| 00:53 | Philip` | finds half a dozen XSS vulnerabilities in cam.ac.uk pages |
| 00:54 | <Philip`> | (I'm surprised that most (i.e. more than 50%, though not a lot more) actually escaped their output correctly) |
| 00:54 | <Philip`> | *most forms |
| 01:06 | <dbaron> | So, a canvas text question: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-canvas.html#font has wording for em, ex, larger, smaller, bolder, lighter, etc. that is relative to computed values on the canvas element. If the canvas element isn't currently in the document, what computed values should be used? |
| 01:07 | <dbaron> | (We have an intern implementing this who wants to know... :-) |
| 01:08 | <Philip`> | dbaron: "If the computed values are undefined for a particular case (e.g. because the canvas element is not in a document), then the relative keywords must be interpreted relative to the normal-weight 10px sans-serif default." |
| 01:08 | <dbaron> | oh, right |
| 01:08 | <dbaron> | ok |
| 01:08 | <Philip`> | ( http://html5.org/tools/web-apps-tracker?from=1733&to=1734 ) |
| 01:08 | <Philip`> | (which was a couple of days ago) |
| 01:52 | <Philip`> | Ooh, success - a week after I complained, the IE8 Tech Beta newsletter got republished as PDF instead of OOXML |
| 01:55 | <Hixie> | oops |
| 01:55 | <Hixie> | my mail client stuck a ***DHSPAM*** marker on the last mail i sent |
| 01:55 | <Hixie> | i hope dave doesn't take offence |
| 02:46 | <dbaron> | Hmmm. So the changes annevk made in the editor's draft of css3-mediaqueries require failing the Acid3 media queries test. |
| 02:46 | <dbaron> | I think I preferred it the old way, too. |
| 02:47 | <othermaciej> | what are the changes? |
| 02:47 | <dbaron> | it's the question of whether "not all and (bogus)" should match |
| 02:47 | <dbaron> | the spec changed to say the query should be ignored |
| 02:47 | <othermaciej> | I see |
| 02:47 | <othermaciej> | but that breaks the logic of not, kind of |
| 02:47 | <dbaron> | whereas before unknown features always failed |
| 02:47 | <othermaciej> | the new way you describe seems less future-compatible |
| 02:48 | <dbaron> | probably, yeah |
| 02:48 | <dbaron> | I just won an argument with anne about a similar case for the media type part. |
| 02:48 | <dbaron> | But I hadn't noticed it had also changed for features. |
| 02:48 | <dbaron> | Or maybe I noticed but didn't realize it was a change. |
| 02:48 | <dbaron> | or something |
| 02:50 | <dbaron> | of course, i wrote a bunch of other tests now that depend on anne's way |
| 02:50 | <dbaron> | hooray for self-contradictory sets of regression tests |
| 04:30 | <Hixie> | so uh |
| 04:31 | <Hixie> | anyone remarked yet on the ultimate irony of sunava posting a link to an attachment on his internal corp e-mail as his feedback? |
| 04:31 | <roc> | you're tempting me to subscribe to public-html |
| 04:31 | <Hixie> | this was on public-webapps |
| 04:31 | <Hixie> | the new public-webapi / public-appformats list |
| 04:32 | <dbaron> | is that a working link or a requires-auth link? |
| 04:33 | <Hixie> | requires auth |
| 04:33 | <Hixie> | if one was cynical one could see this as yet another stalling tactic (they promised the feedback last november originally), but i honestly think in this case he just made a mistake |
| 04:33 | <dbaron> | I'm cynical. |
| 04:34 | <Hixie> | aha, he posted a new link |
| 04:34 | <Hixie> | http://code.msdn.microsoft.com/xdsecuritywp |
| 04:34 | <Hixie> | requires agreeing to a license |
| 04:34 | <dbaron> | read it carefully |
| 04:34 | <Hixie> | oooh, the license grants us their patents |
| 04:35 | <dbaron> | save a copy, then |
| 04:35 | <Hixie> | i ain't agreeing to it |
| 04:35 | <Hixie> | i'll ask him to forward the paper without the license |
| 04:35 | dbaron | heads home |
| 11:47 | <Hixie> | MikeSmith: see the bottom of the message i just sent |
| 11:47 | <Hixie> | nn |
| 11:48 | <MikeSmith> | Hixie: will do |
| 11:48 | <MikeSmith> | 'night |
| 13:29 | <zcorpan> | hmm, shouldn't <video controls> be considered interactive for the purposes of content models? |
| 13:29 | <zcorpan> | should user events on the native controls interface be eaten or not? |
| 13:30 | <roc> | they shouldn't be visible to content |
| 13:30 | <zcorpan> | makes sense |
| 16:18 | <zcorpan> | what should happen if you try to do HTMLMediaElement.empty = 42; or HTMLMediaElement.prototype.EMPTY = 42; ? |
| 16:20 | <zcorpan> | http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C!DOCTYPE%20html%3E%0A%3Cscript%3E%20Node.ELEMENT_NODE%20%3D%2042%3B%20w(Node.ELEMENT_NODE)%20%3C%2Fscript%3E |
