2020-04-01 [19:46:47.0000] Domenic: do you know if Location in Blink was ever changed to inherit from URLUtils and then changed back? [19:47:44.0000] I mean similar to what happened in Gecko, with https://bugzilla.mozilla.org/show_bug.cgi?id=887364 changing Location and then https://bugzilla.mozilla.org/show_bug.cgi?id=1213815 changing it back [19:59:32.0000] MikeSmith: can't see anything in the history at least? [20:08:14.0000] gsnedders: same here [20:08:46.0000] I searched through change history for the source, also through bug tracker [20:10:44.0000] context is that I just want to update https://github.com/mdn/browser-compat-data/blob/master/api/Location.json#L342 to indicate there’s not password or username members for the interface in any current browsers [20:11:47.0000] but I know from experience with getting review on similar changes, reviewers aren’t gonna let me just change version_added: true to version_added: false there for Chrome [20:59:26.0000] FYI https://github.com/mdn/browser-compat-data/pull/5925 [00:18:10.0000] I've moved spec-factory to the WHATWG organization [00:18:32.0000] I'll add a README momentarily [01:41:50.0000] Oh wow, XMLHttpRequest uses "obtain unicode" [02:55:01.0000] /me wonders if MikeSmith could review https://github.com/whatwg/fullscreen/pull/167 [02:55:19.0000] /me looks [02:55:56.0000] annevk: yeah will do right now [03:35:35.0000] annevk: wow, just now took a trip down the location.ancestorOrigins rabbit hole [03:35:44.0000] via https://github.com/whatwg/html/issues/1918 and https://bugzilla.mozilla.org/show_bug.cgi?id=1085214 [03:42:32.0000] MikeSmith: I'm sad that didn't go anywhere, I put a lot of effort in that [03:42:40.0000] yeah I can see [03:42:54.0000] stalled about a year ago I guess [03:42:54.0000] At some point I should push for it again I suppose [03:43:27.0000] would be nice to get it resolved [03:44:30.0000] so about the history, I have gone back in time as a far as https://bugs.webkit.org/show_bug.cgi?id=83493, where it was first implemented in WebKit, but what’s the prehistory before that? [03:45:02.0000] MikeSmith: I think that's probably it [03:45:09.0000] OK good [03:45:24.0000] well then I was confused by a comment from Ian [03:45:34.0000] https://bugs.webkit.org/show_bug.cgi?id=83493#c19 [03:45:43.0000] “I'll make sure to either match implementations or not conflict on names when I spec this” [03:46:19.0000] I thought that implied some implementation prior to the WebKit one [03:47:10.0000] MikeSmith: implementation came first and Ian said that he might change semantics when speccing [03:47:16.0000] MikeSmith: and if he did, he'd change the name [03:47:30.0000] I see [03:47:46.0000] I guess the plural “implementations” there is what confused me [06:45:23.0000] I've updated branch protection rules for most repos and also enabled auto-deletion of branches belonging to merged PRs. If any of this sounds concerning or you run into something, now you know who to talk to. [08:33:57.0000] annevk: wrt the jsdom suggestion, I mean I think it'd be great for jsdom, but if the person proposing the change successfully implemented in an actual browser (and no existing WPTs broke) then I think it should be fine too [13:14:27.0000] TimothyGu: it’s somewhat seldom that those predate spec changes unfortunately [13:15:54.0000] Maybe not that unfortunate, but it means that some changes are tricky [14:59:15.0000] annevk: ping 2020-04-02 [17:35:01.0000] I see https://bugs.chromium.org/p/chromium/issues/detail?id=571722#c21 “User-Agent isn't currently allowed to be set. Mark the TestExceptations against it.” but I nothing in the current Fetch spec that disallows setting User-Agent in fetch requests [17:35:34.0000] not at https://fetch.spec.whatwg.org/#forbidden-header-name nor anywhere in the spec [18:10:03.0000] MikeSmith, related? https://www.zdnet.com/article/google-to-phase-out-user-agent-strings-in-chrome/ [18:11:20.0000] how about Sec-UA-* ? [18:12:43.0000] erm.... Sec-CH-UA-* [18:13:53.0000] https://wicg.github.io/ua-client-hints/#fetch-integration [20:05:18.0000] shu: kinda here now [23:12:59.0000] TabAtkins: I see I can push to Bikeshed master; if I did that, would api.csswg.org update automatically? [23:19:41.0000] annevk: yes [23:23:21.0000] TabAtkins: cool, rest assured, I'll make sure CI is passing [23:23:56.0000] And I need to wait for Domenic to wake up to align on some other bits [23:24:53.0000] Cross-repo-dependency count is at 16 [09:52:59.0000] what does it mean for the _active script_ in https://html.spec.whatwg.org/#hostenqueuepromisejob to be null? [09:53:35.0000] is it for the case for a web platform feature enqueuing a promise job without running author script? [09:55:13.0000] shu: sounds likely [09:55:37.0000] shu: "active script can be null if the user clicks on the following button:" [09:55:59.0000] ooh, doh, there's an example, thanks [09:56:34.0000] Domenic: am i reading that correctly then it's those other hooks that set up the execution context? i'm not really finding where that's done [09:57:21.0000] shu: if I understand what you mean, you are looking for https://html.spec.whatwg.org/#prepare-to-run-script ? [09:58:53.0000] Domenic: not quite, my confusion is: step 5 creates a new execution context to be pushed inside the microtask itself, to propagate active script forward in time. but if there is no active script, there must still be a JS execution context to run the microtask. where does that execution context come from? is it guaranteed to exist already on the stack due to the other import host hooks? [09:59:48.0000] prepare-to-run-script says it's propagated via the other settings objects [09:59:58.0000] shu: Ah. The execution context will then be the one pushed via step 6.2. [09:59:58.0000] just trying to put the pieces together with the settings objects stacks [10:00:23.0000] ah, beautiful, ty [10:00:43.0000] That doesn't seem particularly intentional FWIW... [10:01:05.0000] But I guess it works [10:01:43.0000] Domenic: probably won't have time to finish the .pr-preview.json cleanups today [10:01:55.0000] Domenic: if you could set up the remaining bits I can do it tomorrow though [10:02:42.0000] annevk: for sure, will do; meant to do it before you signed off but this morning got hit by some surprise issues [10:03:23.0000] Domenic: all good [14:58:27.0000] Someone should fix https://developer.mozilla.org/en-US/docs/Glossary/URI [15:07:24.0000] https://www.ryanpickren.com/webcam-hacking is quite something [15:07:32.0000] Lots of origin/URL-related madness [15:08:53.0000] It's mostly finding terrible corners of specs, and then finding corners of those corners that weren't implemented correctly, in order to create exploits. 2020-04-03 [18:57:28.0000] glad to see that `document.open`/`write` makes a cameo ;) [19:10:59.0000] Domenic: in the MDN annos, I’m noticing a weird bug that despite having spent time stepping through the code, I still have no insight about why it might be happening [19:11:05.0000] the bug is that in single-page output, some MDN annos that are present in the multipage output are not present in the single-page output [19:11:42.0000] compare https://html.spec.whatwg.org/multipage/webappapis.html#the-promiserejectionevent-interface to https://html.spec.whatwg.org/#the-promiserejectionevent-interface [19:12:21.0000] that bug is causing literally hundreds of annos to not appear in the single-page output [19:13:53.0000] can you think of any difference in how we do single-page output that might be the culprit? [19:15:22.0000] MikeSmith: I don't have enough of wattsi loaded into my head to really answer that, but I do remember vaguely running in to this sort of mystifying difference between the two... I can try to take a better look tomorrow. File a quick issue so that I have it in my inbox? [19:15:43.0000] Domenic: OK will do [19:15:59.0000] thanks [19:28:01.0000] https://github.com/whatwg/wattsi/issues/111 [19:28:33.0000] maybe one of the many other Free Pascal coders who hang out here will step in to fix it 😛 [20:09:59.0000] did import.meta.currentScript ever get past the multiple script issue [07:52:38.0000] devsnek: nope [07:53:50.0000] i guess you'd end up needing some sort of crazy event model for when a script uses the instance [09:00:12.0000] Domenic: wanna do the .pr-preview.json stuff today? [09:00:22.0000] annevk: yep, working on it now :) [09:00:47.0000] \o/ [09:10:56.0000] Domenic: if you know who from Google to copy on https://github.com/whatwg/html/pull/5425 that'd be good [09:11:25.0000] annevk: Eric Law is probably the right person for Chromium but maybe we can get someone from Google... [09:12:45.0000] k [10:04:43.0000] TimothyGu: ping? [10:04:56.0000] ecobos: pong [10:05:38.0000] TimothyGu: hey, I was unsure whether https://bugzilla.mozilla.org/show_bug.cgi?id=1627285#c1 was incomplete or something (or maybe I just didn't parse it properly, not a native english speaker) [10:05:48.0000] oops, clicked send too early [10:05:59.0000] TimothyGu: did you plan to send a fix? Or should I go ahead and send the patch? It's pretty trivial to fix [10:06:04.0000] I meant to say that I could help fix it in Firefox [10:06:11.0000] Yeah I actually just wrote one [10:06:17.0000] TimothyGu: ah, if you want to I won't stop you :-) [10:06:37.0000] TimothyGu: glad I asked before writing it then ;) [10:06:39.0000] TimothyGu: thanks! [10:18:41.0000] Domenic: hmm GitHub is having many issues, so not gonna risk it now [10:18:48.0000] Aww OK [10:19:05.0000] Domenic: how does Bikeshed get all the relevant data from a PR number alone? [10:19:21.0000] annevk: