diff --git a/source b/source index ac6d182ec48..ccd83ced985 100644 --- a/source +++ b/source @@ -3151,6 +3151,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • ProcessingInstruction interface
  • ShadowRoot interface
  • Text interface
    • +
  • Range interface
  • node document concept
  • document type concept
    • @@ -3193,8 +3194,9 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute shadow-including inclusive descendant, and shadow-including inclusive ancestor concepts
  • The first child, - next sibling, and - previous sibling concepts
    • + next sibling, + previous sibling, and + parent concepts
  • The parent element concept
  • The document element concept
  • The in a document tree, in a document (legacy), and connected concepts
    • @@ -3273,6 +3275,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • The term supported tokens
  • The concept of a DOM range, and the terms + start node, start, end, and boundary point as applied to ranges.
    • @@ -3369,8 +3372,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute DOMPARSING

    The following features are defined in Selection API: SELECTION

    @@ -56017,7 +56019,7 @@ interface HTMLLegendElement : HTMLElement { owner of "e" would be the outer form "a".

    This happens as follows: First, the "e" node gets associated with "c" in the HTML - parser. Then, the innerHTML algorithm moves the nodes + parser. Then, the innerHTML algorithm moves the nodes from the temporary document to the "b" element. At this point, the nodes see their ancestor chain change, and thus all the "magic" associations done by the parser are reset to normal ancestor associations.

    @@ -61955,8 +61957,8 @@ interface HTMLScriptElement : HTMLElement {

    When inserted using the document.write() method, script elements usually execute (typically blocking further script execution or HTML parsing). When inserted using the - innerHTML and outerHTML - attributes, they do not execute at all.

    + innerHTML and outerHTML attributes, they do not execute at all.

    The defer attribute may be specified even if the async attribute is specified, to cause legacy web browsers that @@ -62749,7 +62751,18 @@ o............A....e following steps given result:

      -

    1. Mark as ready el given result.

      2. +
    2. +

      Queue an element task on the networking task source + given el to perform the following steps:

      + +
        +

      1. Mark as ready el given result.

        2. +
      + +

      Queueing a task here means that, even if the inline module script has + no dependencies or synchronously results in a parse error, we won't proceed to + execute the script element synchronously.

      +
    @@ -63362,10 +63375,9 @@ not-slash = %x0000-002E / %x0030-10FFFF
  • Let s be the child text content of the noscript element.
    • -
  • Set the outerHTML attribute of the +
  • Set the outerHTML attribute of the noscript element to the value of s. (This, as a side-effect, causes - the noscript element to be removed from the document.) - DOMPARSING
    • + the noscript element to be removed from the document.) @@ -64103,8 +64115,7 @@ callback BlobCallback = undefined (Blob? blob);

    When its canvas context mode is placeholder, a canvas element has no rendering context. It serves as a placeholder for an OffscreenCanvas object, and - the content of the canvas element is updated by calling the commit() method of the OffscreenCanvas + the content of the canvas element is updated by the OffscreenCanvas object's rendering context.

    When a canvas element represents embedded content, it provides a @@ -64398,13 +64409,13 @@ callback BlobCallback = undefined (Blob? blob);

    canvas.transferControlToOffscreen()
    -

    Returns a newly created OffscreenCanvas object that uses the canvas - element as a placeholder. Once the canvas element has become a placeholder for an - OffscreenCanvas object, its natural size can no longer be changed, and it cannot - have a rendering context. The content of the placeholder canvas is updated by calling the commit() method of the OffscreenCanvas - object's rendering context. -

    +

    Returns a newly created OffscreenCanvas object that uses the + canvas element as a placeholder. Once the canvas element has become a + placeholder for an OffscreenCanvas object, its natural size can no longer be + changed, and it cannot have a rendering context. The content of the placeholder canvas is + updated on the OffscreenCanvas's relevant agent's event loop's update the rendering + steps.

    @@ -70392,14 +70403,10 @@ interface OffscreenCanvas : EventTarget { data-x="offscreencanvas-placeholder">placeholder canvas element, which is typically in the DOM, whose embedded content is provided by the OffscreenCanvas object. The bitmap of the OffscreenCanvas object is pushed to the placeholder canvas element by calling the - commit() method of the - OffscreenCanvas object's rendering context. All rendering context types that can be - created by an OffscreenCanvas object must implement a commit() method. The exact behavior of the commit method - (e.g. whether it copies or transfers bitmaps) may vary, as defined by the rendering contexts' - respective specifications. Only the 2D context - for offscreen canvases is defined in this specification.

