than that?

[18:00:45.0367] <sideshowbarker>
 * We don’t seem to have anywhere a definition of what _“transient activation”_ or _“transient user activation”_ is.

[18:05:31.0422] <sideshowbarker>
I take it that maybe it means, the entire browsing context is one that’s somehow known to have been triggered by a user gesture, and therefore for all features within that browsing context that would normally be considered to require a separate user gesture, the user gesture is considered to have already happened?

[18:08:50.0438] <sideshowbarker>
Does “transition activation” mean the same thing as saying the user gesture has been _“propagated”_? Or are those two things not synonymous (but instead there’s some more complex relation)?

[18:09:23.0359] <sideshowbarker>
I’m trying to read between the lines of the discussion at https://github.com/whatwg/html/issues/1903 (and other places)

[18:10:45.0035] <sideshowbarker>
…and https://docs.google.com/document/d/1erpl1yqJlc1pH0QvVVmi1s3WzqQLsEXTLLh6VuYp228/edit#

[18:14:00.0596] <sideshowbarker>
…and https://html.spec.whatwg.org/multipage/interaction.html#user-activation-gated-apis

[18:17:15.0068] <sideshowbarker>
context is that this has come up in recent MDN article content which uses the term _“transient user activation”_ but that I we don’t yet have defined anywhere in MDN (nor have any external definition to link to)

[18:17:36.0017] <sideshowbarker>
I guess I should wait to hear from Domenic for some guidance

[18:18:30.0753] <sideshowbarker>
 * context is that this has come up in recent MDN article content which uses the term _“transient user activation”_ without us yet having defined that term anywhere in MDN (and without having any external definition to link to)

[19:54:20.0508] <sideshowbarker>
Draft definition: https://pr7962.content.dev.mdn.mozit.cloud/en-US/docs/Glossary/Transient_activation

[19:54:52.0975] <sideshowbarker>
> **Transient activation** (or "transient user activation") is a window state that indicates a user has recently pressed a button, moved a mouse, used a menu, or performed some other user interaction.

[19:55:40.0997] <sideshowbarker>
PR at https://github.com/mdn/content/pull/7962

[00:03:01.0394] <annevk>
Domenic: no I missed that. My concern was more that a caller might want something like str.substring(0,10), but is okay with getting back shorter strings and doesn't want to truncate the length argument based on the input

[00:04:17.0314] <annevk>
Domenic: and similarly you might want to do str.substring(5,1), but be okay with getting back the empty string for strings that are not at least 6 long

[00:18:14.0779] <sideshowbarker>
https://lists.w3.org/Archives/Public/public-webappsec/2021Aug/0009.html reading Martin Thompson say that he finds some part of a spec “mind-numbingly arcane”, I no longer feel so bad for similar mind-numbness I feel when reading some specs. Kind of feel like I’m in pretty good company now…

[00:20:43.0312] <sideshowbarker>
this makes me think the entire *navigate* algorithm should ideally have normative domintro box saying something meaningful for normal readers about what the algorithm does and what some key points/effects are

[00:21:25.0042] <sideshowbarker>
and in general, for other algorithms, across our core specs

[00:22:16.0186] <sideshowbarker>
…because people do read actually those algorithms and try to exfiltrate some understanding from them

[00:23:23.0879] <sideshowbarker>
 * this makes me think the entire **navigate** algorithm should ideally have normative domintro box saying something meaningful for normal readers about what the algorithm does and what some key points/effects are

[00:25:45.0777] <sideshowbarker>
I feel like only people who actually have a clear understanding of the **navigate** algorithm are the editors who wrote it and the *maybe* implementors who implemented it — but I suspect even the implementors, to (re)understand it, would end up needing to go back and look at the code they wrote, rather than the prose of the spec

[00:28:10.0199] <sideshowbarker>
And to be clear, I’m not complaining about the quality of spec prose — just saying it’s kind of inherently going to be arcane to pretty much anybody. And so supplementing it with some kind of non-normative domintro intro or outro could help a bit for orienting readers.

[00:28:47.0822] <sideshowbarker>
 * I feel like only people who actually have a clear understanding of the **navigate** algorithm are the editors who wrote it and _maybe_ implementors who implemented it — but I suspect even the implementors, to (re)understand it, would end up needing to go back and look at the code they wrote, rather than the prose of the spec

[00:29:44.0318] <sideshowbarker>
 * this makes me think the entire **navigate** algorithm should ideally have a non-normative domintro box saying something meaningful for normal readers about what the algorithm does and what some key points/effects are

[00:30:06.0274] <sideshowbarker>
 * I feel like the only people who actually have a clear understanding of the **navigate** algorithm are the editors who wrote it and _maybe_ implementors who implemented it — but I suspect even the implementors, to (re)understand it, would end up needing to go back and look at the code they wrote, rather than the prose of the spec

[00:30:18.0432] <sideshowbarker>
 * I feel like the only people who actually have a clear understanding of the **navigate** algorithm are the editors who wrote it and _maybe_ the implementors who implemented it — but I suspect even the implementors, to (re)understand it, would end up needing to go back and look at the code they wrote, rather than the prose of the spec

[00:33:34.0515] <Ms2ger 💉💉>
Are there any implementors who actually implemented the navigate algorithm as written by now? :)

[00:34:51.0384] <sideshowbarker>
touché

[04:53:13.0738] <Sam Sneddon [:gsnedders]>
> <@sideshowbarker:mozilla.org> this makes me think the entire **navigate** algorithm should ideally have a non-normative domintro box saying something meaningful for normal readers about what the algorithm does and what some key points/effects are

I've argued this before, as it makes the spec often largely opaque. See also https://github.com/whatwg/dom/issues/474 for DOM events.

[05:01:03.0801] <sideshowbarker>
/me looks

[05:04:26.0330] <hsivonen>
I'm a bit skeptical if https://github.com/html5lib/html5lib-tests/blob/master/tokenizer/domjs.test#L197 is worth enough having that it makes sense to expose more API surface in a parser implementation in order to pass it.

[05:08:31.0719] <Sam Sneddon [:gsnedders]>
What's the challenge there? Needing to know whether the source string came from endianness-unknown UTF-8/16 etc.?

[05:09:01.0005] <hsivonen>
> <@gsnedders:mozilla.org> What's the challenge there? Needing to know whether the source string came from endianness-unknown UTF-8/16 etc.?

Being able to turn off BOM removal.

[05:09:40.0911] <Sam Sneddon [:gsnedders]>
per spec, BOM removal is part of the decode step in Encoding, right?

[05:10:43.0020] <hsivonen>
> <@gsnedders:mozilla.org> per spec, BOM removal is part of the decode step in Encoding, right?

Yes, but it's a bit fictitious for formats that support internal encoding declarations and, therefore, have format-internal logic.

