diff --git a/source b/source index ac6d182ec48..ccd83ced985 100644 --- a/source +++ b/source @@ -3151,6 +3151,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
ProcessingInstruction
interfaceShadowRoot
interfaceText
interfaceRange
interfaceinnerHTML
outerHTML
XML serialization
The following features are defined in Selection API: SELECTION
@@ -56017,7 +56019,7 @@ interface HTMLLegendElement : HTMLElement { owner of "e" would be the outer form "a".This happens as follows: First, the "e" node gets associated with "c" in the HTML
- parser. Then, the innerHTML
algorithm moves the nodes
+ parser. Then, the innerHTML
algorithm moves the nodes
from the temporary document to the "b" element. At this point, the nodes see their ancestor chain
change, and thus all the "magic" associations done by the parser are reset to normal ancestor
associations.
When inserted using the document.write()
method, script
elements usually
execute (typically blocking further script execution or HTML parsing). When inserted using the
- innerHTML
and outerHTML
- attributes, they do not execute at all.
innerHTML
and outerHTML
attributes, they do not execute at all.
The defer
attribute may be specified even if the async
attribute is specified, to cause legacy web browsers that
@@ -62749,7 +62751,18 @@ o............A....e
following steps given result:
Mark as ready el given result.
Queue an element task on the networking task source + given el to perform the following steps:
+ +Mark as ready el given result.
Queueing a task here means that, even if the inline module script has + no dependencies or synchronously results in a parse error, we won't proceed to + execute the script element synchronously.
+noscript
element.outerHTML
attribute of the
+ outerHTML
attribute of the
noscript
element to the value of s. (This, as a side-effect, causes
- the noscript
element to be removed from the document.)
- DOMPARSINGnoscript
element to be removed from the document.)
@@ -64103,8 +64115,7 @@ callback BlobCallback = undefined (Blob? blob);
When its canvas context mode is placeholder, a canvas
element has no
rendering context. It serves as a placeholder for an OffscreenCanvas
object, and
- the content of the canvas
element is updated by calling the commit()
method of the OffscreenCanvas
+ the content of the canvas
element is updated by the OffscreenCanvas
object's rendering context.
When a canvas
element represents embedded content, it provides a
@@ -64398,13 +64409,13 @@ callback BlobCallback = undefined (Blob? blob);
canvas.transferControlToOffscreen()
Returns a newly created OffscreenCanvas
object that uses the canvas
- element as a placeholder. Once the canvas
element has become a placeholder for an
- OffscreenCanvas
object, its natural size can no longer be changed, and it cannot
- have a rendering context. The content of the placeholder canvas is updated by calling the commit()
method of the OffscreenCanvas
- object's rendering context.
-
Returns a newly created OffscreenCanvas
object that uses the
+ canvas
element as a placeholder. Once the canvas
element has become a
+ placeholder for an OffscreenCanvas
object, its natural size can no longer be
+ changed, and it cannot have a rendering context. The content of the placeholder canvas is
+ updated on the OffscreenCanvas
's relevant agent's event loop's update the rendering
+ steps.
canvas
element, which is
typically in the DOM, whose embedded content is provided by the OffscreenCanvas
object. The bitmap of the OffscreenCanvas
object is pushed to the placeholder canvas
element by calling the
- commit()
method of the
- OffscreenCanvas
object's rendering context. All rendering context types that can be
- created by an OffscreenCanvas
object must implement a commit()
method. The exact behavior of the commit method
- (e.g. whether it copies or transfers bitmaps) may vary, as defined by the rendering contexts'
- respective specifications. Only the 2D context
- for offscreen canvases is defined in this specification.
+ data-x="offscreencanvas-placeholder">placeholder canvas
element as part of
+ the OffscreenCanvas
's relevant agent's event loop's update the rendering
+ steps.
offscreenCanvas = new OffscreenCanvas(width,
@@ -70690,9 +70697,9 @@ interface OffscreenCanvas : EventTarget {
If an OffscreenCanvas
object whose dimensions were changed has
a placeholder canvas
element, then
the placeholder canvas
element's
- natural size will only be updated via the commit()
method of the OffscreenCanvas
- object's rendering context.
+ natural size will only be updated during the
+ OffscreenCanvas
's relevant agent's event loop's update the rendering steps.
promise = offscreenCanvas.convertToBlob([options])
@@ -70828,7 +70835,6 @@ interface OffscreenCanvas : EventTarget {
[Exposed=(Window,Worker)]
interface OffscreenCanvasRenderingContext2D {
- undefined commit();
readonly attribute OffscreenCanvas canvas;
};
@@ -70858,9 +70864,6 @@ interface OffscreenCanvasRenderingContext2D {
features;
its canvas
attribute refers to an
OffscreenCanvas
object rather than a canvas
element;
- it has a commit()
method for pushing the
- rendered image to the context's OffscreenCanvas
object's placeholder canvas
element.