    + data-x="offscreencanvas-placeholder">placeholder canvas element as part of + the OffscreenCanvas's relevant agent's event loop's update the rendering + steps.

    offscreenCanvas = new OffscreenCanvas(width, @@ -70690,9 +70697,9 @@ interface OffscreenCanvas : EventTarget {

    If an OffscreenCanvas object whose dimensions were changed has a placeholder canvas element, then the placeholder canvas element's - natural size will only be updated via the commit() method of the OffscreenCanvas - object's rendering context.

    + natural size will only be updated during the + OffscreenCanvas's relevant agent's event loop's update the rendering steps.

    promise = offscreenCanvas.convertToBlob([options])
    @@ -70828,7 +70835,6 @@ interface OffscreenCanvas : EventTarget { 
    [Exposed=(Window,Worker)]
 interface OffscreenCanvasRenderingContext2D {
-  undefined commit();
   readonly attribute OffscreenCanvas canvas;
 };
 
@@ -70858,9 +70864,6 @@ interface OffscreenCanvasRenderingContext2D {
    features;
    
    
  • its canvas attribute refers to an
    OffscreenCanvas object rather than a canvas element;
    • 
-   
  • it has a commit() method for pushing the
-   rendered image to the context's OffscreenCanvas object's placeholder canvas element.
    • 
   
 
   
    An OffscreenCanvasRenderingContext2D object has a OffscreenCanvasRenderingContext2D {
   from which the OffscreenCanvasRenderingContext2D object was created.
 
   
    
-   
    offscreenCanvasRenderingContext2D.commit()
    
-
-   
    
-    
    Copies the rendering context's bitmap to the
-    bitmap of the placeholder canvas
-    element of the associated OffscreenCanvas object. The copy
-    operation is synchronous. Calling this method is not needed for the transfer, since it happens
-    automatically during the event loop execution.
    
-   
    
-
    
    offscreenCanvas = offscreenCanvasRenderingContext2D.canvas
    
 
    
    Returns the associated OffscreenCanvas object.
    
@@ -70948,43 +70941,14 @@ interface OffscreenCanvasRenderingContext2D {
    
  • Return context.
    • 
   
 
-  
    The commit() method, when invoked,
-  must run the following steps:
    
-
-  
      
-    
    1. If this OffscreenCanvasRenderingContext2D's associated
-    OffscreenCanvas object does not have a placeholder canvas element, then
-    return.
      2. 
-
-    
    2. Let image be a copy of this OffscreenCanvasRenderingContext2D's
-    bitmap, including the value of its origin-clean flag.
      3. 
-
-    
    3. 
-     
      Queue an element task on the DOM manipulation task source given
-     the placeholder canvas element
-     to set the placeholder canvas
-     element's output bitmap to be a reference to image.
      
-
-     
      If image has different dimensions than the bitmap previously
-     referenced as the placeholder canvas
-     element's output bitmap, then this task will result in a change in
-     the placeholder canvas
-     element's natural size, which can affect
-     document layout.
      
-    
      4. 
-  
    
-
   
    Implementations are encouraged to short-circuit the graphics update steps of
   the window event loop for the purposes of updating the contents of a placeholder canvas element to the
-  display. This could mean, for example, that the commit() method can copy the bitmap contents directly
-  to a graphics buffer that is mapped to the physical display location of the placeholder canvas element. This or
   similar short-circuiting approaches can significantly reduce display latency, especially in cases
-  where the commit() method is invoked from a
+  where the OffscreenCanvas is updated from a
   worker event loop and the window event loop of the placeholder canvas element is busy.
   However, such shortcuts cannot have any script-observable side-effects. This means that the
@@ -112708,11 +112672,17 @@ document.body.appendChild(frame)
    partial interface Element {
   [CEReactions] undefined setHTMLUnsafe(HTMLString html);
   DOMString getHTML(optional GetHTMLOptions options = {});
+
+  [CEReactions] attribute [LegacyNullToEmptyString] HTMLString innerHTML;
+  [CEReactions] attribute [LegacyNullToEmptyString] HTMLString outerHTML;
+  [CEReactions] undefined insertAdjacentHTML(DOMString position, HTMLString string);
 };
 
 partial interface ShadowRoot {
   [CEReactions] undefined setHTMLUnsafe(HTMLString html);
   DOMString getHTML(optional GetHTMLOptions options = {});
+
+  [CEReactions] attribute [LegacyNullToEmptyString] HTMLString innerHTML;
 };
 
 dictionary GetHTMLOptions {
@@ -113018,6 +112988,417 @@ enum DOMParserSupportedType {
 
   
 
+  
    The innerHTML property
    
+
+  
    The innerHTML property has a number of outstanding issues
+  in the DOM Parsing and Serialization issue
+  tracker, documenting various problems with its specification.
    
