2025-09-01 [05:37:50.0959] I assume there isn't any way to get single-page diffs for PRs? [05:40:19.0498] If you add `.diff` at the end of the URL like https://github.com/whatwg/html/pull/11543.diff you get the plain text diff, if that helps [05:40:20.0638] Reviewing especially larger PRs is a bit tricky when they are split to so many diffs [05:40:41.0665] I was thinking the spec preview diffs [05:40:55.0629] Ah, that I don't know [05:45:06.0019] Especially because cross linking seems mildly broken on the preview URLs [05:51:31.0707] (looking at ReferenceTarget atm, 16 diffs) 2025-09-02 [17:51:37.0631] I always just build locally. (But that doesn't give a HTML diff, just, the new HTML.) [17:52:36.0931] If someone was able to update PR preview to use https://github.com/whatwg/build.whatwg.org?tab=readme-ov-file#html-build , we could get singlepage builds and diffs (and also fix other things missed by the PR preview, like syntax highlighting or preprocessing). But I'm unsure how to maintain PR preview. [05:03:46.0337] Is it intentional that https://html.spec.whatwg.org/#clone-a-policy-container doesn't clone the integrity policy and report only integrity policy? [06:15:22.0086] Yoav Weiss: ^^^ [06:15:27.0471] Hey all! I am curios about the intended behavior of disabled on link elements with rel=stylesheet. From reading here: https://html.spec.whatwg.org/#attr-link-disabled it would seem that this allows one to queue up some stylesheets that can then later be fetched and applied (perhaps using something like intersection observer to load some CSS only when a specific component is about to enter the viewport). However, it seems that all but Safari will still download the CSS on page load. None of the browsers which fetches the CSS will apply it though. The only browser I have seen that seems to behave as I would expect is Safari. In Safari the CSS file does not end up in the network panel on page load i.e. not fetched. When I dynamically set disabled to false, it then fetches and applies the CSS as per (my understanding) of the specification. Here is a super minimal example: https://fjw3dm.csb.app/ [06:17:17.0613] @zcorpan - I don't remember it being intentional. Let me dig up the relevant PR [06:19:42.0866] Seems like it never came up in https://github.com/whatwg/html/pull/11334 and I missed it.. [06:31:33.0425] From looking at the spec seems like safari is in the right here. Relevant chromium bug: https://issues.chromium.org/issues/40286062 [06:33:09.0072] Ah. Awesome. Thank you, Noam. I wonder whether there is a bug on the Gecko side as well for this. 🤔 My Bugzilla foo is terrible, but then again they are on GitHub now, right? [06:35:39.0195] Their bug tracker is still in bugzilla [06:54:13.0851] Is it possible to run script in response to an AbortSignal aborting, but before its `abort` event fires? Basically I'm asking if the web platform has access to internal "abort algorithm" timing (before Observables, that is). [06:54:16.0806] * Is it possible to run script in response to an AbortSignal aborting, but before its `abort` event fires? Basically I'm asking if the web platform has access to internal "abort algorithm" timing (before Observables, that is)? [06:58:37.0455] I guess other specs that add an algorithm to the `AbortSignal`? [07:00:32.0027] (seems like the observable spec does this multiple times) but by "web platform" do you mean a general-purpose API that exposes this? [07:17:41.0029] No I mean indirectly. I looked at all references of "add an algorithm" and none of them *appear* to invoke user-provided script, so I don't think there is any way to register script that runs in response to an AbortSignal being aborted, at "abort algorithm" timing (before `abort` event) [07:17:50.0810] but I'm hoping somebody knows of one subtle instance that I don't know about! [07:22:26.0172] oh so you mean if there is an existing caller for "add an algorithm" that invokes a script. [07:23:45.0752] https://matrix.to/#/!JfcsmfWnEQHLwlMXiL:matrix.org?via=matrix.org [07:30:23.0228] Dominic Farolino: I am pretty sure streams add algorithms that reject promises as "abort algorithms". Promise rejections can invoke a script which would happen before the event is fired. Andreu Botella would be more of an expert though [07:40:44.0312] Rejecting a promise can cause script execution in a microtask, but if that happens when no script is running, then I think the microtask queue will only be drained after the next subsequent script execution [07:41:29.0308] So if none of the spec callers of "add an algorithm" invokes a script, then promise resolutions or rejections wouldn't cause a script execution before the event is fired [07:42:35.0160] * Rejecting a promise can cause script execution in a microtask, but if that happens when no script is running, then I think the microtask queue will only be drained after the next subsequent script execution (or when the current event loop task finishes) [07:50:53.0510] right, I had it in my head that "reject" calls "prepare to run script" but it doesn't, that would only happen in the microtask [08:00:02.0432] Yoav Weiss: OK, I can file an issue [09:18:02.0665] Noam Rosenthal: Andreu Botella: Can't reject / resolve with an object actually call the `.then` getter synchronously? [09:18:21.0430] (Not sure if that applies to the specific case you were discussing tho) [09:27:58.0179] I don't think so? It queues a microtask to do that here: https://html.spec.whatwg.org/multipage/webappapis.html#hostenqueuepromisejob [09:29:28.0380] ... though future callers of "add an abort algorithm" can fire an event or invoke a direct user callback... I don' t think this is prohibited [09:32:43.0276] Here is the Firefox one https://bugzilla.mozilla.org/show_bug.cgi?id=1376729 [09:46:08.0765] Dominic Farolino: I think you can get `readystatechange` events fired from XMLHttpRequest before the abort event 2025-09-03 [04:59:59.0720] I am staring at this part of the permission policy spec: https://www.w3.org/TR/permissions-policy-1/#declared-origin - it seems to imply that an iframe uses its src attribute to determine its "declared origin" and I don't understand how this makes sense, given that an iframe can be navigated and src won't change. [05:00:16.0469] > The declared origin concept is intended to represent the origin of the document which the embedding page intends to load into a frame. This means, for instance, that if the browser does not support the sandbox or srcdoc attributes, it should not take those attributes into account when computing the declared origin. [05:01:00.0632] If a page denies a frame access to e.g. geolocation, the frame shouldn't be able to get around it by navigating, right? [07:23:21.0932] Simon☀️: https://w3c.github.io/webappsec-permissions-policy/#declared-origin is the editor's draft But yeah, it uses the origin of the URL in `src` if `src` is present. Even if the frame has been navigated elsewhere. [07:27:13.0606] Simon☀️: https://w3c.github.io/webappsec-permissions-policy/#algo-process-policy-attributes is the relevant caller [07:42:59.0345] hmm, window.location = "foo"; consumes transient activation in Chrome. I wonder why 2025-09-04 [17:54:05.0432] This is absolutely nuts https://github.com/whatwg/html/issues/7939#issuecomment-3244466196 [00:11:01.0412] WHATNOT is in 50 minutes, add your agenda to https://docs.google.com/document/d/1D90QugzZZM6ga8k0ChMA7llmGFHcH9quDj4oCrgqtkE/edit?usp=sharing 2025-09-05 [05:05:58.0963] Can we switch to no line wrapping? re https://github.com/whatwg/html/issues/1059