An OffscreenCanvasRenderingContext2D
object has a OffscreenCanvasRenderingContext2D {
from which the OffscreenCanvasRenderingContext2D
object was created.
- offscreenCanvasRenderingContext2D.commit()
-
- -
-
Copies the rendering context's bitmap to the
- bitmap of the placeholder canvas
- element of the associated OffscreenCanvas
object. The copy
- operation is synchronous. Calling this method is not needed for the transfer, since it happens
- automatically during the event loop execution.
-
-
offscreenCanvas = offscreenCanvasRenderingContext2D.canvas
Returns the associated OffscreenCanvas
object.
@@ -70948,43 +70941,14 @@ interface OffscreenCanvasRenderingContext2D {
Return context.
- The commit()
method, when invoked,
- must run the following steps:
-
-
- If this OffscreenCanvasRenderingContext2D
's associated
- OffscreenCanvas
object does not have a placeholder canvas
element, then
- return.
-
- Let image be a copy of this OffscreenCanvasRenderingContext2D
's
- bitmap, including the value of its origin-clean flag.
-
- -
-
Queue an element task on the DOM manipulation task source given
- the placeholder canvas
element
- to set the placeholder canvas
- element's output bitmap to be a reference to image.
-
- If image has different dimensions than the bitmap previously
- referenced as the placeholder canvas
- element's output bitmap, then this task will result in a change in
- the placeholder canvas
- element's natural size, which can affect
- document layout.
-
-
-
Implementations are encouraged to short-circuit the graphics update steps of
the window event loop for the purposes of updating the contents of a placeholder canvas
element to the
- display. This could mean, for example, that the commit()
method can copy the bitmap contents directly
- to a graphics buffer that is mapped to the physical display location of the placeholder canvas
element. This or
similar short-circuiting approaches can significantly reduce display latency, especially in cases
- where the commit()
method is invoked from a
+ where the OffscreenCanvas
is updated from a
worker event loop and the window event loop of the placeholder canvas
element is busy.
However, such shortcuts cannot have any script-observable side-effects. This means that the
@@ -112708,11 +112672,17 @@ document.body.appendChild(frame)
partial interface Element {
[CEReactions] undefined setHTMLUnsafe(HTMLString html);
DOMString getHTML(optional GetHTMLOptions options = {});
+
+ [CEReactions] attribute [LegacyNullToEmptyString] HTMLString innerHTML;
+ [CEReactions] attribute [LegacyNullToEmptyString] HTMLString outerHTML;
+ [CEReactions] undefined insertAdjacentHTML(DOMString position, HTMLString string);
};
partial interface ShadowRoot {
[CEReactions] undefined setHTMLUnsafe(HTMLString html);
DOMString getHTML(optional GetHTMLOptions options = {});
+
+ [CEReactions] attribute [LegacyNullToEmptyString] HTMLString innerHTML;
};
dictionary GetHTMLOptions {
@@ -113018,6 +112988,417 @@ enum DOMParserSupportedType {
+ The innerHTML
property
+
+ The innerHTML
property has a number of outstanding issues
+ in the DOM Parsing and Serialization issue
+ tracker, documenting various problems with its specification.
+
+
+ element.innerHTML
+ -
+
Returns a fragment of HTML or XML that represents the element's contents.
+
+ In the case of an XML document, throws a "InvalidStateError
"
+ DOMException
if the element cannot be serialized to XML.
+
+ element.innerHTML = value
+ -
+
Replaces the contents of the element with nodes parsed from the given string.
+
+ In the case of an XML document, throws a "SyntaxError
"
+ DOMException
if the given string is not well-formed.
+
+
+ shadowRoot.innerHTML
+ -
+
Returns a fragment of HTML that represents the shadow roots's contents.
+
+
+ shadowRoot.innerHTML = value
+ -
+
Replaces the contents of the shadow root with nodes parsed from the given string.
+
+
+
+ These properties' setters perform no sanitization to remove
+ potentially-dangerous elements and attributes like script
or event handler
+ content attributes.
+
+
+
+ The fragment serializing algorithm steps, given an Element
or
+ DocumentFragment
node and a boolean require well-formed,
+ are:
+
+
+ Let context document be node's node document.
+
+ If context document is an HTML document,
+ return the result of HTML fragment serialization algorithm with node,
+ false, and « ».
+
+ Return the XML serialization of node
+ given require well-formed.
+
+
+ The fragment parsing algorithm steps, given an Element
or
+ DocumentFragment
context and a string markup, are:
+
+
+ Let algorithm be the HTML fragment parsing algorithm.