[05:23:18.0044] <hsivonen>
Well, I suppose there's already a de facto release of the parser from the validator-nu branch, so it's not worthwhile to try to avoid that bit of public API in the other branch.

[05:27:29.0193] <sideshowbarker>
hsivonen: I can’t remember for sure I’m not certain the validator-nu release of the parser is actually usable outside the context of integration with the HTML checker release

[05:28:22.0548] <hsivonen>
Well, anyway `Driver.java` is low-level anyway, so let's just get it merged.

[05:28:25.0625] <sideshowbarker>
and to be clear, the only release has been of the maven jar to the central repo — and even that’s never been announced


[05:28:35.0289] <sideshowbarker>
> <@hsivonen:mozilla.org> Well, anyway `Driver.java` is low-level anyway, so let's just get it merged.

OK

[05:30:05.0227] <hsivonen>
I'm less happy about exposing the sniffing limit esp if https://github.com/whatwg/html/issues/6962 happens, but no exposing that one seems to block a whole lot of other patches. And that also seems to be in a low-level building block anyway.

[05:31:48.0926] <hsivonen>
`master` is now missing only 5 changesets from `validator-nu` and 2 of those are in-flight for m-c, so I'll probably merge them tomorrow.

[05:32:39.0114] <hsivonen>
The three patches that will be left are the hardest one (ambiguous ampersand) and the null doctype thing, which I'm inclined to say is a spec bug.

[05:32:54.0544] <hsivonen>
Null doctype name, that is.

[05:34:25.0298] <hsivonen>
Another possibility is merging the null doctype patches after ensuring the change isn't Web-visible, but it seems silly to have this kind of tokenizer-level difference from what's exposed via the DOM.

[05:35:48.0672] <sideshowbarker>
Yeah the ambiguous-ampersand one is a beast. But if I recall correctly I at least did finally manage to get that one passing all html5lib tests. So at least it is spec-conforming.

[05:37:51.0792] <hsivonen>
sideshowbarker: Note: I ended up discarding https://github.com/validator/htmlparser/commit/b50d61182d08f9da3cb69650c7f62126f812bb39 , so that's not included in "5"

[05:37:53.0189] <sideshowbarker>
about the null-doctype-name patch, I personally have no strong opinion or special insights on the harder questions about it — I just wrote it to get the relevant html5lib tests passing

[05:38:06.0320] <sideshowbarker>
/me > <@hsivonen:mozilla.org> sideshowbarker: Note: I ended up discarding https://github.com/validator/htmlparser/commit/b50d61182d08f9da3cb69650c7f62126f812bb39 , so that's not included in "5"

looks

[05:39:19.0869] <sideshowbarker>
At this point, I can’t even remember the context for that one…

[05:40:16.0566] <hsivonen>
It was the addition I made the last time round I tried to merge a patch affecting EOF-in-template error reporting, but I solved it in a different way that's forward-compatible with Firefox perhaps becoming able to visualize EOF-triggered errors.

[05:40:55.0509] <sideshowbarker>
aha, yeah, recalling that template stuff

[05:41:24.0634] <sideshowbarker>
anyway the main end goal I had with all the open PRs/patches I wrote was that we could set up CI to run the html5lib test suite so that we could catch any regressions

[05:42:43.0698] <sideshowbarker>
being certain that we separately confirm we are conforming to the spec was a secondary concern for me :) because I work on faith that the html5lib tests are written to conform to the actual spec requirements

[05:44:06.0432] <hsivonen>
Perhaps it's the least churn for everyone if I just merge the doctype stuff and ensure that it's not Web-visible. But it would be sad if we now have so many project depending on the test suite that it's no longer worthwhile to change the spec or suite.

[05:44:23.0408] <sideshowbarker>
also I think for the HTML checker behavior, most (or maybe none) of these changes actually make no difference — so it’s been hard for me to feel much direct pain about any issues with them

[05:44:50.0124] <hsivonen>
The ones that affect Firefox View Source definitely affect the checker, too.

[05:45:24.0551] <sideshowbarker>
> <@hsivonen:mozilla.org> Perhaps it's the least churn for everyone if I just merge the doctype stuff and ensure that it's not Web-visible. But it would be sad if we now have so many project depending on the test suite that it's no longer worthwhile to change the spec or suite.

yeah I agree not being able to bring the test suite into conformance with the spec is not good

[05:46:36.0649] <sideshowbarker>
but it seems to me like there are not that many projects that are using the test suite and would definitely break / need to change their implementations

[05:47:29.0761] <sideshowbarker>
I mean, it seems like it’s on the order of just 6 or 7?

[05:47:46.0405] <hsivonen>
Not sure how many there are.

[05:48:38.0988] <hsivonen>
My primary concern is that leaving this oddity in could make non-browser-DOM APIs diverge from browsers in what they expose. However, probably no one care about what the non-browser API expose for doctype.

[05:48:53.0841] <sideshowbarker>
I think most of the non-browser implementations would not be resistant to changing their code. But it’s the browser projects that would.

[05:49:18.0412] <hsivonen>
Does any browser project even run the tokenizer tests?

[05:49:27.0586] <sideshowbarker>
> However, probably no one care about what the non-browser API expose for doctype.
Bingo. I would think so too.

[05:49:47.0155] <hsivonen>
Firefox runs them only on the Java level.

[05:50:42.0729] <sideshowbarker>
> <@hsivonen:mozilla.org> Does any browser project even run the tokenizer tests?

I think maybe only the validator-nu parser CI I set up does. I don’t think the JS parsers do. Maybe.

[05:51:16.0629] <hsivonen>
Let's see if someone else comments here soon. I need to step away from the computer for a bit now.

[05:51:32.0419] <sideshowbarker>
OK

[10:32:55.0912] <Sam Sneddon [:gsnedders]>
> <@hsivonen:mozilla.org> Does any browser project even run the tokenizer tests?

validator-nu in Java is the closest to any browser

[10:34:10.0287] <Sam Sneddon [:gsnedders]>
honestly I think having a longer discussion about the tokeniser tests and their value is probably worthwhile; there's no trivial path to convert them to tree construction tests (given there's no guarantee what they're testing will actually create a different tree for a slightly different sequence of tokens), but I think there's some questions about their value

[10:34:52.0632] <Sam Sneddon [:gsnedders]>
even just giving "here's the tokens that would be generated by the tokeniser" (without the tree constructor changing state?) for each tree construction test might be actually as valuable

[10:36:20.0850] <Sam Sneddon [:gsnedders]>
but of course that again means changing the tree construction test format to include them, which I know Henri has objected to before

[11:25:13.0185] <Domenic>
accent-color is now a thing. The only interesting form controls I could find to WHATWG-green-ify are those on https://participate.whatwg.org/agreement but then it looks weird next to the blue links...