+
+  
    
+   
    element.innerHTML
    
+   
    
+    
    Returns a fragment of HTML or XML that represents the element's contents.
    
+
+    
    In the case of an XML document, throws a "InvalidStateError"
+    DOMException if the element cannot be serialized to XML.
    
+   
    
+   
    element.innerHTML = value
    
+   
    
+    
    Replaces the contents of the element with nodes parsed from the given string.
    
+
+    
    In the case of an XML document, throws a "SyntaxError"
+    DOMException if the given string is not well-formed.
    
+   
    
+
+   
    shadowRoot.innerHTML
    
+   
    
+    
    Returns a fragment of HTML that represents the shadow roots's contents.
    
+   
    
+
+   
    shadowRoot.innerHTML = value
    
+   
    
+    
    Replaces the contents of the shadow root with nodes parsed from the given string.
    
+   
    
+  
    
+
+  
    These properties' setters perform no sanitization to remove
+  potentially-dangerous elements and attributes like script or event handler
+  content attributes.
    
+
+  
    
+
+  
    The fragment serializing algorithm steps, given an Element or
+  DocumentFragment node and a boolean require well-formed,
+  are:
    
+
+  
      
+    
    1. Let context document be node's node document.
      2. 
+
+    
    2. If context document is an HTML document,
+    return the result of HTML fragment serialization algorithm with node,
+    false, and « ».
      3. 
+
+    
    3. Return the XML serialization of node
+    given require well-formed.
      4. 
+  
    
+
+  
    The fragment parsing algorithm steps, given an Element or
+  DocumentFragment context and a string markup, are:
    
+
+  
      
+    
    1. Let algorithm be the HTML fragment parsing algorithm.
      2. 
+
+    
    2. If context's node document is an XML document, then set algorithm to the XML fragment parsing
+    algorithm.
      3. 
+
+    
    3. Let new children be the result of invoking algorithm given
+    markup, with context set to
+    context.
      4. 
+
+    
    4. Let fragment be a new DocumentFragment whose node
+    document is context's node document.
      5. 
+
+    
    5. 
+     
      Append each Node in new
+     children to fragment (in tree order).
      
+
+     
      This ensures the node document for the new nodes is correct.
      
+    
      6. 
+
+    
    6. Return fragment.
      7. 
+  
    
+
+  
    Element's innerHTML getter steps are to return the result of
+  running fragment serializing algorithm steps with this and true.
    
+
+  
    ShadowRoot's innerHTML getter steps are to return the result of
+  running fragment serializing algorithm steps with this and true.
    
+
+  
    Element's innerHTML setter steps
+  are:
    
+
+  
      
+    
    1. Let context be this.
      2. 
+
+    
    2. Let fragment be the result of invoking the fragment parsing algorithm
+    steps with context and the given value.
      3. 
+
+    
    3. 
+     
      If context is a template element, then set context to
+     the template element's template contents (a
+     DocumentFragment).
      
+
+     
      Setting innerHTML on a
+     template element will replace all the nodes in its template contents
+     rather than its children.
      
+    
      4. 
+
+    
    4. Replace all with fragment
+    within context.
      5. 
+  
    
+
+  
    ShadowRoot's innerHTML setter
+  steps are:
    
+
+  
      
+    
    1. Let context be this's host.
      2. 
+
+    
    2. Let fragment be the result of invoking the fragment parsing algorithm
+    steps with context and the given value.
      3. 
+
+    
    3. Replace all with fragment
+    within this.
      4. 
+  
    
+
+  
    
+
+  
    The outerHTML property
    
+
+  
    The outerHTML property has a number of outstanding issues
+  in the DOM Parsing and Serialization issue
+  tracker, documenting various problems with its specification.
    
+
+  
    
+   
    element.outerHTML
    
+   
    
+    
    Returns a fragment of HTML or XML that represents the element and its contents.
    
+
+    
    In the case of an XML document, throws a "InvalidStateError"
+    DOMException if the element cannot be serialized to XML.
    