it turns out that's all the data you really need [10:19:27.0000] Previously we were linking to the PR's head commit [10:19:34.0000] Which required commit SHA + repo owner [10:19:50.0000] But if you take a step back, why would that be a good idea? Linking to the PR itself is much nicer. [10:20:11.0000] It just needed some extra work to add a dedicated PR preview template instead of reusing the commit snapshot one. [10:21:00.0000] Ah okay, I guess it is nicer to link to the PR as it might also change over time, just like the PR [10:21:41.0000] Domenic: you'd kinda think that pr-preview already has the PR number btw as that's used for the filename [10:22:07.0000] Yeah it does, you just need to pass it to Bikeshed. [10:23:16.0000] Oh right, these are Bikeshed instructions. Next level would be { src: "....bs", type: "whatwg" } I guess 2020-04-04 [09:54:58.0000] anyone on right now? i have an issue with iframes :( [09:56:24.0000] i'll just go ahead and rant, then [09:56:47.0000] i have a site with a page that is specifically intended for other sites to embed via iframe [09:57:30.0000] for the user's convenience, if the user is already logged in to my site they should be able to access their logged-in account via the iframe [09:57:53.0000] and this used to work but then browsers starting adding inconsistent/buggy support for 3rd party cookies [09:58:27.0000] so i thought, ok I don't really need a cookie, I could just store a session id with localStorage since all the access is with javascript I can just add that token in a header [09:58:58.0000] but the trouble is that localStorage seems to be blocked by browsers via the same setting that blocks 3rd party cookies [10:00:09.0000] so site A loads an iframe with a page from site B, and the iframe tries to store foo=bar in localStorage, the browser interprets that as a request to store under site A's local storage and that's blocked if the user has "block 3rd party cookies" [10:00:16.0000] Yes, I think browsers are generally moving away from letting iframes track people around the internet in that way [10:00:23.0000] localStorage, cookies, whatever [10:00:25.0000] yes but it's not about tracking users across sites [10:00:42.0000] it's about communicating with users of my own site [10:00:43.0000] Knowing who the user is (i.e., accessing their logged in account) is tracking them [10:00:52.0000] in fact I don't want my localStorage associated to site A at all [10:01:05.0000] I'd like a localStorage in an iframe that is associated only to the site the iframe came from [10:01:43.0000] The difficulty there is that the browser would need some guarantee that the embedding site never tells the iframe "I exist" [10:02:39.0000] there could have been some iframe option to say, allow iframe-origin localStorage and block postMessage at the same time [10:02:57.0000] It'd have to be stricter than that [10:03:28.0000] No headers, no query params... actually, I can't think of anything that would work, because you can just use the URL path [10:03:53.0000] E.g. [10:03:58.0000] if the parent site wants to leak the user's identity i don't think you can stop it [10:04:02.0000] Right [10:04:06.0000] Which is why browsers are doing this [10:04:13.0000] So that once it's leaked, there's no way to store it [10:04:29.0000] Domenic: using allow="" as additional guard for SAB postMessage() doesn't seem unreasonable to me, how serious is this proposal? Mainly wondering if you thought through all the changes required already. [10:05:07.0000] annevk: it is new and just something that came up. We have not thought it through very much but wanted to start a discussion earlier rather than later. [10:05:07.0000] Domenic: in particular, I'm wondering if it should influence the public crossOriginIsolated getter and perhaps availability of the SAB constructor [10:05:17.0000] Domenic: kk [10:05:52.0000] annevk: it's a bit weirder for Chrome since this is all about a future move to lock up SAB, instead of about how to expose SAB. [10:06:33.0000] Influencing SAB constructor makes sense, unsure about the crossOriginIsolated getter [10:06:50.0000] If the meaning of crossOriginIsolated is "powerful features available" then that makes sense [10:07:01.0000] If the meaning is "COOP+COEP enabled" then maybe not [10:07:11.0000] Probably "powerful features available" is more useful [10:13:56.0000] iframe with postMessage was a great solution to let a site integrate a feature from a second site, while protecting the javascript in both directions [10:14:37.0000] so trying to do this in a way that respects user privacy, meaning it still works with all privacy settings enabled (but still allowing javascript) [10:15:52.0000] can it still be done? if the user has an account at parent site and also on the iframe site, it seems like now the iframe will also need to have a login form inside [10:16:48.0000] definitely don't want the user to login through the parent site and reveal their credentials to some other site [10:16:58.0000] and if we develop a plugin now we have to do it separately for every browsre [10:17:00.0000] xalqor: I am not an expert, but my understanding is that yes, logging in a second time is the current direction browsers are heading. [10:17:57.0000] but it's not just a second time, it's also every time they visit the parent site -- because the iframe can't store the cookie or anything in localStorage to remember that session across reloads [10:19:00.0000] Hmm, I thought the plan was just a second time, i.e. you'd get a different storage partition for when you're top level vs. when you're embedded in site A vs. when you're embedded in site B. [10:19:20.0000] if 3rd party cookies & storage is blocked then it doesn't work [10:19:32.0000] and i don't want to tell my users to disable that setting -- because it affects them on all sites [10:19:52.0000] Well I guess that setting is basically saying "don't allow embedded iframes to store any state" so it makes sense that it would prevent use cases like that [10:21:42.0000] (embedded _third-party_ iframes, that is) [10:22:07.0000] yeah [10:24:03.0000] thanks for the chat, i will need to rethink how i'm doing this thing [10:25:39.0000] Happy to help! [10:42:06.0000] Domenic: I’d like to keep the number of (public) booleans down I think. It’s confusing enough as-is 2020-04-05 [12:35:12.0000] Would it make sense to update the definition of a date string, to allow a single digit for specifying the month/date? It'd be nice to remove the need for zero padding, when code setting the attribute doesn't have it by default. [12:35:39.0000] The particular use case I have is when programatically setting the max attribute on a date input. [13:07:55.0000] oliverdunk: it'd add parser complexity and I'm not sure it'd help with readability either [13:22:35.0000] annevk: It seemed like the "parse a date component" section would only need a small tweak, and I hoped the difference in readability was negligible. I trust your gut though, thanks for replying. [16:34:14.0000] botie, inform rniwa does the Safari version data at https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/slot#Browser_compatibility make any sense at all? It claims the "slot" attribute was “Implemented with the vendor prefix: -webkit-” in Safari 10 — though without the prefix in iOS Safari. It as never actually implemented as an attribute named "-webkit-slot" anywhere, right? [16:34:14.0000] will do 2020-04-06 [00:25:44.0000] Domenic: the one small downside from this .pr-preview.json change is that all PRs will need rebasing I think [00:34:08.0000] Domenic: all is ready to go now, I suggest we do it when you and I have some time in case of fallout [04:52:10.0000] FYI, one trick to make GH rebase the merge commit against latest master for webhooks etc is to close/reopen any PR (so long there is no conflict). [07:11:46.0000] annevk: now is a good time for me [07:12:32.0000] Domenic: okay, so first Tab's PR, then whatwg.org, then the .pr-preview.json ones? [07:12:47.0000] Yeah, I think that's it! [07:17:51.0000] Domenic: can you do https://github.com/whatwg/streams/pull/1034? [07:18:30.0000] Will do [07:20:47.0000] Given https://travis-ci.org/github/whatwg/compat/builds/671502607 I guess it takes some time for api.csswg to update [07:22:29.0000] I also see that we're getting a shellcheck warning for not using H1 anymore [07:23:05.0000] Uh oh [07:23:17.0000] I'll clean that up now [07:23:36.0000] I'm worried about the bikeshed update. Is it still stuck on Python 2? [07:24:08.0000] That's a good question sigh [07:24:40.0000] /me wonders if TabAtkins is awake [07:27:20.0000] Yeah what up [07:28:12.0000] The server is on py3 now and receiving webhook notifications, so should be picking up updates now [07:28:26.0000] Thanks! It does indeed seem to be working now [07:28:39.0000] That is, whatwg/compat just went successfully [07:29:11.0000] whatwg/dom looks good too [07:29:50.0000] Phew! [07:30:10.0000] Auto-deletion of branches is really nice [10:58:32.0000] Why can't we add multiple IDs to elements? [13:39:47.0000] microtasks queues are 1:1 with event loops, right? [13:55:44.0000] shu: correct in specs. I hear Chromium is not quite like that. [13:57:16.0000] Domenic: i see [13:57:32.0000] Domenic: the intended state we want is agent:event loop:microtask queue 1:1:1? [13:57:45.0000] shu: yes. That is also the state in specs currently. [13:57:50.0000] cool, thanks [13:59:06.0000] Domenic: to make sure i understand, that'd mean since same-origin iframes are never their own agents, they never have their own microtask queues [13:59:48.0000] shu: right. [14:00:23.0000] Otherwise order would be unpredictable between same-origin iframes, which is undesirable, since they can sync script each other already. [14:00:38.0000] yeah [14:00:53.0000] We should be able to assign multiple IDs to an element. I don't know why we cannot, aside from "it's been that way". [14:01:13.0000] there's (as always) weirdness in detached iframes, but... that'll get sorted out whenever detached iframes in general get sorted out, i guess [14:01:30.0000] I understand that browsers will try to act as a coverall for ID attributes containing whitespace, and will consider it as a part of the ID itself. [14:01:51.0000] But really, this happens because of the spec saying that there is only ever one value. Why can there only ever be one value? [14:02:38.0000] an ID can be used for many things, but one of the most common is for CSS selection. It is also used for other things, like various form controls to be hit with a element [14:03:32.0000] MassDebates: use classes, not IDs. [14:04:13.0000] classes can be space separated lists of names, and I don't see why IDs can't be the same. I understand that classes can be used for various CSS styling, but sometimes an ID is required. [14:09:16.0000] As is normal in many HTML attributes (like class), a space-separated pair of values inside of an or indicates multiple values are to be interpreted. Why do we make a special exception for IDs? Is there a purpose for this, or is this just "How its always been" ? [14:09:38.0000] Note: this isn't a query asking for alternatives to how something can be done without multiple IDs. This is a query asking why can't we have multiple IDs. [14:45:37.0000] The reason is because there are good alternatives, namely classes. [14:45:48.0000] If you remove the distinction between classes and IDs then there is no point in having both [14:45:55.0000] The unique feature of IDs is that each element only has one [14:46:08.0000] If you remove that then you make them the same as classes and then we have two features that are redundant. [15:08:58.0000] I disagree; the unique feature of IDs is that only element has it (in a valid page), thus it's an identifier for that element; the fact that an element can have only one is accidental and not part of the core semantic. [15:09:13.0000] *only one element [16:33:44.0000] (I don't think it's *worth* messing with IDs at this point, but them being limited to a single value has always been annoying. An element can be "the one X" for multiple roles; the fact that you can't do this has led me to generally just not use IDs at all, and exclusively use classes.) 2020-04-07 [02:06:15.0000] JakeA: I realized that one thing to remember when beating Apple over the Storage Access API is that the HTTP Clear-Site-Data header is still not properly defined either [02:06:46.0000] JakeA: defining Clear-Site-Data properly might actually give us some of the primitives we need to layer a Storage Access API on top that doesn't just do cookies [02:11:25.0000] annevk: Fair, but I'm not criticising Apple for not implementing Clear-Site-Data [02:12:05.0000] The narrative that bugs me is: Chrome is bad for not implementing our API / Ok then how does it work? / Dunno. [02:14:36.0000] So afaict it only affects cookies and it probably relies on something that's not specified in HTML, namely a document's cookie URL concept [02:14:49.0000] Cookies in general could really use some love [02:15:50.0000] But also, that narrative is something Firefox often gets as well and we end up fixing a lot of the mess Chromies left behind... [02:17:01.0000] Not really sure anyone is without blame here, but as long as we have similarish goals we should be able to figure something out [02:24:29.0000] There are loads of specs Chrome folks could be doing a better job on, absolutely [02:25:05.0000] I'm definitely not saying Chrome is blameless here [07:21:30.0000] Domenic: windows agent [07:23:35.0000] heh [07:49:16.0000] wow bugs in getElementById, that's pretty good [08:50:42.0000] DocumentFragment though, that's slightly more recent [08:52:22.0000] Fair, added in Oct 2013 [11:42:30.0000] annevk: Domenic: something came up during the blink side of implementing top-level await around document.write. i want to check my understanding of what ignore-destructive-writes counter is for, and then possibly propose something [11:43:16.0000] AIUI, that counter is intended so that only inline sync script tags has the legacy behavior of document.write() blowing away everything if there's no explicit document.open() [11:46:22.0000] now, with TLA, dan's current PR says so long as a promise resulting from a TLA is not settled, that counter is incremented [11:46:53.0000] it turns out this is not great to implement and has a runtime cost to distinguish those promises [11:47:58.0000] the current thinking is can we increment that counter to >0 the first time *any* module script tag is executed [11:48:36.0000] this is backwards breaking, but only for pages that mixes classic and module scripts, and uses destructive document.write, which i reckon is vanishingly small [12:58:07.0000] shu: sounds reasonable, not sure why we made it work there to begin with [13:00:07.0000] Bit surprising as I thought module scripts were delayed anyway [13:07:38.0000] shu: that sounds great, less document.write() in the wild is always a win. [13:10:06.0000] cool, though i'm still kinda confused about why, today, tasks queued from external classic scripts and modules are allowed to do destructive document.write()s [13:10:50.0000] tasks queued from external classic scripts doing destructive writes sounds like something the old web would rely on [13:11:18.0000] `setInterval(() => document.write(i++), 1000)` "look, babies Netscape 3 counter" [13:11:45.0000] right, that's believable [13:11:59.0000] Modules we were probably just trying to make modules more symmetrical with classic scripts [13:12:13.0000] I.e. treat them the same as external classic scripts [13:12:26.0000] and the separation of throw-on-dynamic-markup-insertion and ignore-destructive-writes is specifically that `document.open(); document.write(...); document.close();` is less bad? [13:13:40.0000] Not really. I think that was an instance that was more "disallow everything we dislike", so we were more aggressive: throwing instead of ignoring, for example [13:13:56.0000] We still weren't aggressive enough to just leave the counter forever higher than 0 if you use a custom element, but maybe we should have been [13:15:52.0000] specifically i'm wondering the motivation for not making external scripts increment throw-on-dynamic-markup-insertion as well. too much reasonable code relying on that? [13:17:59.0000] I think external classic scripts are probably untouchable [13:18:07.0000] But outside that invariant I think we have a good amount of freedom [13:18:36.0000] (Also, I think custom elements are probably widely deployed enough that we could not have them permanently disable document.write and friends.) [13:18:52.0000] i see. well, the proposal from the v8 engineer was to leave ignore-destructive-writes permanently >0 after the first module script tag is executed [13:18:57.0000] that *does* affect external classic scripts, if a page mixes them [13:18:58.0000] So for example we could switch all module scripts to permanently incrementing the throw counter, if we liked. [13:19:10.0000] you think that's fine? [13:19:21.0000] Oh, well, I think that's probably fine, if V8/Chrome is willing to risk it. [13:19:31.0000] And my judgment aligns with yours that it's probably rare. [13:19:48.0000] okay, yeah, i think we're willing to risk [13:21:18.0000] Awesome. So yeah I guess my main contribution is that I'd also be happy if you wanted to use the throw-on-dynamic-markup-insertion counter too. More risk, but more reward. [13:22:05.0000] trying to track down a use counter for document.write... i was hoping we'd have one [13:23:32.0000] We have document.open() at https://chromestatus.com/metrics/feature/timeline/popularity/2494 [13:23:52.0000] I would expect write() to be >= open() but I am not sure [13:25:29.0000] quite a lot, though it's the intersection with pages that have module scripts that matter [13:25:44.0000] doubt we have that level of info [13:26:34.0000] Right 2020-04-08 [18:30:39.0000] in documentation in interfaces defined with Web IDL in specs, is it OK to describe instances as “objects that are instances of the Foo interface”? [18:30:52.0000] *documentation on interfaces [18:32:03.0000] MikeSmith: technically it's "objects that implement the Foo interface" per https://heycam.github.io/webidl/#implements,https://heycam.github.io/webidl/#implements, but isn't it easier to say "Foo objects" [18:33:53.0000] TimothyGu: well the specific context I am trying to deal with is a general case, so I don’t have one specific Foo object in this context. [18:34:08.0000] lemme show you the exact wording I have... [18:34:39.0000] > See _Iterator-like methods_ in _Information contained in a WebIDL file_ for information on how an iterable declaration in an interface definition causes entries(), forEach(), keys(), and values() methods to be exposed in objects that are instances of the interface. [18:35:13.0000] where _Iterator-like methods_ hypertext is a link to https://wiki.developer.mozilla.org/en-US/docs/MDN/Contribute/Howto/Write_an_API_reference/Information_contained_in_a_WebIDL_file#Iterator-like_methods [18:35:58.0000] Okay. Yeah, "objects that implement the interface" would be the technically proper wording [18:36:26.0000] OK