2021-08-18
[23:27:46.0029] <hsivonen>
> <@gsnedders:mozilla.org> but of course that again means changing the tree construction test format to include them, which I know Henri has objected to before

I don't object to changing the tree construction test format for good reasons and in a documented way. I object to introducing unnecessary and accidental variability in the test case container format, such as putting the fields in a different order for some test inputs.

[03:52:02.0812] <hsivonen>
Oops. I've manually landed changesets that had corresponding PRs open. Can I associate a changeset as being a PR merge after the fact?

[04:00:21.0700] <hsivonen>
I can't see anything in `gh pr` docs that would let me do that. Seems like an obvious thing to want to do. :-(

[04:23:33.0040] <hsivonen>
sideshowbarker: I'm bad at GitHub. Sorry.

[05:18:49.0896] <sideshowbarker>
hsivonen: no worries

[05:19:18.0745] <sideshowbarker>
I can review the commits and close the PRs

[05:20:18.0304] <sideshowbarker>
in the GitHub UI there may be some way to retroactively associate merged commits with PRs — I’m not sure, because I’ve never tried it

[05:21:11.0595] <hsivonen>
It seems like a feature that should be a FAQ-level thing, but I didn't find it. It's possible that I'm also bad at searching.

[05:22:15.0778] <sideshowbarker>
well, the searchability and coverage of the Github docs leaves a lot to be desired

[05:55:37.0517] <freddy>
> <@hsivonen:mozilla.org> Oops. I've manually landed changesets that had corresponding PRs open. Can I associate a changeset as being a PR merge after the fact?

AFAICT, the association only happens through PR/Issue titles and commit messages. _Maybe_ you can change a PR title to point to the issue, otherwise you might have to rewrite the commit message :<

[05:59:21.0792] <sideshowbarker>
thinking about that, I considered that maybe I could rewrite the commit messages for the commits on the validator-nu branch only — not the main branch

[05:59:37.0386] <sideshowbarker>
I have rewritten the history on the validator-nu branch of the htmlparser repo many times — but never by changing the commit messages from upstream commits from the main branch

[06:00:24.0935] <sideshowbarker>
I think if I changed the commits messages on the validator branch, that’d break rebasing of the branch against the main branch

[06:01:11.0840] <sideshowbarker>
I guess we could just re-write them in the history on the main branch, but we have so far never rewritten history on the main branch

[06:34:54.0856] <annevk>
freddy: there's an association outside of that, called associatedPullRequests, but I cannot find a way to programmatically set it. The only way I know it gets populated is through the merge UI on github.com. (Though maybe if you merge a PR through gh pr it also gets set, haven't tried that.)

[07:00:35.0346] <hsivonen>
> <@fbraun:mozilla.org> AFAICT, the association only happens through PR/Issue titles and commit messages. _Maybe_ you can change a PR title to point to the issue, otherwise you might have to rewrite the commit message :<

I left the commit messages as-is.


2021-08-19
[05:22:24.0239] <hsivonen>
Do I understand correctly that the ambiguous ampersand landed in the spec as an "editorial" changeset without a bug link? https://searchfox.org/whatwg-html/diff/71f8237e60a0a4b356ec5b75f6a7683f74b3900c/source#29968

[08:29:20.0767] <Domenic>
No, it seems to have landed in 2007 by Hixie, before browser bugs were a thing. And it's not marked as editorial. This is a bit more obvious if you GitHub. https://github.com/whatwg/html/commit/71f8237e60a0a4b356ec5b75f6a7683f74b3900c

[08:31:08.0237] <Domenic>
Oh, maybe "[e]" means editorial, dunno.

[08:33:56.0801] <Ms2ger 💉💉>
Lemme check http://html5.org/tools/web-apps-tracker

[10:23:13.0543] <sideshowbarker>
sigh https://drafts.csswg.org/ wedged once again for the umpteenth time

[10:24:19.0895] <sideshowbarker>
/me goes off to file his umpteenth bug report about it

[10:24:27.0037] <sideshowbarker>
Groundhog Day

[10:25:02.0805] <DerekNonGeneric>
Where do we talk about CSS?

[10:25:18.0407] <sideshowbarker>
here I guess

[10:25:30.0975] <sideshowbarker>
as far as substantive discussions go

[10:25:44.0890] <sideshowbarker>
TabAtkins is here

[10:29:49.0754] <DerekNonGeneric>
made some progress w/ CSS in AMP, pull requests made approved, merged, live and online

[10:41:33.0504] <DerekNonGeneric>
there was a problem w/ the `scroll-padding-*` i had mentioned the other day

[10:41:45.0248] <DerekNonGeneric>
so, we go that taken care of in https://github.com/ampproject/amphtml/issues/34378

[10:42:20.0250] <DerekNonGeneric>
that issue is only half, but super nice to see how that all works

[10:43:01.0069] <DerekNonGeneric>
(have been out of the loop for a while, but no big deal)

[10:53:19.0759] <DerekNonGeneric>
oh yeah, the `scroll-margin-*` stuff too, but not really sure what that is for

[11:05:54.0259] <DerekNonGeneric>
MDN has some examples (thank you to whoever made those) https://developer.mozilla.org/en-US/docs/Web/CSS/scroll-margin-top

[12:39:38.0316] <DerekNonGeneric>
* made some progress w/ CSS in AMP; pull requests made, approved, merged, live and online (stable)


2021-08-20
[23:08:01.0678] <hsivonen>
> <@domenicdenicola:matrix.org> Oh, maybe "[e]" means editorial, dunno.

I thought [e] was editorial.

[23:08:46.0890] <hsivonen>
Does anyone happen to remember whether the ambiguous ampersand proposal proceeded in W3C Bugzilla, on public-html or on the whatwg mailing list?

[23:28:37.0512] <DerekNonGeneric>
> <@hsivonen:mozilla.org> Does anyone happen to remember whether the ambiguous ampersand proposal proceeded in W3C Bugzilla, on public-html or on the whatwg mailing list?

???

[23:32:07.0087] <DerekNonGeneric>
mailing lists are tough since that was way before my time

[23:35:00.0760] <DerekNonGeneric>
maybe an email is the best way to make things happen in here, so far no complaints

[23:57:42.0935] <zcorpan>
hsivonen: I found https://lists.w3.org/Archives/Public/public-whatwg-archive/2008Mar/0023.html

[00:02:01.0068] <annevk>
hsivonen: I found https://lists.w3.org/Archives/Public/public-whatwg-archive/2007Jun/thread.html#msg217 and https://github.com/whatwg/html/commit/351f1aefeb0082cf88f5c0c94983d10a552b0d35 (also https://github.com/whatwg/html/commit/5cef9e088cc04f24debe53104fd4fb2b7731b4bc)

[00:03:44.0045] <annevk>
hsivonen: those are the first commits made to the entity part of the parser section since the initial checkin of Web Apps 1.0 (and since they were in June 2007 it was rather easy to find corresponding emails); and just before the introduction of the term of ambiguous ampersands, which seems to be only there for non-normative purposes?

