Merge pull request #1975 from pascoej/fix-bikeshed-compile

Fix the bikeshed build

index.bs

@@ -1459,21 +1459,21 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
 
 This section normatively specifies the API for creating and using [=public key credentials=]. The basic
 idea is that the credentials belong to the user and are [=managing authenticator|managed=] by a [=[WAA]=], with which the [=[WRP]=] interacts through the [=client platform=]. [=[RP]=] scripts can (with the [=user consent|user's consent=]) request the
-browser to create a new credential for future use by the [=[RP]=]. See <a href="#fig-registration">Figure <span class="figure-num-following"/></a>, below.
+browser to create a new credential for future use by the [=[RP]=]. See <a href="#fig-registration">Figure <span class="figure-num-following"></span></a>, below.
 
 
 <figure id="fig-registration">
-    <img src="images/webauthn-registration-flow-01.svg"/>
+    <img src="images/webauthn-registration-flow-01.svg"></img>
     <figcaption>Registration Flow</figcaption>
 </figure>
 
 
 Scripts can also request the user’s permission to perform
-[=authentication=] operations with an existing credential. See <a href="#fig-authentication">Figure <span class="figure-num-following"/></a>, below.
+[=authentication=] operations with an existing credential. See <a href="#fig-authentication">Figure <span class="figure-num-following"></span></a>, below.
 
 
 <figure id="fig-authentication">
-    <img src="images/webauthn-authentication-flow-01.svg"/>
+    <img src="images/webauthn-authentication-flow-01.svg"></img>
     <figcaption>Authentication Flow</figcaption>
 </figure>
 
@@ -4152,7 +4152,7 @@ The [=authenticator data=] has a compact but extensible encoding. This is desire
 limited capabilities and low power requirements, with much simpler software stacks than the [=client platform=].
 
 The [=authenticator data=] structure is a byte array of 37 bytes or more,
-laid out as shown in <a href="#table-authData">Table <span class="table-ref-following"/></a>.
+laid out as shown in <a href="#table-authData">Table <span class="table-ref-following"></span></a>.
 
 
 <figure id="table-authData" class="table">
@@ -4247,10 +4247,10 @@ the requested [=public key credential|credential=] is [=scoped=] to exactly matc
 - If the authenticator does not include any [=authData/extensions|extension data=], it MUST set the [=authData/flags/ED=] [=flag=] to zero, and to one if
     [=authData/extensions|extension data=] is included.
 
-<a href="#fig-authData">Figure <span class="figure-num-following"/></a> shows a visual representation of the [=authenticator data=] structure.
+<a href="#fig-authData">Figure <span class="figure-num-following"></span></a> shows a visual representation of the [=authenticator data=] structure.
 
 <figure id="fig-authData">
-    <img src="images/fido-signature-formats-figure1.svg"/>
+    <img src="images/fido-signature-formats-figure1.svg"></img>
     <figcaption>[=Authenticator data=] layout.</figcaption>
 </figure>
 
@@ -4306,11 +4306,11 @@ the same procedure as other [=assertion signatures=] generated by the [=authenti
 ### Credential Backup State ### {#sctn-credential-backup}
 
 Credential [=backup eligibility=] and current [=backup state=] is conveyed by the [=authData/flags/BE=] and [=authData/flags/BS=] [=flags=] in the [=authenticator data=], as
-defined in <a href="#table-authData">Table <span class="table-ref-previous"/></a>.
+defined in <a href="#table-authData">Table <span class="table-ref-previous"></span></a>.
 
 The value of the [=authData/flags/BE=] [=flag=] is set during [=authenticatorMakeCredential=] operation and MUST NOT change.
 
-The value of the [=authData/flags/BS=] [=flag=] may change over time based on the current state of the [=public key credential source=]. <a href="#table-backupStates">Table <span class="table-ref-following"/></a> below defines
+The value of the [=authData/flags/BS=] [=flag=] may change over time based on the current state of the [=public key credential source=]. <a href="#table-backupStates">Table <span class="table-ref-following"></span></a> below defines
 valid combinations and their meaning.
 
 <figure id="table-backupStates" class="table">
@@ -4412,7 +4412,7 @@ The above examples illustrate the primary <dfn>authenticator type</dfn> characte
 - Whether the authenticator is [=discoverable credential capable=] &mdash; the [=credential storage modality=].
 
 These characteristics are independent and may in theory be combined in any way,
-but <a href="#table-authenticatorTypes">Table <span class="table-ref-following"/></a>
+but <a href="#table-authenticatorTypes">Table <span class="table-ref-following"></span></a>
 lists and names some [=authenticator types=] of particular interest.
 
 
@@ -4478,7 +4478,7 @@ typically a PIN or [=biometric recognition=].
 The [=authenticator=] can thus act as two kinds of [=authentication factor=],
 which enables [=multi-factor=] authentication while eliminating the need to share a password with the [=[RP]=].
 