super [18:36:29.0000] thanks much [18:37:30.0000] oh [18:37:57.0000] "exposed *from* objects that implement the interface"? [18:38:15.0000] what preposition is best there? [19:24:46.0000] If this is MDN documentation, I have a long-standing pet peeve to remove all uses of the term "interface", since it it is a COBOL-ism holdover and the correct thing in JavaScript is "class". [19:25:05.0000] I've tried suggesting this before and been convinced it will be easier to change Web IDL first before we can convince the MDN maintainers to change. [20:07:53.0000] Domenic: yeah I personally would be much happier if we could make it align with JavaScript [20:08:11.0000] that’d certainly be more clear for web developers [03:38:29.0000] I would love to see that change in IDL [06:55:24.0000] I want to tackle some easier ones first, in particular https://github.com/heycam/webidl/issues/350 [07:56:09.0000] if we wanted to get more changes made to the IDL spec more quickly, my impression is that it could happen if we had somebody willing to put (more) money into a contract to pay for the necessary work [07:56:58.0000] or maybe not and the real bottleneck is still just not having enough people to work on it, regardless of money [08:00:06.0000] I think the problem is in part that the payoff is not direct and that there's a lot of cross-cutting concerns. [08:01:49.0000] yeah [08:04:02.0000] so by the way about the MDN annos, I notice a kind of bad usability/discoverability problem that happens in a small number of cases [08:04:13.0000] if you go to https://html-mdn.herokuapp.com/output/multipage/semantics-other.html#selector-read-only [08:04:37.0000] ... there is actually an MDN anno for ":read-only" [08:05:17.0000] but it’s not visible right there at point of use [08:05:28.0000] not aligned there [08:06:23.0000] the reason is, if you go to https://html-mdn.herokuapp.com/output/multipage/semantics-other.html#pseudo-classes and open the second anno there [08:07:43.0000] ... you’ll see it’s one giant long anno with info for every single pseudo-class in that dl/dt/dd list in the body of the spec [08:09:41.0000] but no normal reader would ever realize that they need to scroll all the way back up there to find the anno [08:10:35.0000] this is why, when I first added the MDN annos, I made them un-minimized by default — because otherwise, we run into discoverability issues like that [08:11:38.0000] so anyway if anybody has some good ideas about how we could better handle discoverability of the annos in cases like that, lemme know [08:38:59.0000] MikeSmith: "Pseudo-classes / No support in current engines. / No support data" seems not so good [08:39:42.0000] Domenic: yeah that’s a bug [08:39:56.0000] MikeSmith: interesting, I guess the problem there is that we're going up to child-of-body, which is the entire

[08:40:52.0000] Yeah that's what I'm wondering [08:41:01.0000] yeah will look into that [08:41:03.0000] If we had a before/after diff to judge the impact i'd be comfortable with that [08:41:12.0000] To make sure it doesn't have worse impacts elsewhere [08:41:16.0000] right [08:41:21.0000] yeah good point [08:41:33.0000] I can do it in a way that gives us a diff [09:30:26.0000] Hm, why go up to child-of-body, rather than just nearest-ancestor-not-autoclosed-by-an-aside? [09:42:44.0000] That sounds more complicated :) [09:43:34.0000] If it was easy to know what that list was then we could probably do it [12:38:29.0000] If only there were a spec around that described the auto-closing behavior, or perhaps an editor of said spec... ^_^ [15:39:06.0000] Domenic: mind elaborating the confusion on https://github.com/tc39/ecma262/issues/1524#issuecomment-611222892? [15:39:52.0000] shu: just confused/sad that we got to that conclusion given the arguments presented. [15:39:59.0000] AIUI the problem we want to solve was to not mislead -- currently, sometimes implementations mean a user agent, sometimes all user agents [15:40:12.0000] the compromise was to directly address that issue by enumerating all the places where implementation actually means host [15:40:18.0000] and linking to the actual host spec [15:41:03.0000] Sure. We've just lost a valuable word to discuss the distinction. [15:41:32.0000] that's fair -- the plan is to clarify that in the front matter somehow, non-normatively 2020-04-09 [05:16:06.0000] shu: I don't think that really works and if this is something Mozilla could object to I hope we do so [05:16:39.0000] Going all the way back to hosts having to monkey patch is such nonsense [07:03:30.0000] domfarolino: yo [07:04:07.0000] domfarolino: I'm working on lazy images today again :) [07:15:19.0000] zcorpan: excellent. I should be around a bit [07:17:15.0000] domfarolino: did you see https://github.com/whatwg/html/issues/5408#issuecomment-610033630 ? I'll look at httparchive today to test my hypothesis [07:27:52.0000] zcorpan: I see that there was activity on that issue, haven’t looked at it yet but will check it out today! Sounds exciting [07:40:54.0000] Domenic: well, HTML doesn't have nullable DOMString for anything but enumerated attributes either [07:41:07.0000] Domenic: so if that was the argument I'm confused [07:41:25.0000] annevk: I see, true. [07:41:37.0000] did the async iterator api on streams ever get picked up by any implementations [07:41:48.0000] devsnek: sadly not yet [07:42:11.0000] do you know if that's low priority or if something is preventing it [07:44:16.0000] devsnek: I think generally low priority but in Chrome the easiest path for us would be to get https://github.com/heycam/webidl/pull/808 merged and reviewed (cc edgarchen annevk) and then implement that in our Web IDL bindings system [07:46:13.0000] Domenic: I remember that a few months back you pointed out a case to me where we had a Can I Use anno in the HTML spec that provided better information than the corresponding MDN anno [07:46:30.0000] MikeSmith: https://github.com/whatwg/html-build/issues/213 [07:46:45.0000] /me looks [07:46:53.0000] there we go [07:46:55.0000] thanks! [07:47:07.0000] It would be nice to remove the caniuse stuff, for sure... [07:50:09.0000] yeah I can get make some patches for BCD [07:51:17.0000] the “MDN has 2 entries for Firefox and 2 for Firefox for Android” case was due to a bug that we since fixed [07:53:56.0000] Domenic: edgarchen said he would have time next week, if that falls through I'm happy to take a look [07:54:09.0000] Great [08:14:13.0000] annevk: sorry i'm confused [08:14:16.0000] annevk: what monkey patching? [08:15:00.0000] shu: if ECMAScript doesn't acknowledge it can be integrated as part of other specs, presumably the host hooks are going? [08:16:00.0000] annevk: oh it is acknowledging that, i think there's a miscommunication [08:16:06.0000] annevk: in a mtg atm, will elaborate in a bit [08:20:47.0000] shu: https://github.com/heycam/webidl/pull/870#issuecomment-611586723 [08:28:26.0000] annevk: i am missing context here, unfortunately [08:28:57.0000] shu: ECMAScript is apparently inconsistent on how to spell builtin [08:29:15.0000] shu: it would be nice if it picked a single style so we could align [08:29:54.0000] annevk: agreed. just making sure that was a separate thing from the "doesn't acknowledge it can be integrated into other specs" concern [08:30:08.0000] annevk: as for that, you're talking about the host vs implementation discussion, right? [08:30:17.0000] shu: yeah [08:30:52.0000] shu: in particular the conclusion of not distinguishing the NaN implementation-defined from how to allocate a Realm [08:31:41.0000] annevk: so the editor group conclusion was to just pick a term of art, "implementation", to only mean "blackbox indistinguishable" from an observable behavior inside ecma262 point of view [08:31:55.0000] annevk: and at the same time, address the spec layering issue directly by linking to upstream specs where appropriate [08:32:26.0000] annevk: like for Realms, host hooks, etc, we'll actually link to the relevant HTML parts that specify the additional requirements [08:32:48.0000] the actual interface points of the spec are unchanged [08:33:18.0000] if this arrangement isn't acceptable for HTML folks, i'm happy to bring it up again next week and relitigate [08:36:49.0000] shu: it doesn't make sense to me to have interface points but then not distinguish the interface points from things that are actually up to implementations entirely [08:38:05.0000] shu: that ECMAScript can be entirely self-hosted is fine and I think could be addressed by defining a basic self-hosting implementation in an appendix, that would also make it clear how various hooks are kinda broken and how agents don't have any [08:48:59.0000] annevk: self hosted meaning the host doesn't provide any of its own behaviour for hooks? [08:51:27.0000] devsnek: self-hosted is where the hooks are all implementation-defined, is the way I think about it [08:51:51.0000] isn't that just "normal" [08:52:17.0000] it's not my normal, but it could be yours [08:56:38.0000] don't hooks only exist for implementation defined behaviour [09:01:43.0000] annevk: concretely, we're planning on distinguishing the interface points by linking to the upstream specs [09:02:30.0000] shu: but I thought that was non-normative? [09:02:32.0000] annevk: i'm trying to understand if we distinguish the interface points explicitly somehow, is the host-implementation distinguish in prose still as important to you [09:02:36.0000] it kinda has to be [09:03:09.0000] annevk: whether something is definable by an upstream spec or an implementation is certainly normative [09:03:18.0000] or do you mean whether something _is_ an interface point is non-normative? [09:03:33.0000] both? [09:03:51.0000] (I think all should be normative) [09:03:52.0000] i'm kinda confused; to say something is defined elsewhere is definitely normative [09:04:49.0000] the problem right now is for the reader, they don't know if "defined elsewhere" means "defined in another spec" or "go read the c++ of whatever implementation you're running" [09:04:50.0000] Same, I guess I don't really see how this is going to work, an example might help [09:08:01.0000] annevk: we don't have any PRs up yet, but for example, i was imagining something like [09:09:02.0000] annevk: in https://tc39.es/ecma262/#sec-initializehostdefinedrealm, there will be a note that links to https://html.spec.whatwg.org/#realms-settings-objects-global-objects directly, saying HTML spec has additional requirements here [09:11:12.0000] annevk: as opposed to in something like https://tc39.es/ecma262/#sec-numeric-types-number-exponentiate, there'll be no links to upstream specs because there are no upstream specs that have additional requirements [09:12:24.0000] annevk: but ecma262 doesn't want to preclude that possibility, in case in the future if there's some standardized embedded device host spec that does impose a particular exponentiate algorithm on all its implementations [09:19:30.0000] shu: any implementation might have its own usage, are they supposed to all link to their docs/spec there? [09:20:39.0000] devsnek: if there *are* upstream specs, i recommend it [09:20:42.0000] not docs, specs [09:20:59.0000] node doesn't have a spec but it implements some of these hooks [09:21:05.0000] then it doesn't count [09:21:20.0000] why [09:21:23.0000] the point is to help readers understand additional requirements imposed by specifications that may have its own implementations [09:21:34.0000] not enumerate how it's implemented [09:21:55.0000] if node has its own spec and independent implementations and interop requirements, then we should link [09:22:24.0000] the only difference between for example how promises are hooked between node and html is one has a spec and one has docs [09:22:52.0000] no, the difference is one has at least 3 independent implementations that are expected to behave the same [09:23:04.0000] node has 3 [09:23:05.0000] or 2 [09:23:29.0000] I think chakranode is dead now but Graal has nodejs [09:25:16.0000] there is a qualitative difference between a reference implementation and a standard in my opinion [09:25:32.0000] I don't see the difference between "my impl of this hook has to support a browser" and "my impl of this hook has to support node" [09:25:55.0000] the difference is html has a spec that implementers consult to then implement it in their own browser [09:26:16.0000] there is a compliance issue -- a standard exists for html [09:26:28.0000] you're talking how mechanically it's the same [09:26:32.0000] i mean if you say your runtime supports node [09:26:37.0000] but it works differently [09:26:56.0000] what is a runtime that supports node [09:27:12.0000] chakranode, v8 node, graaljs node [09:27:19.0000] although i don't think chakranode is maintained anymore [09:27:43.0000] there was never a standard, that artifacts exist that may interop with a reference implementation may be a pre-step [09:28:03.0000] like maybe eventually there'll be a reason to guarantee ongoing interop and codify that in a standard and get through all the IPR hoops and all that [09:28:14.0000] so its a legal thing? [09:28:46.0000] part of why standards exists is a legal thing, yes. for this editorial, it's mainly about expectations of where to look next for requirements [09:28:58.0000] it's a reasonable line to draw at "link to other specs" [09:29:06.0000] and not "link to c++ code" [09:29:09.0000] or "link to docs" [09:29:18.0000] 🤷🏻 [09:29:53.0000] are you saying to you standards are the same as reference implementations and docs? [09:30:19.0000] no, but in terms of "reasons this hook exists with these requirements" [09:30:34.0000] * yes in terms of "reasons this hook exists with these requirements" [09:31:24.0000] i disagree. they're only the same mechanically speaking [09:32:12.0000] like someone representing html comes to tc39 and says "hook needs to fulfill x" and someone from node comes to tc39 and says "hook needs to fulfill y" [09:32:31.0000] why do we list x but not y in the spec [09:32:42.0000] also it occurs to me this is probably a bad channel for this [09:34:54.0000] i feel like i'm repeating myself: because one has a standard and realistic expectations of independent implementations having interop, and the other has a reference implementation only [09:38:02.0000] so in terms of someone implementing their js engine, they should care less about whether their exposing of the hook matches node's needs? [10:09:41.0000] shu: aren't you precluding it by not having a host hook? [10:10:01.0000] annevk: we're not removing host hooks [10:10:24.0000] shu: are you adding host hooks for everything that's implementation-defined? [10:11:27.0000] annevk: ah, i see what you're saying. not right now, but not having a host hook today also doesn't preclude [10:11:58.0000] annevk: if an upstream spec user materializes we can technically add host hooks to anywhere that says "implementation-defined" without normative differences, really [10:12:41.0000] shu: right, so then it makes sense to me to acknowledge them directly [10:13:36.0000] annevk: concrete suggestions? [10:15:24.0000] shu: have host hooks, acknowledge hosts, have the default implementation of each host hook be implementation-defined (this also helps HTML if you add hooks HTML doesn't want to override); I don't really see a need to reference HTML from the spec, but it might be nice [10:16:55.0000] shu: this would also allow you to enforce invariants on hosts, though I guess that can also be done through asserts and might be better [10:50:34.0000] annevk: that is basically the current plan, though we're not adding new host hooks [10:51:49.0000] annevk: the difference is that the *word* that was settled on was "implementation". so the pushback i'm hearing now is that there is still very strong preference for the single word to be "host" and not "implementation" [10:52:23.0000] what do you mean by acknowledge hosts? [10:53:45.0000] If you 1:1 implementation and host, HTML is the implementation, what does implementation-defined for https://tc39.es/ecma262/#sec-numeric-types-number-exponentiate mean? [10:54:28.0000] annevk: it means HTML has the right (but not the obligation) to impose additional requirements [10:54:41.0000] annevk: if it doesn't, that freedom passes through to HTML's implementations [10:54:50.0000] shu: literally it says that it's HTML-defined, but HTML doesn't want to define it [10:55:07.0000] shu: you can't say implementation is both the host and the implementation, imo [10:55:55.0000] annevk: it literally just means it's defined somewhere else [10:56:41.0000] annevk: i'm having trouble understanding why the "right but not the obligation" part is confusing [10:56:56.0000] shu: there is no right either since there's no explicit hook [10:57:09.0000] shu: (nor should there be) [10:58:01.0000] annevk: that's the basic disagreement [10:58:12.0000] annevk: i don't think anybody in ecma262 sees the presence of hooks as conferring the right [10:58:35.0000] annevk: well, anybody in the editor group [10:58:44.0000] How would you do it without hook? [10:59:04.0000] let me clarify [11:00:07.0000] by "the right" i mean ecma262 already allows for upstream hosts or implementations to do its own thing there [11:00:21.0000] host hooks are one way to provide easy hooking points for host-defined behavior [11:00:57.0000] if HTML said, use the following algorithm for ecma262's Number::exponentiate, so long as its it follows the invariants laid out, HTML has the right to just provide its own algorithm, host hook or not [11:01:36.0000] I'm not a fan of that [11:01:51.0000] sure, but the point is host hooks are mechanics [11:02:00.0000] That's what I would call monkey patching and an extremely bad practice when it comes to specifications [11:02:08.0000] okay, i see [11:02:43.0000] why is it extremely bad practice in your opinion? [11:02:53.0000] But I also think it's plain confusing that implementation sometimes means host and sometimes means implementation [11:03:24.0000] shu: it's not clear to implementers from looking at the algorithm how to implement it [11:03:43.0000] shu: I guess if you're familiar with the weird way some in TC39 use implementation-defined, you might be alerted to the fact, but otherwise [11:05:40.0000] shu: it can also lead to hard to iron out inconsistencies between hosts that force multiple implementations of the algorithm or even conflicts within a single host if it's large enough (e.g., if some non-HTML spec tried to take ownership of some things) [11:06:01.0000] annevk: i'm very sympathetic to "unclear to implementers", which is how we ended up on "link to the upstream spec (HTML) directly" [11:06:54.0000] the host-vs-implementation distinction doesn't exist normatively in ecma262, and defining it into existence is very hard [11:07:03.0000] It's also not the kind of abstraction you'd offer in code I think (supply your own algorithm that matches this one but fills in a couple of details differently) [11:08:15.0000] the distinction we're talking about for exponentiation vs, say, module loading, just doesn't exist in ecma262 currently [11:08:37.0000] In practice I think it does [11:08:49.0000] In