[00:04:42.0496] <hsivonen>
Did ambiguous ampersand gain normative conformance significance only later?

[00:05:46.0135] <annevk>
hsivonen: I think the introduction of a specific parser state for it is a much more recent (supposedly editorial) refactoring of the entity part of the parser section

[00:05:55.0427] <annevk>
If that's what you mean

[00:06:17.0975] <hsivonen>
It looks like I might have said something that could be read to be in favor of the ambiguous ampersand error tweak. 😬

[00:06:53.0249] <hsivonen>
> <@annevk:mozilla.org> If that's what you mean

I mean the change that made certain ampersands into non-errors. Not sure if it coincided with a parser state for that purpose.

[00:07:02.0498] <annevk>
hsivonen: you mean https://lists.w3.org/Archives/Public/public-whatwg-archive/2007Jun/0281.html? :-)

[00:07:40.0244] <annevk>
hsivonen: oh, I think that was all done in that time, not later (probably as part of those changes)

[00:07:56.0259] <annevk>
That is, in June 2007

[00:09:56.0006] <hsivonen>
> <@annevk:mozilla.org> hsivonen: you mean https://lists.w3.org/Archives/Public/public-whatwg-archive/2007Jun/0281.html? :-)

I mean the "Using a markup-significant character in URLs was a bad design choice" that Hixie attributed to me in https://lists.w3.org/Archives/Public/public-whatwg-archive/2008Mar/0023.html though I don't find the email of mine that's being quoted.

[00:11:32.0395] <hsivonen>
I believe the conformance change was around 2011. I'd like see what example cases were given so that I could land a test case with those.

[00:16:41.0882] <annevk>
hsivonen: oh okay, I guess I did go through git blame by first looking for the introduction of ambiguous ampersand and then seeing what was changed to the entity part of the parser section... So if there was some kind of conformance change later I would have missed it

[00:21:40.0777] <annevk>
hsivonen: https://github.com/whatwg/html/commit/259c0608d4bd89528eb6a823bb468836daa50176 maybe? https://github.com/whatwg/html/commit/1eb194f229a6e481f313320a396b9da99b9f0706 is the most recent normative change to entity parsing afaict (2013).

[00:22:38.0287] <annevk>
Methodology: git blame, search for "Consume the maximum number of characters possible", and then look at changes while skipping over editorial work

[00:25:48.0187] <hsivonen>
annevk: Thanks! I think https://github.com/whatwg/html/commit/259c0608d4bd89528eb6a823bb468836daa50176 is it. I'm surprised that the corresponding bug was filed by Maciej. I expected to find a W3C Bugzilla bug with zcorpan arguing in favor and me arguing against.

[01:00:49.0162] <hsivonen>
sideshowbarker: Experimentally, I'm now rather convinced that your ambiguous ampersand patch works if the review comments are addressed. I still don't understand why it works, and I think it would be good if I understood why. (Particularly, how the unusual reading of the next character in the `AMBIGUOUS_AMPERSAND` state and the transition to `DATA` works if the input buffer ends right there vs. doesn't end right there. I guess I'll step through it in Pernosco, to see how it works.)

[02:39:51.0390] <Ms2ger 💉💉>
Does JS define the order of iteration for the declaratively defined properties on prototypes?

[03:38:50.0658] <hsivonen>
> <@hsivonen:mozilla.org> sideshowbarker: Experimentally, I'm now rather convinced that your ambiguous ampersand patch works if the review comments are addressed. I still don't understand why it works, and I think it would be good if I understood why. (Particularly, how the unusual reading of the next character in the `AMBIGUOUS_AMPERSAND` state and the transition to `DATA` works if the input buffer ends right there vs. doesn't end right there. I guess I'll step through it in Pernosco, to see how it works.)

I need a more evil test case. The line that I didn't understand wasn't executed.

[05:13:13.0315] <Sam Sneddon [:gsnedders]>
> <@ms2ger:igalia.com> Does JS define the order of iteration for the declaratively defined properties on prototypes?

iterating how?

[05:14:26.0617] <Ms2ger 💉💉>
`Object.getOwnPropertyNames(Array.prototype)`, say

[05:16:12.0917] <hsivonen>
sideshowbarker: So, I'm looking at the `AMBIGUOUS_AMPERSAND` state and thinking "do we need this line"? And it's looking a lot like we could get rid of the whole state by inlining the error-if-semicolon check to all places that transition to `AMBIGUOUS_AMPERSAND`. What am I missing?

[05:16:55.0459] <hsivonen>
It quite possible that I'm missing something

[05:26:18.0747] <hsivonen>
Wow. After manually inlining stuff back and looking at the diff, it all makes sense! I'll clean this up a bit and will post an alternative PR.

[05:44:38.0514] <hsivonen>
> <@hsivonen:mozilla.org> Wow. After manually inlining stuff back and looking at the diff, it all makes sense! I'll clean this up a bit and will post an alternative PR.

Cleaned up: https://github.com/validator/htmlparser/pull/50

[09:24:04.0970] <Domenic>
> <@ms2ger:igalia.com> Does JS define the order of iteration for the declaratively defined properties on prototypes?

Pretty sure no. Recently I think function "length" and "name" got a defined order but most of the others not.

[09:24:16.0467] <Domenic>
Folks in #tc39-general:matrix.org might know more.

[14:00:29.0085] <zcorpan>
hsivonen: yeah I think I was always against allowing unescaped ampersands. I still think it's not great

[14:24:40.0527] <zcorpan>
sideshowbarker: oh no. https://www.w3.org/html/wg/spec/ exists and people link to it on twitter

[14:25:44.0590] <miketayl_r>
2010 was a great vintage for HTML

[14:31:35.0963] <zcorpan>
those were good times certainly

[14:32:14.0550] <zcorpan>
remember Google Gears?


2021-08-21
[18:11:07.0729] <sideshowbarker>
> <@zcorpan_:matrix.org> sideshowbarker: oh no. https://www.w3.org/html/wg/spec/ exists and people link to it on twitter

thanks for heads-up — I’ll redirect that

[18:16:38.0328] <sideshowbarker>
> <@hsivonen:mozilla.org> sideshowbarker: So, I'm looking at the `AMBIGUOUS_AMPERSAND` state and thinking "do we need this line"? And it's looking a lot like we could get rid of the whole state by inlining the error-if-semicolon check to all places that transition to `AMBIGUOUS_AMPERSAND`. What am I missing?

That sounds pretty encouraging. I haven’t actually looked at that code in more than a year. And every time I went in to touch it before, my approach was pretty heavily just a lot of trial-and-error bashing. One fundamental thing I’ve always found disorienting  in there is that the fact that some of the logic in the state transitions are different than the pseudo-code in the spec — though they achieve the same end result.