-The combinations not named in <a href="#table-authenticatorTypes">Table <span class="table-ref-previous"/></a>
+The combinations not named in <a href="#table-authenticatorTypes">Table <span class="table-ref-previous"></span></a>
 have less distinguished use cases:
 
 
@@ -4838,13 +4838,13 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
     specified in [[#sctn-authenticator-data]] including |processedExtensions|, if any, as
     the <code>[=authData/extensions=]</code> and excluding <code>[=attestedCredentialData=]</code>. This |authenticatorData| MUST include [=attested credential data=] if, and only if, |attestationFormat| is not `none`.
 1. Let |signature| be the [=assertion signature=] of the concatenation <code>|authenticatorData| || |hash|</code> using the
-    [=public key credential source/privateKey=] of |selectedCredential| as shown in <a href="#fig-signature">Figure <span class="figure-num-following"/></a>, below. A simple,
+    [=public key credential source/privateKey=] of |selectedCredential| as shown in <a href="#fig-signature">Figure <span class="figure-num-following"></span></a>, below. A simple,
     undelimited
     concatenation is safe to use here because the [=authenticator data=] describes its own length. The [=hash of the serialized
     client data=] (which potentially has a variable length) is always the last element.
 
     <figure id="fig-signature">
-        <img src="images/fido-signature-formats-figure2.svg"/>
+        <img src="images/fido-signature-formats-figure2.svg"></img>
         <figcaption>Generating an [=assertion signature=].</figcaption>
     </figure>
 
@@ -4949,10 +4949,10 @@ Authenticators may be required to store arbitrary strings chosen by a [=[RP]=],
 
 Each arbitrary string in the API will have some accommodation for the potentially limited resources available to an [=authenticator=]. If string value truncation is the chosen accommodation then authenticators MAY truncate in order to make the string fit within a length equal or greater than the specified minimum supported length. Such truncation SHOULD also respect UTF-8 sequence boundaries or [=grapheme cluster=] boundaries [[UAX29]]. This defines the maximum truncation permitted and authenticators MUST NOT truncate further.
 
-For example, in <a href="#fig-stringTruncation">figure <span class="figure-num-following"/></a> the string is 65 bytes long. If truncating to 64 bytes then the final 0x88 byte must be removed purely because of space reasons. Since that leaves a partial UTF-8 sequence the remainder of that sequence may also be removed. Since that leaves a partial [=grapheme cluster=] an authenticator may remove the remainder of that cluster.
+For example, in <a href="#fig-stringTruncation">figure <span class="figure-num-following"></span></a> the string is 65 bytes long. If truncating to 64 bytes then the final 0x88 byte must be removed purely because of space reasons. Since that leaves a partial UTF-8 sequence the remainder of that sequence may also be removed. Since that leaves a partial [=grapheme cluster=] an authenticator may remove the remainder of that cluster.
 
 <figure id="fig-stringTruncation">
-    <img src="images/string-truncation.svg"/>
+    <img src="images/string-truncation.svg"></img>
     <figcaption>The end of a UTF-8 encoded string showing the positions of different truncation boundaries.</figcaption>
 </figure>
 
@@ -4995,14 +4995,14 @@ or otherwise perform [=None|no attestation=].
 
 All this information is returned by [=authenticators=] any time a new [=public key credential=] is generated, and optionally when exercised, in the overall form of an
 <dfn>attestation object</dfn>. The relationship of the [=attestation object=] with [=authenticator data=] (containing
-[=attested credential data=]) and the [=attestation statement=] is illustrated in <a href="#fig-attStructs">figure <span class="figure-num-following"/></a>, below.
+[=attested credential data=]) and the [=attestation statement=] is illustrated in <a href="#fig-attStructs">figure <span class="figure-num-following"></span></a>, below.
 
 If an [=authenticator=] employs [=self attestation=] or [=None|no attestation=], then no provenance information is provided
 for the [=[RP]=] to base a trust decision on.
 In these cases, the [=authenticator=] provides no guarantees about its operation to the [=[RP]=].
 
 <figure id="fig-attStructs">
-    <img src="images/fido-attestation-structures.svg"/>
+    <img src="images/fido-attestation-structures.svg"></img>
     <figcaption>[=Attestation object=] layout illustrating the included [=authenticator data=] from a {{CredentialsContainer/create()|create()}} operation (containing [=attested credential
     data=]) and the [=attestation statement=].</figcaption>
 </figure>
@@ -5061,7 +5061,7 @@ Attestations in [=assertions=] could be helpful in at least the following situat
 ### Attested Credential Data ### {#sctn-attested-credential-data}
 
 <dfn>Attested credential data</dfn> is a variable-length byte array added to the [=authenticator data=] when generating an [=attestation
-object=] for a credential. Its format is shown in <a href="#table-attestedCredentialData">Table <span class="table-ref-following"/></a>.
+object=] for a credential. Its format is shown in <a href="#table-attestedCredentialData">Table <span class="table-ref-following"></span></a>.
 
 <figure id="table-attestedCredentialData" class="table">
     <table class="complex data longlastcol" dfn-for="authData/attestedCredentialData">