the way it's read by implementers I think it does [11:09:31.0000] Certainly in the way I read it, it does, but I don't think it offers enough hooks to implement a host (e.g., no way to set up an agent cluster and such) [11:10:17.0000] in practice it definitely does, but to define the difference normatively in ecma262 isn't going to get consensus [11:10:30.0000] shu: it even starts with talking about a host environment [11:10:37.0000] sigh [11:10:39.0000] shu: and there was this whole host objects thing, etc. [11:10:59.0000] i understand the desire to disallow monkeypatching normatively [11:11:14.0000] but there isn't consensus for that [11:11:27.0000] Is there consensus to replace every instance of host with implementation though? [11:11:39.0000] Again, I'd hope Mozilla objects if possible [11:12:13.0000] we're replacing host-defined with implementation-defined [11:12:16.0000] How are the editors explaining "Jobs are scheduled for execution by ECMAScript host environments." [11:12:19.0000] not touching the word host otherwise [11:13:46.0000] I gotta go relax for a bit as it's late here. I'm still rather confused about this direction, but I guess we'll see [11:14:16.0000] i don't know how to satisfy the stakeholders tbh, without actually precluding the right for hosts but not implementations to override e.g. exponentiate [12:53:44.0000] TabAtkins: Is there any way to disable the Bikeshed thing where it will append "of type X" when I define things in a
? [14:10:42.0000] Domenic: I don't think so, lemme check... 2020-04-10 [17:58:58.0000] Domenic: check the CSS Syntax algos, are you happy with the increased explicitness now? [18:38:23.0000] TabAtkins: Ah, looks great now; thank you! 2020-04-13 [22:14:13.0000] annevk: Domenic: do we know why Travis stopped running for HTML? [22:14:25.0000] https://travis-ci.org/github/whatwg/html/builds [22:14:36.0000] last build 4 days ago [22:15:09.0000] oh wait [22:15:42.0000] I see that is actually the last time anything was merged to master [22:16:17.0000] I was thinking https://github.com/whatwg/html/pull/4519/ has been merged but I see now that it has not [22:18:33.0000] yeah, waiting on resolution of https://github.com/whatwg/html/issues/3840 still I guess [04:43:39.0000] MikeSmith: 🐣 [04:44:14.0000] heh [04:44:26.0000] that’s a nice one [15:56:21.0000] Phew https://github.com/whatwg/streams/pull/1035 [16:40:41.0000] Domenic: oh wow [16:40:42.0000] cool 2020-04-14 [19:31:57.0000] offered without comment: https://mailarchive.ietf.org/arch/msg/ietf/h6fTco-9fw7IeF_x6jvEvfrZuvk/ [19:34:08.0000] Harald's reply seems pretty on-point [19:34:24.0000] yeah [19:35:16.0000] > This is part of what theIETF process is supposed to do between "proposed standard" and"standard" (but rarely does). [20:40:18.0000] stumbled across https://lab.syncer.jp/Web/API_Interface/Reference/IDL/ which in some cases seems more complete than MDN BCD [05:34:34.0000] hey guys [05:34:47.0000] I am a radio operator in Brisbane Australia [05:34:52.0000] abc.net.au/triplej [05:34:59.0000] I will try to get the host to play some punk [05:35:04.0000] this is hard on me.... [05:35:44.0000] they are trying to play some punk [05:35:45.0000] talk to me [05:35:48.0000] Slyda1 [05:35:53.0000] I hear all of you [05:35:57.0000] and then sometimes I hear you [05:36:08.0000] but I hear all of you! [05:36:09.0000] :) [05:36:26.0000] 10.36pm [05:36:31.0000] 6x6 are 36 [05:39:13.0000] abc.net.au/triplej [05:39:16.0000] Radio Operator [05:39:18.0000] Lachlan is on [05:39:21.0000] he is real good eh! [05:39:28.0000] I like Lachlan [05:39:34.0000] he is pretty good do you like him! [05:39:37.0000] sweet some nice punk! [06:56:24.0000] MikeSmith: there's also https://web-confluence.appspot.com/#!/catalog?releases=%5B%22Edge_18.17763_Windows_10.0%22,%22Safari_13.0.2_OSX_10.15%22,%22Chrome_78.0.3904.70_Windows_10.0%22,%22Firefox_70.0_Windows_10.0%22%5D&q=%22%22 [07:01:52.0000] Domenic: yup, thanks — the only complaint I have about that is that it doesn’t go back far enough for what’s needed in MDN/BCD at times [07:04:04.0000] I mean as far as “what browser versions did this feature first ship in” [07:08:17.0000] on that note today I realized the https://trac.webkit.org/browser/webkit/tags/ tag browser can be very useful for figuring out what tag a particular webkit revision first went into [07:09:03.0000] which is useful not just for Safari but also for older Chrome pre-fork [08:12:11.0000] Domenic: experience with https://hub.github.com/ or similar? Thinking of adding that to spec-factory to create the PRs in an easier way, but not sure if that's the preferred dependency or if there's something else [08:13:24.0000] annevk: I use hub, exclusively for the `hub checkout $PR_URL` command. I imagine the "preferred" way would be to use the GitHub API via some pure-Python package, but that involves tokens and stuff; shelling out to a command line script is probably easier for you. [08:13:37.0000] annevk: however I think `hub` is being replaced by "the official GitHub CLI"; let me look that up... [08:13:50.0000] annevk: https://cli.github.com/ [08:14:15.0000] https://github.com/cli/cli#comparison-with-hub [08:14:20.0000] Domenic: I saw that, but that had less features [08:14:47.0000] Domenic: I guess I'll go with a hub dependency for now and be prepared to change it later [08:14:58.0000] I'm curious, what feature of hub do you need that gh doesn't have? [08:15:28.0000] Domenic: talking to the raw API to add a comment [08:15:40.0000] Interesting [08:15:56.0000] Domenic: I want to create a script for RDs as well if I start doing this [08:16:17.0000] although I guess the comment there is after merging hmm [08:17:13.0000] I hadn't completely thought the whole thing through, mandatory reviews are another issue [08:22:16.0000] I guess you might want something more like https://github.com/PyGithub/PyGithub for that [08:22:56.0000] Lots of choices although that one is listed first https://developer.github.com/v3/libraries/ [08:23:28.0000] That also seems reasonable I suppose, it takes a token which is the main thing we need [09:02:36.0000] You get an email per commit? Oh my I should be more careful [09:05:55.0000] I dunno, it's self-inflicted because I choose not to set up any filter rules. [09:05:59.0000] But it usually works pretty well. [09:06:28.0000] Oh so ARIA attributes are also superglobal attributes, I missed that [09:08:39.0000] I've used PyGitHub fwiw [09:08:57.0000] annevk: hmm https://w3c.github.io/html-aria/#rules-wd does not say so [09:09:32.0000] https://w3c.github.io/aria/#AriaAttributes extends Element [09:09:35.0000] hmm [09:09:42.0000] Hmm [10:19:53.0000] hmm indeed [10:20:01.0000] that wasn’t there before [10:20:07.0000] wonder when they added it [10:25:20.0000] next maybe the https://w3c.github.io/dpub-aria/ will do the same for the three dozen doc-* roles it defines [10:30:52.0000] Domenic: so if we ever allow non-data URL sandboxed workers, the allocation of the thread has to happen after the response comes in [10:31:09.0000] Domenic: which is reasonable I suppose, we fetch in parallel and then create an environment [10:31:32.0000] Domenic: maybe once we address the racy stuff in how shared workers are created that'll mostly solve itself [11:41:09.0000] Where do we stand nowadays in terms of web apps being able to store key-value pairs with a TTL associated with them. In order words, cookies but without being needlessly sent over the network (which is either unpleasant or a show stopper, depending on the data in quesion and one's policy on privacy). [11:41:42.0000] I recall a few different efforts existing in this realm, but I'm not seeing this particular use case mentioned anywhere, is that right? [11:44:22.0000] The status quo, for Wikipedia as example, is either: Cookies or really-really-bad use of LocalStorage. Where really-really-bad is looping through localStorage key by key (in all its race glory) and delete stuff that's expired based on your own value format. Aside from being buggy and racey, it is also horrible for performance as on mobile localStorage can incur disk I/O. In our testing, easily up to 100ms per call, and unlike desktop, the whole [11:44:22.0000] origin's store does not go into RAM after one call. [11:45:22.0000] Our current compromise for mobile, for the limited cases that absolutely need expiry and cant use cookies, is to start somewhre randomly between 0 and localStorage.length, and to requetIdleCallback/setTimeout yield as much as we can, and either way stop after a handful of iterations because otherwise it'd just be a waste of energy. [12:27:02.0000] Krinkle: the idea is still alive, there might be some progress on buckets this year [12:29:18.0000] annevk: mainly WHATWG or one of the W3 WGs? Is there a ticket I can create or should follow? [12:29:35.0000] with Wikimedia now being a member, perhaps we can help in a more organised fashion on this if in-scope [13:02:10.0000] Krinkle: whatwg/storage, but maybe there is discussion elsewhere too, not sure [13:03:11.0000] annevk: you mean that as part of the navigation.storage spec etc there'd be potentially a new localstorage-like API that supports TTL on a per-key basis? [13:05:01.0000] not sure if buckets really aims to address things on a per-key basis... [13:05:04.0000] Krinkle: oh, I missed per-key [13:05:43.0000] Some modification to cache storage might make more sense, although I'm not aware of concrete efforts in that area either. Being able to expire individual cache storage items autoamtically has come up as a use case a couple of times at least [13:06:33.0000] https://github.com/w3c/ServiceWorker/issues/863 has some thoughts [13:08:05.0000] The main issuse we're running into is that when different features over the weeks/months store keys and then no longer need those keys the code for it ceases to exist so the keys linger ,which ultimately keeps shrinking the amount of space available. [13:08:31.0000] It also means when someone enables an experimental feature that uses up a fair amount storage and then disables it again, the keys remain etc. [13:08:49.0000] also things like mything-{variable}-something are big red flags right now given no expirration [13:09:41.0000] at least that experimental feature use case seems like it doesn't need per-key expiry; the experimental feature could have its own storage bucket, with a per-bucket expiration date, and then their own CacheStorage/IndexedDB/localstorage/... inside that bucket [13:09:53.0000] assuming you don't need transactions that span multiple buckets... [13:15:31.0000] yeah, for 99% of what I'm imagining, transactions are not needed. these are just simple key-value pairs [14:38:48.0000] where is the best place to raise issues against unicode.org's site? [14:41:07.0000] actually... looks like http://blog.unicode.org/2020/04/technical-alert-unicode-technical.html might the cause of my links to it not working 2020-04-15 [17:42:21.0000]