+   
    
+
+   
    element.outerHTML = value
    
+   
    
+    
    Replaces the element with nodes parsed from the given string.
    
+
+    
    In the case of an XML document, throws a "SyntaxError"
+    DOMException if the given string is not well-formed.
    
+
+    
    Throws a "NoModificationAllowedError" DOMException if
+    the parent of the element is a Document.
    
+   
    
+  
    
+
+  
    This property's setter performs no sanitization to remove potentially-dangerous
+  elements and attributes like script or event handler content
+  attributes.
    
+
+  
    
+
+  
    Element's outerHTML getter steps are:
    
+
+  
      
+   
    1. Let element be a fictional node whose only child is this.
      2. 
+   
    2. Return the result of running fragment serializing algorithm steps with
+   element and true.
+  
    
+
+  
    Element's outerHTML setter steps
+  are:
    
+
+  
      
+    
    1. Let parent be this's parent.
      2. 
+
+    
    2. If parent is null, return. There would be no way to obtain a
+    reference to the nodes created even if the remaining steps were run.
      3. 
+
+    
    3. If parent is a Document, throw a
+    "NoModificationAllowedError" DOMException.
      4. 
+
+    
    4. If parent is a DocumentFragment, set parent to the
+    result of creating an element given this's
+    node document, body, and the HTML namespace.
      5. 
+
+    
    5. Let fragment be the result of invoking the fragment parsing algorithm
+    steps given parent and the given value.
      6. 
+
+    
    6. Replace this with
+    fragment within this's parent.
      7. 
+  
    
+
+  
    
+
+  
    The insertAdjacentHTML() method
    
+
+  
    The insertAdjacentHTML()
+  method has a number of outstanding issues in the DOM Parsing and Serialization issue tracker, documenting various problems
+  with its specification.
    
+
+  
    
+   
    element.insertAdjacentHTML(position, string)
    
+   
    
+    
    Parses string as HTML or XML and inserts the resulting nodes into the tree in
+    the position given by the position argument, as follows:
    
+
+    
    
+     
    "beforebegin"
    
+     
    Before the element itself (i.e., after element's previous sibling)
    
+
+     
    "afterbegin"
    
+     
    Just inside the element, before its first child.
    
+
+     
    "beforeend"
    
+     
    Just inside the element, after its last child.
    
+
+     
    "afterend"
    
+     
    After the element itself (i.e., before element's next sibling)
    
+    
    
+
+    
    Throws a "SyntaxError" DOMException if the arguments
+    have invalid values (e.g., in the case of an XML document,
+    if the given string is not well-formed).
    
+
+    
    Throws a "NoModificationAllowedError" DOMException
+    if the given position isn't possible (e.g. inserting elements after the root element of a
+    Document).
    
+   
    
+  
    
+
+  
    This method performs no sanitization to remove potentially-dangerous elements
+  and attributes like script or event handler content attributes.
    
+
+  
    
+
+  
    Element's insertAdjacentHTML(position,
+  string) method steps are:
    
+
+  
      
+   
    1. Let context be null.
      2. 
+
+   
    2. Use the first matching item from this list:
      
+    
      
+     
      If position is an ASCII case-insensitive match for the string "beforebegin"
      
+     
      If position is an ASCII case-insensitive match for the string "afterend"
      
+     
      
+      
        
+       
      1. Set context to this's parent.
        2. 
+
+       
      2. If context is null or a Document, throw a
+       "NoModificationAllowedError" DOMException.
        3. 
+      
      
+     
      
+
+     
      If position is an ASCII case-insensitive match for the string "afterbegin"
      
+     
      If position is an ASCII case-insensitive match for the string "beforeend"
      
+     
      Set context to this.
      
+
+     
      Otherwise
      
+     
      Throw a "SyntaxError" DOMException.
      
+    
      
+   
      3. 
+
+   
    3. 
+    
      If context is not an Element or all of the following are true:
      
+
+    
        
+     
      • context's node document is an HTML document;
        • 
+     
      • context's local name is
+     "html"; and
        • 
+     
      • context's namespace is the
+     HTML namespace,
        • 
+    
      
+
+    
      set context to the result of creating an
+    element given this's node document, body, and
+    the HTML namespace.
      
+   
      4. 
+
+   
    4. 
+    
      Let fragment be the result of invoking the fragment parsing algorithm
+    steps with context and string.
      