| 16:20 | <zcorpan> | opera and firefox say 42, safari says 1 |
| 16:24 | <annevk> | 42 is obviously the correct answer |
| 16:24 | <annevk> | oh wait, that's what you set it to yourself |
| 16:24 | <annevk> | :) |
| 16:25 | <zcorpan> | i'd expected an exception to be thrown |
| 16:25 | <zcorpan> | same as readonly attributes |
| 16:25 | <zcorpan> | does webidl say? |
| 16:27 | <annevk> | i guess it should |
| 16:27 | <annevk> | setting .empty diretly shouldn't work though, I think |
| 16:28 | <zcorpan> | um, i meant .EMPTY |
| 16:29 | <zcorpan> | but why shouldn't it work? |
| 16:29 | <annevk> | .empty sounded readonly |
| 16:29 | <annevk> | .EMPTY is different :) |
| 16:30 | <annevk> | I guess WebIDL should say what happens when setting constants |
| 16:30 | <zcorpan> | there's no .empty on HTMLMediaElement |
| 16:30 | <annevk> | meh |
| 16:31 | <zcorpan> | web idl is public-webapps right |
| 16:32 | <annevk> | yeah |
| 16:53 | <zcorpan> | does ie support some constant in the dom? |
| 16:56 | <annevk> | I don't think so |
| 16:58 | <Philip`> | http://www.opera.com/docs/changelogs/linux/950/ - "Canvas.getImageData and Canvas.putImageData methods, including support for creating an ImageData object using the ImageData interface" - too bad it's a totally non-standard way of creating ImageData objects, and the standard way is not supported |
| 17:04 | <Philip`> | "xml tags within HTML documents are now given a documentElement attribute." - I don't see that... |
| 17:13 | <annevk> | Philip`, yeah, we should probably mention that |
| 17:15 | <Philip`> | (Also the path transformation thing is not fixed) |
| 17:19 | <Philip`> | (Also, there's a security bug) |
| 17:20 | <annevk> | bugs.opera.com/wizard |
| 17:22 | <annevk> | and :/ |
| 17:49 | <Philip`> | (annevk: https://bugs.opera.com/show_bug.cgi?id=337562) |
| 18:19 | <Philip`> | (I suppose it's not a particularly severe problem, since it reveals at most four bytes of memory, but it's the principle that matters) |
| 20:15 | hsivonen | is now curious about garbage collecting the XHR document |
| 21:03 | gsnedders | blames Hixie for making the spec so unclear |
| 21:03 | <Hixie> | well that's not one i can easily duck the blame on |
| 21:04 | <Hixie> | you know, all these people complaining about how xhr depends on html5 bring up a very good point |
| 21:04 | <gsnedders> | That HTML 5 should suck less? |
| 21:04 | <gsnedders> | :P |
| 21:04 | <gsnedders> | "Let candidate section be the section that contains the previous candidate section in the outline of current outlinee." — if it's the first time we're running that, _what_ previous candidate section? |
| 21:04 | <Hixie> | well no, it's just that if the people who want html5 split out for what they want, we'd just have a massive tangle of interdependent specs |
| 21:05 | <Hixie> | gsnedders: um |
| 21:05 | <gsnedders> | Hixie: Hey, you wrote that! :P |
| 21:05 | <Hixie> | i know, i know |
| 21:05 | <Hixie> | and this is the simplified version :-/ |
| 21:06 | gsnedders | wonders whether to be an asshole and just implement something HTML 4 like for TOC construction :P |
| 21:09 | <Hixie> | so would <body><h1> be a case where you hit that? |
| 21:09 | <gsnedders> | I haven't thought about how you'd hit it yet :P |
| 21:11 | <gsnedders> | Hixie: No, you wouldn't hit that |
| 21:11 | <Hixie> | <body><h1><h2>? |
| 21:11 | <gsnedders> | Hixie: You'd hit "If the current section has no heading, let the element being entered be the heading for the current section." |
| 21:11 | <gsnedders> | Hixie: That has an implied </h1>, right? |
| 21:11 | <Hixie> | yeah |
| 21:11 | <Hixie> | i don't see how you can hit this clause without a previous section |
| 21:12 | <gsnedders> | what's the previous candidate section though? |
| 21:13 | <Hixie> | the value of "candidate section" when you entered that step |
| 21:13 | <gsnedders> | Hixie: Huh? |
| 21:14 | <gsnedders> | Hixie: We don't change candidate section until then, so, what? The section before candidate section in the current outline? |
| 21:14 | <Hixie> | it's doing candidate section = outline of current outlinee . getSectonThatContains(candidate section) |
| 21:14 | <gsnedders> | OK. |
| 21:14 | <Hixie> | i'll rephrae it |
| 21:14 | <gsnedders> | please do |
| 21:15 | gsnedders | has no getSectonThatContains, hmm |
| 21:15 | <Hixie> | the only way you can hit this i think is <body><h1/><h2/><h2/> |
| 21:16 | <gsnedders> | Which _is_ kinda common :) |