[18:19:18.0255] <sideshowbarker>
> <@hsivonen:mozilla.org> Cleaned up: https://github.com/validator/htmlparser/pull/50

I’ll take a look this weekend or early next week. But I’m pretty thrilled it turned out to be possible to reduce it to what you describe. The way I had it written was opaque even to me — so it also would be have been problematic to maintain.

[18:28:00.0197] <sideshowbarker>
> <@hsivonen:mozilla.org> sideshowbarker: So, I'm looking at the `AMBIGUOUS_AMPERSAND` state and thinking "do we need this line"? And it's looking a lot like we could get rid of the whole state by inlining the error-if-semicolon check to all places that transition to `AMBIGUOUS_AMPERSAND`. What am I missing?

 * That sounds pretty encouraging. I haven’t actually looked at that code in more than a year. And every time I went in to touch it before, my approach was pretty heavily just a lot of trial-and-error bashing. One fundamental thing I’ve always found disorienting  in there is the fact that some of the logic in the state transitions are different than the pseudo-code in the spec — though they achieve the same end result.

[18:28:16.0558] <sideshowbarker>
 * That sounds pretty encouraging. I haven’t actually looked at that code in more than a year. And every time I went in to touch it before, my approach was pretty heavily just a lot of trial-and-error bashing. One fundamental thing I’ve always found disorienting  in there is the fact that some of the logic in the state transitions is different than the pseudo-code in the spec — though they achieve the same end result.

[18:28:54.0269] <sideshowbarker>
 * That sounds pretty encouraging. I haven’t actually looked at that code in more than a year. And every time I went in to touch it before, my approach was pretty heavily just a lot of trial-and-error bashing. One fundamental thing I’ve always found disorienting  in there is the fact that some of the logic in the state transitions is different than the pseudo-code in the spec — though the logic achieves the same end result as the spec pseudo-code logic.

[18:29:18.0415] <sideshowbarker>
> <@hsivonen:mozilla.org> Cleaned up: https://github.com/validator/htmlparser/pull/50

 * I’ll take a look this weekend or early next week. But I’m pretty thrilled it turned out to be possible to reduce it to what you describe. The way I had it written was opaque even to me — so it also would’ve been problematic to maintain.


2021-08-22

2021-08-23
[02:42:45.0664] <hsivonen>
What's the deal with the "Relevant links" text at https://wpt.fyi/results/html/browsers/browsing-the-web/read-media/pageload-video.html?label=master&label=experimental&aligned being so hard to select in Firefox?

[02:46:51.0591] <annevk>
hsivonen: looks like it's probably shadow tree selection

[02:47:14.0864] <hsivonen>
> <@annevk:mozilla.org> hsivonen: looks like it's probably shadow tree selection

Thanks.

[02:48:08.0322] <hsivonen>
Now we have a dogfood use case for selection in shadow tree, then. :-)


2021-08-24
[00:42:19.0056] <Sam Sneddon [:gsnedders]>
can anyone think of an IDL dictionary type with multiple uses in commonly used APIs? (versus dictionaries that are typically only used with a single API)

[00:46:41.0285] <Ms2ger 💉💉>
Does it count that fetch() and new Request() both take RequestInit?

[05:37:47.0594] <Florian Scholz>
`DOMPointInit`? (used in svg, webxr, and other APIs dealing with coordinates)

[09:17:50.0208] <annevk>
`StructuredSerializeOptions` (maybe at some point we ought to decide on Options vs Init)

[16:17:15.0842] <Adam Rice>
IMO: Options -> controls the behaviour of the constructed object; Init -> copied verbatim into the constructed object


2021-08-25
[18:46:16.0872] <bakkot>
has there ever been discussion of making XPathResult iterable?

[18:46:30.0339] <bakkot>
every time I write `while (next = result.iterateNext())` I feel slightly unclean

[18:55:52.0929] <sideshowbarker>
bakkot: I think we don’t even have proper spec for XPathResult

[18:59:14.0462] <bakkot>
oof

[21:23:08.0315] <sujaldev>
what is a foreign element in the html tree construction stage?

[22:40:18.0319] <sideshowbarker>
sujaldev: an element in the SVG or MathML namespace

[22:40:44.0940] <sideshowbarker>
 * sujaldev: an element in the SVG namespace or an element in the MathML namespace

[23:42:01.0556] <sujaldev>
ok but how do you know, where did you find this?

[23:43:59.0223] <sideshowbarker>
It's in the spec, in the parsing algorithm

[23:44:27.0764] <sujaldev>
oki Thank you!

[23:49:21.0926] <sideshowbarker>
You want to look at the call sites that call the parts that have to do with handling "foreign element", and look at call parameters, or see what the conditions are that lead to those calls getting made

[23:50:16.0732] <sideshowbarker>
I'd look it up but I'm on from my phone and also a bit preoccupied

[23:51:13.0251] <sujaldev>
yeah no problem, I was getting an idea from the name that any non html tag would be considered foreign just wanted to make sure.

[23:51:32.0945] <sujaldev>
by the way, if I don't want to parse foreign elements

[23:52:02.0218] <sujaldev>
are there any parts in the specs that become irrelevant for me?

[23:53:14.0799] <sujaldev>
I just want to implement a simple html parser, no handling for wrongly nested content, no namespaces, just valid html.

[23:58:14.0362] <sideshowbarker>
I don't think anybody would recommend you do that

[23:59:03.0404] <freddy>
you can implement an html parser, but it will be hard to implement a simple _html_ parser :|

[23:59:10.0158] <freddy>
 * you can implement an html parser, but it will be hard to implement a _simple_ html parser :|

[23:59:20.0071] <sideshowbarker>
You would end up with something that doesn't parse HTML the same way that browsers do

[23:59:58.0042] <sideshowbarker>
And that would make the parser not very useful for anything in practice

[00:00:20.0682] <freddy>
Admittedly, I don't know your use case, but there are security risks.

[00:01:30.0060] <sujaldev>
my use case being a school project, I thought building it would be fun(it is fun just not when under pressure) easy and quick. Now, I have missed several deadlines.

[00:01:45.0434] <sujaldev>
> <@sideshowbarker:mozilla.org> And that would make the parser not very useful for anything in practice

which part causes that?

[00:01:52.0363] <sujaldev>
the no support for misnested tags?

[00:02:03.0811] <sujaldev>
or the no support for namespaces?