+
+ If context's node document is an XML document, then set algorithm to the XML fragment parsing
+ algorithm.
+
+ Let new children be the result of invoking algorithm given
+ markup, with context set to
+ context.
+
+ Let fragment be a new DocumentFragment
whose node
+ document is context's node document.
+
+ -
+
Append each Node
in new
+ children to fragment (in tree order).
+
+ This ensures the node document for the new nodes is correct.
+
+
+ Return fragment.
+
+
+ Element
's innerHTML
getter steps are to return the result of
+ running fragment serializing algorithm steps with this and true.
+
+ ShadowRoot
's innerHTML
getter steps are to return the result of
+ running fragment serializing algorithm steps with this and true.
+
+ Element
's innerHTML
setter steps
+ are:
+
+
+ Let context be this.
+
+ Let fragment be the result of invoking the fragment parsing algorithm
+ steps with context and the given value.
+
+ -
+
If context is a template
element, then set context to
+ the template
element's template contents (a
+ DocumentFragment
).
+
+ Setting innerHTML
on a
+ template
element will replace all the nodes in its template contents
+ rather than its children.
+
+
+ Replace all with fragment
+ within context.
+
+
+ ShadowRoot
's innerHTML
setter
+ steps are:
+
+
+ Let context be this's host.
+
+ Let fragment be the result of invoking the fragment parsing algorithm
+ steps with context and the given value.
+
+ Replace all with fragment
+ within this.
+
+
+
+
+ The outerHTML
property
+
+ The outerHTML
property has a number of outstanding issues
+ in the DOM Parsing and Serialization issue
+ tracker, documenting various problems with its specification.
+
+
+ element.outerHTML
+ -
+
Returns a fragment of HTML or XML that represents the element and its contents.
+
+ In the case of an XML document, throws a "InvalidStateError
"
+ DOMException
if the element cannot be serialized to XML.
+
+
+ element.outerHTML = value
+ -
+
Replaces the element with nodes parsed from the given string.
+
+ In the case of an XML document, throws a "SyntaxError
"
+ DOMException
if the given string is not well-formed.
+
+ Throws a "NoModificationAllowedError
" DOMException
if
+ the parent of the element is a Document
.
+
+
+
+ This property's setter performs no sanitization to remove potentially-dangerous
+ elements and attributes like script
or event handler content
+ attributes.
+
+
+
+ Element
's outerHTML
getter steps are:
+
+
+ Let element be a fictional node whose only child is this.
+ Return the result of running fragment serializing algorithm steps with
+ element and true.
+
+
+ Element
's outerHTML
setter steps
+ are:
+
+
+ Let parent be this's parent.
+
+ If parent is null, return. There would be no way to obtain a
+ reference to the nodes created even if the remaining steps were run.
+
+ If parent is a Document
, throw a
+ "NoModificationAllowedError
" DOMException
.
+
+ If parent is a DocumentFragment
, set parent to the
+ result of creating an element given this's
+ node document, body
, and the HTML namespace.
+
+ Let fragment be the result of invoking the fragment parsing algorithm
+ steps given parent and the given value.
+
+ Replace this with
+ fragment within this's parent.
+
+
+
+
+ The insertAdjacentHTML()
method
+
+ The insertAdjacentHTML()
+ method has a number of outstanding issues in the DOM Parsing and Serialization issue tracker, documenting various problems
+ with its specification.
+
+
+ element.insertAdjacentHTML(position, string)
+ -
+
Parses string as HTML or XML and inserts the resulting nodes into the tree in
+ the position given by the position argument, as follows:
+
+
+ - "
beforebegin
"
+ - Before the element itself (i.e., after element's previous sibling)
+
+ - "
afterbegin
"
+ - Just inside the element, before its first child.
+
+ - "
beforeend
"
+ - Just inside the element, after its last child.
+
+ - "
afterend
"
+ - After the element itself (i.e., before element's next sibling)
+
+
+ Throws a "SyntaxError
" DOMException
if the arguments
+ have invalid values (e.g., in the case of an XML document,
+ if the given string is not well-formed).
+
+ Throws a "NoModificationAllowedError
" DOMException
+ if the given position isn't possible (e.g. inserting elements after the root element of a
+ Document
).
+
+
+
+ This method performs no sanitization to remove potentially-dangerous elements
+ and attributes like script
or event handler content attributes.
+
+
+
+ Element
's insertAdjacentHTML(position,
+ string)
method steps are:
+
+
+ Let context be null.
+
+ Use the first matching item from this list:
+
+ - If position is an ASCII case-insensitive match for the string "
beforebegin
"
+ - If position is an ASCII case-insensitive match for the string "
afterend
"
+ -
+
+ Set context to this's parent.