+   
      5. 
+
+   
    5. Use the first matching item from this list:
+    
      
+     
      If position is an ASCII case-insensitive match for the string "beforebegin"
      
+     
      
+      
      Insert fragment into
+      this's parent before this.
      
+     
      
+
+     
      If position is an ASCII case-insensitive match for the string "afterend"
      
+     
      
+      
      Insert fragment into
+      this before its first child.
      
+     
      
+
+     
      If position is an ASCII case-insensitive match for the string "afterbegin"
      
+     
      
+      
      Append fragment to
+      this.
      
+     
      
+
+     
      If position is an ASCII case-insensitive match for the string "beforeend"
      
+     
      
+      
      Insert fragment into
+      this's parent before this's
+      next sibling.
      
+     
      
+    
      
+   
      6. 
+  
    
+
+  
    As with other direct Node-manipulation APIs (and unlike innerHTML), insertAdjacentHTML() does not include any special
+  handling for template elements. In most cases you will want to use templateEl.content.insertAdjacentHTML() instead of directly
+  manipulating the child nodes of a template element.
    
+
+  
    
+
+  
    The createContextualFragment()
+  method
    
+
+  
    The createContextualFragment() method has a number
+  of outstanding issues in the DOM Parsing and Serialization issue tracker, documenting various problems
+  with its specification.
    
+
+  
    
+   
    docFragment = range.createContextualFragment(string)
    
+   
    
+    
    Returns a DocumentFragment created from the markup string string using
+    range's start node as the context in
+    which fragment is parsed.
    
+   
    
+  
    
+
+  
    This method performs no sanitization to remove potentially-dangerous elements
+  and attributes like script or event handler content attributes.
    
+
+  
    partial interface Range {
+  [CEReactions, NewObject] DocumentFragment createContextualFragment(HTMLString string);
+};
    
+
+  
    
+
+  
    Range's createContextualFragment(string)
+  method steps are:
    
+
+  
      
+   
    1. Let node be this's start
+   node.
      2. 
+
+   
    2. Let element be null.
      3. 
+
+   
    3. If node implements Element, set element
+   to node.
      4. 
+
+   
    4. Otherwise, if node implements Text or
+   Comment, set element to node's parent
+   element.
      5. 
+
+   
    5. 
+    
      If element is null or all of the following are true:
      
+
+    
        
+     
      • element's node document is an HTML document;
        • 
+
+     
      • element's local name is
+     "html"; and
        • 
+
+     
      • element's namespace is the
+     HTML namespace,
        • 
+    
      
+
+    
      then set element to the result of creating an
+    element given this's node document, body, and the
+    HTML namespace.
      
+   
      6. 
+
+   
    6. Let fragment node be the result of invoking the fragment parsing
+   algorithm steps with element and string.
      7. 
+
+   
    7. 
+    
      For each script of fragment node's
+    script element descendants:
      
+
+    
        
+     
      1. Set script's already started to false.
        2. 
+
+     
      2. Set script's parser document to null.
        3. 
+    
      
+   
      8. 
+
+   
    8. Return fragment node.
      9. 
+  
    
+
+  
    
+
   
    Timers
    
 
   
    The setTimeout() and This can enable cross-site scripting attacks. An example of this would be a page that lets the
    user enter some font family names that are then inserted into a CSS style block via
-   the DOM and which then uses the innerHTML IDL attribute to get
+   the DOM and which then uses the innerHTML IDL attribute to get
    the HTML serialization of that style element: if the user enters
    "</style><script>attack</script>" as a font family name, innerHTML will return markup that, if parsed in a different context,
+   data-x="dom-element-innerHTML">innerHTML will return markup that, if parsed in a different context,
    would contain a script node, even though no script node existed in the
    original DOM.
    
 
@@ -142054,7 +142435,7 @@ INSERT INTERFACES HERE
       Fired at nodes when they stop being focused
 
      
-      cancel
+      cancel
       Event
       CloseWatcher, dialog elements, input elements
       Fired at CloseWatcher objects or dialog elements when they receive a close request, or at input elements in the File state when the user does not change their selection
@@ -142072,7 +142453,7 @@ INSERT INTERFACES HERE
       Normally a mouse event; also synthetically fired at an element before its activation behavior is run, when an element is activated from a non-pointer input device (e.g. a keyboard)
 
      
-      close
+      close
       Event
       CloseWatcher, dialog elements, MessagePort
       Fired at CloseWatcher objects or dialog elements when they are closed via a close request or via web developer code, or at MessagePort objects when disentangled