[00:02:40.0595] <sideshowbarker>
But if you really wanted to do that I guess you'd make certain steps a no-op rather than doing what the spec says

[00:03:03.0855] <freddy>
For a school project, I'd re-use an existing parser. There are many useful parsers out there. When on a web page, just use the JS DOMParser API. When in Python use html5lib, Rust has html5ever

[00:03:21.0854] <freddy>
there's also a java parser

[00:03:49.0864] <sideshowbarker>
Or else make them fatal parsing failures

[00:04:04.0968] <sujaldev>
> <@sideshowbarker:mozilla.org> But if you really wanted to do that I guess you'd make certain steps a no-op rather than doing what the spec says

I am doing something similar:
I just raise a NotImplementedError wherever I feel the feature isn't quite necessary

[00:04:05.0043] <sideshowbarker>
You can decide on your own what you want to no-op or fail on

[00:05:36.0192] <sujaldev>
> <@fbraun:mozilla.org> For a school project, I'd re-use an existing parser. There are many useful parsers out there. When on a web page, just use the JS DOMParser API. When in Python use html5lib, Rust has html5ever

using a library would mean I'd have to be able to answer all questions related to that library, so instead I am just writing my own, that way I understand...

[00:06:11.0506] <sujaldev>
one Thing i am really confused about is

[00:06:24.0157] <sujaldev>
what's next step after creating the dom

[00:06:27.0504] <sujaldev>
and the cssom

[00:06:37.0640] <sujaldev>
I know the render tree is to be created

[00:06:56.0713] <sujaldev>
but where I do find the specs?

[00:08:03.0902] <freddy>
https://html.spec.whatwg.org/multipage/parsing.html

[00:08:53.0228] <sujaldev>
yeah this page I know about, but where are the step in this to combine cssom tree and the dom tree?

[00:09:38.0960] <freddy>
maybe this non-normative reference is helpful? https://developer.mozilla.org/en-US/docs/Web/Performance/How_browsers_work#building_the_dom_tree

[00:10:02.0732] <freddy>
at this point, you'll end up in all sorts of other specs, including the DOM and the CSS specs

[00:12:09.0440] <sujaldev>
articles like these are helpful but do not provide the standard way to do it, like parsing is defined 

[00:14:23.0688] <freddy>
I don't want to stop you from learning. Trying hard stuff yourself is a great way to learn, but it seems to me that you're doing something that I wouldn't even take on myself :-) just so you don't dig yourself a hole too deep to get out of.

[00:16:07.0752] <sujaldev>
at this point, I can't really switch projects. Looks like I am already stuck in the deep hole...

[00:17:29.0803] <sujaldev>
Maybe I'll just use something like pyqt's web view as a last resort.

[00:20:11.0661] <sujaldev>
Thank you all for your help!

[00:20:11.0920] <freddy>
talk to your advisor when things get messy. At best, they will appreciate the attempt. Going back to your CSS question, I honestly don't know. parsing seems to be here https://www.w3.org/TR/css-syntax-3/ but there are various other specs in https://www.w3.org/TR/css-syntax-3/

[00:22:00.0595] <sujaldev>
Yes I implemented the css tokenizer and parser from this specification but after that I don't know which specification to implement next.

[00:23:39.0999] <freddy>
wow.

[00:24:03.0948] <sujaldev>
why? 😆

[00:24:28.0899] <freddy>
at this point, I'd make a plan with a list of things to do, finding out what's optional and what's required and maybe text rendering / layout will be tricky enough without css? :-) 

[00:25:28.0461] <sujaldev>
exactly but in the html specification many of the element's style is defined as css, that's why I _think_ css might be required.

[00:31:28.0720] <sujaldev>
Here's what I think but I could be very very wrong:
parse html
parse css
then follow the css' selector specification to parse css selectors
once we can parse css selectors we can find elements in the dom?
now that we can do that, we have to implement the specificity specification in the css
once we know which styles are more specific to one element and also we can parse css selectors, now we can locate elements in the dom based on css
and now we traverse through each element applying styles, eliminating elements that have display: none
we have the render tree now?
now that we have the render tree, we convert it into a layout tree using the box model specification?
now that we have the layout, we can just use your ui library to create elements for each object in the layout tree

[00:31:49.0180] <sujaldev>
(my browser doesn't support scripting)

[00:33:05.0423] <sujaldev>
again I could be entirely wrong here...

[00:38:19.0407] <freddy>
I think you could render things without CSS. but I have honestly no idea

[00:39:00.0872] <freddy>
maybe https://limpet.net/mbrubeck/2014/08/08/toy-layout-engine-1.html is interesting. not as a reference for how things ought to be done but for planning & scoping

[00:39:34.0683] <freddy>
he's also doing CSS first. maybe I'm wrong 😀

[00:39:50.0342] <sujaldev>
I read his article, even emailed him similar questions (no reply though)

[00:39:57.0410] <freddy>
ah :)

[00:40:56.0717] <sujaldev>
Thanks for your help anyways!

[01:23:23.0548] <zcorpan>
sujaldev: you might be interested in these in-progress books: https://browser.engineering/ and https://htmlparser.info/ 

[06:42:28.0155] <sujaldev>
woah! this is super helpful! how did you find this?

[06:48:29.0307] <Ms2ger 💉💉>
Well, he wrote one them :)

[06:48:41.0146] <Ms2ger 💉💉>
/write

[06:48:49.0925] <Ms2ger 💉💉>
 * //writes

[06:51:19.0900] <sujaldev>
🤯🤯🤯🤯

[06:51:59.0506] <Ms2ger 💉💉>
Looks like Matt Brubeck's no longer working on the web, sadly

[06:53:31.0360] <sujaldev>
Yeah I saw his resume, he's working in a company called FullStory

[06:55:45.0329] <sujaldev>
Btw, is getting into mozilla just as competitive as getting into companies like google or microsoft?

[06:56:24.0187] <sujaldev>
i assume many of the people in this group work at mozilla?

[08:29:16.0309] <miketayl_r>
hiring is complicated, and very different at each of these companies

[08:29:25.0060] <miketayl_r>
so not sure there's a useful answer for you sujaldev 

[08:29:30.0853] <miketayl_r>
^__^

[08:37:47.0260] <miketayl_r>
i was just reminded of when i interviewed at opera, i was living in NYC at the time and was just hit riding my bike under the BQE. but they bolted my arm together with some stainless steel so i was in the clear to fly to Oslo. at some point after interview 2 i was feeling some pain so i took some pain meds (hydrocodone?). later on andreas bovens told me that HR commented that my answers were very reserved and deliberate

[08:37:50.0813] <miketayl_r>
but i think i was just stoned?

[08:40:30.0461] <Ms2ger 💉💉>
Sure they didn't say "very reserved and deliberate... for a stoner"? :)

[08:40:37.0911] <miketayl_r>
lol


2021-08-26
[19:31:01.0196] <sujaldev>
> <@miketayl_r:mozilla.org> i was just reminded of when i interviewed at opera, i was living in NYC at the time and was just hit riding my bike under the BQE. but they bolted my arm together with some stainless steel so i was in the clear to fly to Oslo. at some point after interview 2 i was feeling some pain so i took some pain meds (hydrocodone?). later on andreas bovens told me that HR commented that my answers were very reserved and deliberate

🤣 but did you get the job afterwards?