| 21:16 | <Hixie> | while processing the second <h2>; and it'll get hit when candidate section is the section for the first <h2/> |
| 21:16 | <Hixie> | in which case you can always go up to the <h1>'s section |
| 21:16 | <gsnedders> | Yeah, right. |
| 21:16 | gsnedders | stops being confused |
| 21:17 | <Hixie> | it'll always work because the one case where it would fail is handled as the first "Otherwise" for heading content (before this sublist) |
| 21:17 | <gsnedders> | Yeah. |
| 21:17 | <Hixie> | clarification deployed |
| 21:17 | gsnedders | reloads |
| 21:18 | <gsnedders> | Yeah, that's clearer |
| 21:44 | <Hixie> | annevk: one way to sidestep a number of the problems w.r.t. the document becoming null (the issue relating to garbage collection for xhr) would simply be to say that the object in question can't be garbage collected while there's a reference to it from xhr. |
| 21:47 | <Hixie> | anyone need a dreamhost invitation code btw? |
| 21:48 | <krijn> | Not me |
| 21:48 | <krijn> | Add it to the issue tracker :) |
| 21:48 | <Hixie> | heh |
| 21:48 | <krijn> | If you know which, of course |
| 21:49 | <Hixie> | gsnedders: i added a bunch of xrefs in the outline section |
| 21:49 | <Hixie> | and an example |
| 21:49 | <gsnedders> | Hixie: thx |
| 21:51 | <gsnedders> | Hixie: How about something crazy like <body><section><h1>foo</h1></section><h1>Place me as a heading of the body, plz? |
| 21:51 | <Hixie> | what about it? |
| 21:51 | <gsnedders> | Hixie: A crazier example, that proves you can't just build a TOC sequentially (:() |
| 21:53 | <Hixie> | you can still do it in one pass |
| 21:53 | <Hixie> | you just have to buffer the outline of a section until you get its header |
| 21:54 | <Hixie> | it's far better style generally to create a data structure and then serialise it |
| 21:54 | <Hixie> | than it is to try and do it all at once |
| 21:54 | <Hixie> | especially in these days of ample ram |
| 21:56 | <gsnedders> | Hixie: Yeah, that's what I'm doing |
| 22:59 | Philip` | thanks the TV Licensing people, since he can't remember his house number or postcode but fortunately it's written on the front of a letter they sent some time last year (presumably demanding that it is highly illegal to not have a TV license (and clearly unthinkable to not have a TV) though I can't be sure since I haven't bothered opening the letter yet) |
| 23:23 | <Hixie> | dbaron: i can make it static |
| 23:23 | <dbaron> | Hixie, was it either before? |
| 23:23 | <Hixie> | dbaron: do you have the same request regarding 'currentColor' in the various places where that can be set? |
| 23:23 | <Hixie> | it was underdefined before |
| 23:23 | <dbaron> | for canvas colors? |
| 23:23 | <Hixie> | i hadn't really thought about it :-) |
| 23:23 | <Hixie> | yeah |
| 23:23 | <dbaron> | yeah, the same concerns would apply |
| 23:23 | <Hixie> | right-o |
| 23:24 | <Hixie> | will fix shortly, you can assume both will be static unless someone disagrees with your e-mail and gives a good reason why it should be dynamic |
| 23:25 | <dbaron> | FWIW, it's actually one of our interns (Eric Butler) working on this (this being fixing canvas text bugs). |
| 23:26 | <Philip`> | Seems a bit weird that ctx.font=ctx.font wouldn't be idempotent |
| 23:26 | <Philip`> | Uh |
| 23:26 | <Hixie> | dbaron: cool |
| 23:26 | <Philip`> | I don't mean idempotent |
| 23:26 | <Philip`> | I just mean it'd be a bit weird that it could have an effect |
| 23:26 | <dbaron> | we could make it live |
| 23:27 | <dbaron> | Though in some cases it could be a good bit of work for each text-drawing operation |
| 23:27 | <Hixie> | live seems complicated and bug prone to me, but i agree that setting something to itself having an effect is something i've tried to avoid before |
| 23:27 | <dbaron> | particurlarly if the canvas is deeply nested inside something that's display:none |
| 23:27 | <Philip`> | (but canvas.width=canvas.width already has a significant effect (clearing the canvas), so it wouldn't be any worse than that) |
| 23:27 | <Hixie> | yeah |
| 23:28 | <dbaron> | who else implements this part of the canvas text stuff? |
| 23:28 | <Philip`> | dbaron: Nobody |
| 23:29 | <Hixie> | it's very new |
| 23:29 | <Hixie> | i'm not aware of any implementations |
| 23:38 | <Hixie> | Lachy: you probably want to change the abstract for your draft |
| 23:39 | <Hixie> | er, the intro, i mean |
| 23:39 | <Hixie> | actually nm. |
| 23:39 | <Hixie> | i'm on crack,. |
| 23:40 | <Hixie> | re your namespaces section, the xml: prefix example is misleading since you never have to declare that prefix anyway |