Am I correct in thinking that HTML doesn't support the hello: namespace thing here? Is it defined how this should be parsed, or do we know what should happen? [17:46:00.0000] innovati: per-spec it’s parsed as an attribute with the literal name hello:world and an empty value [17:46:21.0000] there’s nothing special about the colon in the attribute name [17:46:41.0000] If this was XML instead, it would be a namespace and an attribute name separately? [17:47:09.0000] I dunno about XML, don’t remember [17:47:21.0000] thanks so much @MikeSmith <3 [20:52:27.0000] innovati: parse error, use data:text/xml, to try [05:04:34.0000] littledan: I guess I'm a bit out-of-my-depth, but that kind of coding style doesn't sound great for window agents [05:04:51.0000] annevk: Yeah, I agree [05:05:06.0000] sorry if my comment was ambiguous. I'm all for restricting this to, roughly, the [[CanBlock]] set [05:05:14.0000] littledan: it might be okay for audio worklets, but padenot suggested they can make those close to or actually GC-free so might not need this either [05:05:18.0000] I don't know if it should be the same bit or if we might come to some kind of agent where they differ [05:05:34.0000] maybe it's fine to use the same bit for now [05:05:59.0000] I guess that's really a thing TC39 should have settled [05:06:24.0000] Or is there more to do than set a boolean for HTML? [05:06:28.0000] well, we decided that different hosts can settle this differently, since not everyone even uses an event loop style [05:06:50.0000] You'll at least have as much of a loop as needed for promises presumably [05:06:58.0000] editorially we decided to go for the most parsimonious thing, that it's just "normative optional"--hosts can already resolve that, as they do for Intl and Annex B [05:07:21.0000] But isn't that the same as an agent flag? [05:07:34.0000] Or can we make this different per global if we wanted to? [05:07:38.0000] right, ultimately these are all different ways of talking about the same thing [05:08:06.0000] Again, I think it would help if TC39 was a bit more opionated and didn't leave all the work to hosts [05:09:31.0000] Or maybe not opinionated, but doing a bit more legwork on reasonable tradeoffs for hosts [05:22:21.0000] Well, maybe this thread we're having in HTML now can lead to recommendations that we can bring back to the committee, to consider refining the "normative optional" wording and proposing something more specific [07:39:09.0000] I tend to disagree with annevk, and am in favor of expansive powers for hosts in general :) [07:45:31.0000] You think the current setup is good? [07:49:19.0000] Yeah [07:49:44.0000] Giving hosts the ability to choose how to expose things like SharedArrayBuffer or cleanupSome() is nice [07:52:14.0000] Sure, but there's no concrete API for doing that atm [07:52:43.0000] E.g., our current SharedArrayBuffer thing assumes it's defined by default [07:52:57.0000] I'd rather hosts be able to say things like "expose X" and "don't expose Y" at their leisure than require that they only have control over a proscribed set of things ES takes the time to expose an API for. [07:53:39.0000] I don't think there's anything in the current setup that makes it ambiguous what to implement, so I don't see what requiring more formal channels would buy us. [07:54:26.0000] (It would just reduce the freedom of host specs.) [07:55:31.0000] You can have exactly the same level of freedom without the ambiguity [07:55:54.0000] What ambiguity? [07:56:04.0000] What two different ways to read the current HTML + ES spec combination are there? [09:01:17.0000] i'm also not sure something to the level of host hook rigor is needed for normative optional things in ecma262 [09:02:07.0000] Domenic: how is it clear that it's required that the implementation exposes the SharedArrayBuffer constructor? [09:02:38.0000] ecma262 needs to be exact in what is normative optional (e.g. the data property on the global object), but i'm also confused by the confusion [09:03:18.0000] annevk: because HTML says it must? [09:03:58.0000] It does? [09:04:11.0000] Anyway, maybe someone else can work on that as none of this makes much sense to me [09:04:35.0000] I mean, I'd assumed that's what your PR did [09:04:38.0000] If not, then it should [09:13:27.0000] If someone could suggest the relevant language or add it to that PR that'd be appreciated [09:13:41.0000] I asked in that TC39 issue and didn't really get a clear answer [09:14:01.0000] The current PR simply deletes SAB and assumes it's there [09:19:26.0000] Happy to work on that [09:20:06.0000] Thanks! [09:32:14.0000] Domenic: https://github.com/w3c/aria/issues/1239 fyi [11:36:53.0000] TabAtkins: your parse-css is kept up to date, right? [11:37:18.0000] Uh, overall yes. I should make sure I haven't missed any updates in the last few months. [11:37:32.0000] I know it doesn't have the new entry-point function I added last week. [11:37:51.0000] Cool. I was about to write something similar before I thought to Google [11:38:47.0000] I’d be happy to look it over and do any updates [11:39:38.0000] yes, looking at both the spec and project histories, it should be up-to-date [11:42:06.0000] Great 2020-04-16 [09:17:19.0000] JakeA: (and others interested in better defining storage APIs) https://github.com/whatwg/storage/issues/18#issuecomment-614751336 [09:37:29.0000] hi, I just noticed that `customElements.whenDefined(node.nodeName)` seems invalid in both Firefox and Chrome due to `nodeName` using uppercase letters [09:37:51.0000] is that intentional? I couldn't find any details on name restrictions other than hyphenation [09:38:45.0000] FND: looks intentional and makes some sense given XML [09:38:51.0000] FND: you could do node.localName [09:40:35.0000] MDN says use of localName is discouraged? [09:40:37.0000] (I'm an old-man wannabe, so quirksmode.org has ingrained `nodeName` in my mind) [09:41:04.0000] but I could easily go with `.toLowerCase()`, I was just wondering why custom elements make this distinction when AFAIK other DOM APIs are case-insensitive [09:46:51.0000] Wow, MDN is very wrong [09:47:00.0000] localName is encouraged, nodeName is discouraged [09:47:20.0000] FND: MDN is misguided then... (toLowerCase() is fraught and might do the wrong thing for non-ASCII code points) [09:47:31.0000] I don't see anything in https://developer.mozilla.org/en-US/docs/Web/API/Element/localName [09:47:57.0000] ah, I was looking at Node.localName, not Element.localName [09:47:57.0000] https://developer.mozilla.org/en-US/docs/Web/API/Node/localName [09:48:28.0000] Hmm, I see, that's confusing... but I'm not sure what to concretely suggest MDN do [09:48:47.0000] yeah, the Node vs. Element thing is often confusing... [09:49:15.0000] anyway, TIL localName is preferred - thanks! [09:50:20.0000] yet my original puzzlement remains: why is the custom-elements API case-sensitive? am I wrong in thinking all/most other DOM APIs are case-insensitive? [09:51:24.0000] FND: a lot are ASCII case-insensitive sometimes, with newer APIs we try to be a bit stricter so there's less of a difference between HTML and XML documents [09:51:50.0000] FND: as the core model is very much case-sensitive [09:52:28.0000] roger, good to know - and yeah, ASCII assumptions is a good point [09:57:06.0000] jobs [09:57:20.0000] fg [09:57:42.0000] oops, sorry [14:52:00.0000] So there's an open question which is kind of interesting [14:52:23.0000] If a web notification is spawned with a body of "text foo bar" [14:52:30.0000] Should the browser escape this, or not? [14:52:56.0000] Firefox doesn't escape it on certain platforms, leading to the body text being interpreted as markup by the system notifications [14:53:10.0000] Chrome always escapes it, and on Windows also all browsers escape it [14:53:43.0000] Leading to a handful of edge cases where it becomes "text foo bar" instead of "text foo bar" [14:54:28.0000] In this case it's interesting because a notification with a body containing "<" led to the second half of the body disappearing, due to the native notification system interpreting it as malformed markup [14:54:44.0000] Is this a bug in Firefox or the webapp? [15:12:10.0000] justJanne: I'm not entirely sure about the escaping