[21:17:47.0506] <SDM WBE>
bkjasbc

[21:18:50.0795] <SDM WBE>
oh yeah... theres winners in here?

[21:21:57.0937] <sideshowbarker>
PSA: Many MDN pages are 404 right now. Known issue being tracked in https://github.com/mdn/content/issues/8314. Cause yet unknown — and I think it’s unlikely to be fixed until several hours from now, when Europe comes online and somebody from the dev team can start troubleshooting it.

[21:23:27.0984] <SDM WBE>
   hi

[22:11:03.0915] <mithedestroyer>
 njknk

[22:11:06.0333] <mithedestroyer>
mom

[22:11:08.0653] <mithedestroyer>
njnj\

[00:25:44.0220] <freddy>
miketayl_r: to be fair, I assume when you interviewed at Opera was long before the tech job hype-cycle and resume or education mattered much less (especially if you had already proven to do good work elsewhere (open source, browsers, web, ..).

[02:11:52.0142] <Sam Sneddon [:gsnedders]>
> <@fbraun:mozilla.org> miketayl_r: to be fair, I assume when you interviewed at Opera was long before the tech job hype-cycle and resume or education mattered much less (especially if you had already proven to do good work elsewhere (open source, browsers, web, ..).

I mean it was post dot-com boom, which I'm sure one could argue was the first tech job hype-cycle 🙂 but also yes, Opera was always comparatively willing to hire people with less in the way of paper qualifications if there was proof of similar work being done elsewhere

[02:33:51.0647] <freddy>
True :) I admit my "hype cycle" phrasing was super ambiguous. I feel like 10 years ago, if someone didn't know what to study they picked business economics or law and now everyone seems to go into tech..

[04:17:40.0585] <sideshowbarker>
https://github.com/mdn/content/issues/8312 is a good “help wanted” issue for anybody looking to contribute to MDN who has some familiarity with service workers `cache.keys()` behavior 

[04:19:02.0022] <sideshowbarker>
basically amounts to:
1. Confirm what’s asserted in the issue description there is true.
2. Change a few examples to match what’s suggested in the issue description.

[05:05:08.0849] <zcorpan>
> <@sujaldev:matrix.org> exactly but in the html specification many of the element's style is defined as css, that's why I _think_ css might be required.

CSS isn't required to implement HTML, technically. Though rendering is defined in terms of CSS, non-CSS user agents are allowed. Even the "Visual user agents that support the suggested default rendering" conformance class can be non-CSS. https://html.spec.whatwg.org/multipage/infrastructure.html#conformance-classes https://html.spec.whatwg.org/multipage/rendering.html#introduction-16

[05:05:48.0681] <zcorpan>
I just realized "In general, user agents are expected to support CSS" puts a requirement for that conformance class

[09:54:02.0905] <sujaldev>
Even if I don't build a css parser and tokenizer (which I have already done with high amounts of bugs), don't I need the visual formatting model defined in the css specifications?

[11:51:43.0626] <zcorpan>
sujaldev: not to conform to the HTML standard. You can implement a different visual formatting model. I don't know much about alternatives, other than the non-CSS visual UAs I'm aware of are Terminal browsers like Lynx. That said, if you want to build something that resembles a modern browser, or get something that is compatible with general web content, then yes you will need to support CSS


2021-08-27
[20:10:07.0140] <sujaldev>
oki, I  think I'll try to implement css, thanks for your help!

[09:39:35.0525] <TabAtkins>
famous last words

[11:30:13.0371] <aja>
ambitious for a school project? 🤣

[11:52:22.0978] <Domenic>
CSS parsing is somewhat doable, but once you start doing computations based on it (e.g. layout) then it becomes much harder.

[11:53:01.0450] <Domenic>
E.g. jsdom reads and parses stylesheets, but our getComputedStyle() only implements parts of the cascading logic, and our getBoundingClientRect() returns { 0, 0, 0, 0 }

[13:45:45.0599] <TabAtkins>
Yeah parsing is easy. Layout is *hard*.

[13:46:09.0411] <TabAtkins>
then there's a continuum between those two points


2021-08-28
[23:13:41.0696] <sujaldev>
> <@tabatkins:matrix.org> Yeah parsing is easy. Layout is *hard*.

😰

[23:14:40.0687] <sujaldev>
parsing is all I have been able to do till now (I though this was hard)

[03:34:05.0051] <sujaldev>
my html parser is finally working though (with bugs)

[16:13:51.0095] <GPHemsley>
hmm... I don't have merge access to mimesniff?

[16:14:36.0708] <GPHemsley>
or, in fact, admin access at all

[16:15:46.0284] <GPHemsley>
wait, maybe that's not exactly true... the GitHub UI doesn't make it clear _what_ access I have

[16:33:25.0787] <GPHemsley>
annevk: Something is odd. Can you look into this?


2021-08-29
[08:36:02.0300] <TabAtkins>
sujaldev: Parsing is definitely hard at first! I've been deep in parsing for a long time (I wrote the CSS Syntax spec), so my difficulty judgement is a bit skewed. ^_^ Which should be an indicator of how hard *layout* is, tho.


2021-08-30
[00:50:11.0782] <annevk>
GPHemsley: you have write access

[01:15:36.0916] <annevk>
At least back in the CSS 2.1 I heard claims that layout wasn't that hard (modulo some tricky bits), but that dynamic layout is. That is, there were independent layout engines, but they didn't allow node tree manipulation and adjust layout accordingly. But that was like fifteen years ago so...

[05:51:16.0020] <Luca Casonato>
What exactly is the spec basis for the "Revoke blob URL after creating Request, will fetch" WPT from FileAPI/url/url-with-fetch.any.js succeeding?

[05:53:03.0802] <Luca Casonato>
The test says that "Request should take a reference to the blob as soon as it receives it in open()". There is no `open()` in spec or in the Request though, and there is no relevant steps in the `Request` constructor as far as I can tell.

[05:53:15.0355] <Luca Casonato>
 * The test says that "Request should take a reference to the blob as soon as it receives it in open()". There is no `open()` in spec or in the test though, and there is no relevant steps in the `Request` constructor as far as I can tell.

[05:53:57.0906] <Andreu Botella (he/they)>
The URL parser sets the url's "blob URL entry" at the time of parsing (https://url.spec.whatwg.org/#url-parsing step 4(

[05:54:02.0705] <Andreu Botella (he/they)>
 * The URL parser sets the url's "blob URL entry" at the time of parsing (https://url.spec.whatwg.org/#url-parsing step 4)

[05:54:37.0609] <Luca Casonato>
Ok, TIL. Thats magical

[05:54:42.0958] <Andreu Botella (he/they)>
yep

[05:55:05.0329] <Luca Casonato>
I feel like this is a test directly taken from XMLHttpRequest (which does have `.open()`) - that would explain the comment in the test at least

[06:04:31.0204] <smaug>
hmm, https://html.spec.whatwg.org/#focus-processing-model:shadow-including-inclusive-ancestor why top level bc has such special case?

[07:00:09.0563] <annevk>
Luca Casonato: seems likely, comment can be updated


2021-08-31
[19:50:13.0731] <GPHemsley>
> <@annevk:mozilla.org> GPHemsley: you have write access

I was unable to merge https://github.com/whatwg/mimesniff/pull/142 because main is a protected branch and I wasn't authorized

[00:26:11.0945] <hsivonen>
Do I understand correctly that there are no normative requirements on the user agent style sheet(s) for media documents?

[00:27:14.0716] <Ms2ger 💉💉>
I don't recall seeing any when I last looked, but that was probably five years ago at least

[00:30:41.0346] <hsivonen>
Thanks.

[00:48:59.0051] <annevk>
smaug: unless you have an objection to the things presented in https://github.com/whatwg/dom/pull/1009 I'm inclined to merge it as it meets all the criteria as far as I can tell

[00:49:48.0875] <annevk>
GPHemsley: ah, yeah, we have main branch protection, let me add you to the exception list (it's currently empty)

[00:51:02.0872] <annevk>
GPHemsley: status checks are enforced at the moment so any changes will have to go through a PR; reviews are not

[00:53:20.0554] <annevk>
hsivonen: I sometimes wonder if we should make normative requirements on them, at least when they are not top-level or appear in a controlled popup

[01:39:10.0609] <smaug>
annevk: added a comment. I think that is fine addition to DOM, but the performance tests look rather bogus to me, and they seem to mostly test some inefficiency in some particular Range implementation. 

[01:48:23.0158] <smaug>
 * annevk: added a comment. I think that is fine addition to DOM, but the performance tests look rather bogus to me, and they seem to mostly test some inefficiency of some particular Range implementation.

[01:48:41.0211] <smaug>
 * annevk: added a comment. I think that is fine addition to DOM, but the performance tests look rather limited to me, and they seem to mostly test some inefficiency of some particular Range implementation.

[01:49:04.0835] <smaug>
 * annevk: added a comment. I think that is fine addition to DOM, but the performance tests look rather limited to me, and they seem to mostly test some inefficiency in some particular Range implementation.

[02:21:05.0837] <zcorpan>
hsivonen: are you able to review https://github.com/whatwg/html/pull/5959 ?

[02:21:39.0959] <hsivonen>
> <@zcorpan_:matrix.org> hsivonen: are you able to review https://github.com/whatwg/html/pull/5959 ?

Looking

[02:42:39.0333] <hsivonen>
> <@hsivonen:mozilla.org> Looking

Commented.

[02:45:02.0902] <zcorpan>
hsivonen: thanks. speculative parsing occurring when there isn't a blocking <script> is new to me

[02:46:35.0628] <hsivonen>
Hmm. I thought that Firefox can start speculative fetching the resources found by non-speculative parsing before the corresponding nodes end up in the DOM, but now that you say that, I need to check if that actually happens.

[02:53:24.0125] <hsivonen>
> <@hsivonen:mozilla.org> Hmm. I thought that Firefox can start speculative fetching the resources found by non-speculative parsing before the corresponding nodes end up in the DOM, but now that you say that, I need to check if that actually happens.

From a quick source inspection, it looks to me that Firefox can speculatively start fetching non-speculatively-found URLs before the corresponding elements end up in the DOM, but if you've not seen it when observing Firefox opaquely, I'm not 100% sure.

[02:54:45.0792] <hsivonen>
Not sure how you'd observe this from a script, but this should happen if you have a huge scriptless document with a bunch of images.

[03:20:47.0879] <annevk>
smaug: yeah, I was wondering how specific it would be to WebKit/Chromium

[03:33:10.0452] <sujaldev>
> <@tabatkins:matrix.org> sujaldev: Parsing is definitely hard at first! I've been deep in parsing for a long time (I wrote the CSS Syntax spec), so my difficulty judgement is a bit skewed. ^_^ Which should be an indicator of how hard *layout* is, tho.

do you have any suggestions on how I could make something simpler for the layout part? (assuming its possible)

[04:14:18.0432] <freddy>
I liked the suggestion (somewhere way above) to find out more about non-conforming layouts (e.g., from browsers like lynx)

[04:39:48.0097] <sideshowbarker>
https://github.com/mdn/content/issues/8486 could use help from somebody with good WebGL familiarity. Basically adding a few more sentences of explanatory text to an existing tutorial.

[04:47:40.0332] <zcorpan>
hsivonen: ok, yeah, speculative fetches from non-speculative parsing isn't news and the spec should allow for that to happen. I thought you asked for speculative *parsing* to be allowed without blocking <script>s

[04:49:31.0389] <zcorpan>
hsivonen: as for speculative fetches while looking for a meta charset... if we are to change the spec to run the tree builder while looking for meta charset, that would be more natural to spec speculative fetches

[04:51:16.0542] <sideshowbarker>
https://github.com/mdn/content/issues/8448 could use some help from somebody with good 2dcontext familiarity. Basically just needs a comment to confirm whether or not what the OP is asserting is actually correct.

[05:22:35.0617] <hsivonen>
> <@zcorpan_:matrix.org> hsivonen: as for speculative fetches while looking for a meta charset... if we are to change the spec to run the tree builder while looking for meta charset, that would be more natural to spec speculative fetches

Indeed.

[05:39:12.0527] <zcorpan>
ty hsivonen ! that green tick feels magical, 1 year in 😀

[05:39:41.0145] <hsivonen>
> <@zcorpan_:matrix.org> ty hsivonen ! that green tick feels magical, 1 year in 😀

Sorry about the slowness.

[05:41:44.0672] <zcorpan>
no worries, it's slowness on my end as well I guess. maybe we can try fast-track changes in the future and sync better

[06:08:00.0822] <sujaldev>
> <@fbraun:mozilla.org> I liked the suggestion (somewhere way above) to find out more about non-conforming layouts (e.g., from browsers like lynx)

can't find any documentation or any such resource explaining it's internals

[06:11:06.0824] <sideshowbarker>
https://stackoverflow.com/questions/68993824/cors-issues-with-window-open-and-oauth2

[10:15:18.0964] <Domenic>
annevk: want to review https://github.com/whatwg/html/pull/7000 ?

[10:24:04.0306] <bakkot>
Domenic: re: https://github.com/tc39/proposal-iterator-helpers/issues/122#issuecomment-909427809: I think it's actually `stream[Symbol.asyncIterator]().map(...)`, which suggests maybe streams (or all web-platform iterables?) ought to have a more conveniently named method which exposes the iterator

[10:24:11.0878] <bakkot>
wait, unless there is such a method and I don't know about it

[10:25:15.0141] <Domenic>
bakkot: ah yeah, you're right. The method is .values()

[10:25:26.0799] <bakkot>
ah, excellent