part, but I do know that afaik web notifications do require that notifications can be rendered as plain text, so it's definitely true that it can't require HTML-escaped input in a way that promises to render them. The question is, how can you tell the browser that is already plain text or that it's marked up with HTML the browser shoudl strip if needed. [15:14:35.0000] from looking at the spec, I see no mention of HTML support. so I would guess it is meant to be plain text, there is no markup support beyond that "title" and "icon" stand separate from "body" (often with title being bold). [15:15:06.0000] and given no primitive in the browser for easily escaping plain text, I imagine it's not intended that developers escape it themselves [15:16:13.0000] Probably a bug in firefox on non-Windows then? [15:17:30.0000] OK, the spec mentions \n as being a paragraph boundary, so yeah, definitely plain text and not HTML. [16:01:11.0000] Ugh, "plain text only" is discriminatory against languages that need some degree of markup. Common English-speaking programmer mistake, tho. 2020-04-17 [02:40:55.0000] annevk: re: https://github.com/whatwg/html/issues/3400#issuecomment-615130411, "valueAsColor() doesn't help with submission" -- is that a dealbreaker somehow? [02:41:31.0000] valueAsDate() doesn't affect submission either, it's just a way to read the serialized value in a different format [02:43:18.0000] mathiasbynens: we need something for submission if we're going beyond RGB [02:44:21.0000] annevk: sure, but do developers want to specify the exact serialization format? I was assuming it would be sufficient if the .value would be "any valid CSS color as produced by the CSS color serialization spec", and maybe that's wrong [02:44:27.0000] mathiasbynens: it does seem to fine to offer utility methods, but if you're looking at an MVP I'd not target those [02:45:03.0000] mathiasbynens: I suspect servers will break if suddenly started emitting non-RGB strings [02:45:37.0000] annevk: yeah i think shoehorning this into type=color is a bad idea in general [02:45:38.0000] mathiasbynens: if it's that's fine though [02:45:54.0000] a new input type seems better [02:46:27.0000] mathiasbynens: there's a bunch of precedent with the existing types for attributes to modify them somehow, e.g. [02:46:30.0000] I agree we don't want to break :) [02:46:31.0000] or webkitdirectory [02:46:48.0000] I guess we're mostly aligned then [06:51:16.0000] A new element!! [07:11:52.0000] Specifying MIME type parsing was a good move. It's nice to see things like https://github.com/mensbeam/mime crop up. [07:22:00.0000] That's not the PHP I used to write 🙂 [08:19:12.0000] annevk: for portals (spec work is re-starting) we want to have the spec primitives to specify "no storage" for a given browsing context, and then after activation "storage as normal" (i.e. keyed to origin like a TLBC, no double-keying). Will the storage infra work you're workign on provide the primitives for that? [08:43:58.0000] I'm going to assume "TLBC" is "Three Letter BaCkronym" [08:45:01.0000] top-level browsing context, ofc [09:04:39.0000] Domenic: it would allow you to explain the observable effects, but it's prolly still some work [09:05:39.0000] Domenic: this mostly provides infrastructure for replacing the underlying storage bucket and also make it clearer which APIs end up in the same bucket [09:06:02.0000] annevk: hmm so this mostly helps with buckets, not necessarily with double-keying? Or are they connected? [09:07:12.0000] Domenic: they are and it helps with double-keying [09:07:25.0000] Domenic: but double-keying is different from blocking [09:09:28.0000] Right, that makes sense [09:09:49.0000] Although I wonder why our plan is blocking instead of changing the key to something useless [09:11:09.0000] I guess what I mean is keying to an isolated origin [09:11:17.0000] But then it's pretty weird if only storage treats the origin as opaque [09:11:33.0000] storage is mostly blocked on opaque origins anyway? [09:11:48.0000] I think so [09:11:49.0000] Is it blocked? I thought it just wrote to something that only you could access. [09:11:50.0000] and swapping out storage is much weirder than unblocking imho. What happens to open transactions, etc for example. [09:12:04.0000] Currently it is blocked for almost every storage API [09:12:15.0000] I see. https://w3c.github.io/IndexedDB/#dom-idbfactory-open [09:12:22.0000] Transactions get terminated [09:12:31.0000] Also a problem if you swap with an empty bucket [09:12:34.0000] https://html.spec.whatwg.org/multipage/webstorage.html#storage-object-initialisation-steps [09:12:37.0000] aka Clear-Site-Data [09:13:05.0000] I wonder if we can define "storage is blocked" just by piggybacking off of this infrastructure [09:13:13.0000] I thought clear-site-data also froze/reloaded pages? But perhaps that was an optional flag. [09:13:32.0000] Mek: that's an optional flag that Chrome didn't implement and caused a bunch of trouble for Firefox [09:13:34.0000] I guess we need to define "storage key" separately from "origin" anyway to help with double-keying... /me goes to re-read annevk's proposal [09:13:48.0000] Domenic: obtain the key is currently XXX, but yes [09:14:44.0000] Domenic: Storage asks for an environment and my idea is to get the key from there; currently it assumes you don't invoke it from an opaque origin environment but I should probably flip that around and only returning failure or some such [09:14:46.0000] This makes sense [09:14:54.0000] I'll comment on the bug [09:20:58.0000] Domenic: thanks [09:22:02.0000] I need to think a bit more about sessionStorage / history which are of course weirdly special, but it's probably worth starting with this next week even if I leave those as XXX [10:02:11.0000] Mek: if nobody does sessionStorage for opaque origins I'd be okay with stopping that [10:02:18.0000] Mek: although if pushState() still works... [10:02:29.0000] I have no idea what other browsers do for session storage unfortunately [10:03:18.0000] Mek: but yeah, at this point I think the best course is that sessionStorage gets its own storage bucket that is session-lifetime-bound somehow [10:04:14.0000] seems reasonable, yes... session-lifetime-bound, but also copied-on-creating-auxiliary browsing contexts [10:04:16.0000] Mek: and history.pushState() may or may not be able to use that too, not sure I'll figure all that out for v0 though, but I suspect I might try to poke at things a bit [10:06:01.0000] Mek: yeah that also needs some work, if the session belongs to the browsing context group the spec might not have to copy [10:06:52.0000] oh wait, it probably does need to copy because afterward they are independent? [10:07:00.0000] exactly [10:07:02.0000] oh well, it's all doable [10:07:40.0000] but that does suggest it should have a bucket separate from pushState() [10:07:50.0000] don't want to copy over that data too [10:08:22.0000] weekend \o/ [10:08:44.0000] definitely excited about better figuring out how session storage should/is behaving [10:09:36.0000] (third party iframes, and should their storage be copied as well? Unclear in current spec, no idea what other browsers do, chrome does. I.e. a.com embeds b.com. Open a new window of a.com embedding b.com, and the new embedded b.com also gets a copy of the old embedded b.com) [11:43:16.0000] mkwst: you might know if https://w3c.github.io/reporting/#send-reports is supposed to happen for workers too? [11:43:27.0000] the text hints that it should not [11:43:46.0000] but the API is exposed to the workers too [12:25:27.0000] smaug____: it should, baku filed an issue I think [12:26:13.0000] Mek: I guess that makes sense, but would indeed be good to define it exactly [12:26:55.0000] annevk: ok, thanks. I just asked baku to file an issue, but I guess he did that already :) 2020-04-18 [12:06:58.0000] so uh what do I need to make this work https://github.com/creationix/js-git/issues/145 [12:39:30.0000] seriously tho why's it giving me an empty response even with no-cors [12:43:34.0000] how do I get this to work [13:09:14.0000] I believe no-cors simply makes the browser reject any requests that aren't same-origin (aka for which you wouldn't need cors in the first place). 2020-04-20 [07:53:36.0000] What's the story about HTML's support for and ? [07:53:55.0000] In Chrome they parse as and [07:54:21.0000] Is their parsing in HTML to allow parsing them inside embedded XML documents only? [08:04:31.0000] innovati: https://html.spec.whatwg.org/multipage/syntax.html#cdata-sections might help. [08:04:46.0000] Outside of foreign content they are "bogus comments", I believe. I.e. they are similar to [08:06:31.0000] interesting it seems and parse as and [08:07:00.0000] does the spec talk about bogus comments, or is this just something browsers do? [08:07:33.0000] (I'm writing XML, and HTML templating functions, and functions that process DOM nodes so I have to write tests and I'm realizing gaps in my own understanding :D ) [08:14:59.0000] The parsing algorithm describes in full detail all aspects of parsing, including such "bogus comments". [08:16:55.0000] though in many particular occasions, an HTML parser is allowed to give up and reject the input when it's invalid [08:17:01.0000] not sure if in the case of bogus comments [08:18:12.0000] although browsers are not exempted from giving up like that, no major browser does [08:30:10.0000] ah found this https://html.spec.whatwg.org/multipage/parsing.html#parse-error-unexpected-question-mark-instead-of-tag-name [08:30:44.0000] and in this section it seems to cover the