+
+ If context is null or a Document
, throw a
+ "NoModificationAllowedError
" DOMException
.
+
+
+
+ - If position is an ASCII case-insensitive match for the string "
afterbegin
"
+ - If position is an ASCII case-insensitive match for the string "
beforeend
"
+ - Set context to this.
+
+ - Otherwise
+ Throw a "SyntaxError
" DOMException
.
+
+
+
+ -
+
If context is not an Element
or all of the following are true:
+
+
+ context's node document is an HTML document;
+ context's local name is
+ "html
"; and
+ context's namespace is the
+ HTML namespace,
+
+
+ set context to the result of creating an
+ element given this's node document, body
, and
+ the HTML namespace.
+
+
+ -
+
Let fragment be the result of invoking the fragment parsing algorithm
+ steps with context and string.
+
+
+ - Use the first matching item from this list:
+
+ - If position is an ASCII case-insensitive match for the string "
beforebegin
"
+ -
+
Insert fragment into
+ this's parent before this.
+
+
+ - If position is an ASCII case-insensitive match for the string "
afterend
"
+ -
+
Insert fragment into
+ this before its first child.
+
+
+ - If position is an ASCII case-insensitive match for the string "
afterbegin
"
+ -
+
Append fragment to
+ this.
+
+
+ - If position is an ASCII case-insensitive match for the string "
beforeend
"
+ -
+
Insert fragment into
+ this's parent before this's
+ next sibling.
+
+
+
+
+
+ As with other direct Node
-manipulation APIs (and unlike innerHTML
), insertAdjacentHTML()
does not include any special
+ handling for template
elements. In most cases you will want to use templateEl.content.insertAdjacentHTML()
instead of directly
+ manipulating the child nodes of a template
element.
+
+
+
+ The createContextualFragment()
+ method
+
+ The createContextualFragment()
method has a number
+ of outstanding issues in the DOM Parsing and Serialization issue tracker, documenting various problems
+ with its specification.
+
+
+ docFragment = range.createContextualFragment(string)
+ -
+
Returns a DocumentFragment
created from the markup string string using
+ range's start node as the context in
+ which fragment is parsed.
+
+
+
+ This method performs no sanitization to remove potentially-dangerous elements
+ and attributes like script
or event handler content attributes.
+
+ partial interface Range {
+ [CEReactions, NewObject] DocumentFragment
createContextualFragment(HTMLString string);
+};
+
+
+
+ Range
's createContextualFragment(string)
+ method steps are:
+
+
+ Let node be this's start
+ node.
+
+ Let element be null.
+
+ If node implements Element
, set element
+ to node.
+
+ Otherwise, if node implements Text
or
+ Comment
, set element to node's parent
+ element.
+
+ -
+
If element is null or all of the following are true:
+
+
+ element's node document is an HTML document;
+
+ element's local name is
+ "html
"; and
+
+ element's namespace is the
+ HTML namespace,
+
+
+ then set element to the result of creating an
+ element given this's node document, body
, and the
+ HTML namespace.
+
+
+ Let fragment node be the result of invoking the fragment parsing
+ algorithm steps with element and string.
+
+ -
+
For each script of fragment node's
+ script
element descendants:
+
+
+ Set script's already started to false.
+
+ Set script's parser document to null.
+
+
+
+ Return fragment node.
+
+
+
+
Timers
The setTimeout()
and This can enable cross-site scripting attacks. An example of this would be a page that lets the
user enter some font family names that are then inserted into a CSS style
block via
- the DOM and which then uses the innerHTML
IDL attribute to get
+ the DOM and which then uses the innerHTML
IDL attribute to get
the HTML serialization of that style
element: if the user enters
"</style><script>attack</script>
" as a font family name, innerHTML
will return markup that, if parsed in a different context,
+ data-x="dom-element-innerHTML">innerHTML
will return markup that, if parsed in a different context,
would contain a script
node, even though no script
node existed in the
original DOM.
@@ -142054,7 +142435,7 @@ INSERT INTERFACES HERE
Fired at nodes when they stop being focused
- cancel
+ cancel
Event
CloseWatcher
, dialog
elements, input
elements
Fired at CloseWatcher
objects or dialog
elements when they receive a close request, or at input
elements in the File state when the user does not change their selection
@@ -142072,7 +142453,7 @@ INSERT INTERFACES HERE
Normally a mouse event; also synthetically fired at an element before its activation behavior is run, when an element is activated from a non-pointer input device (e.g. a keyboard)
- close
+ close
Event
CloseWatcher
, dialog
elements, MessagePort
Fired at CloseWatcher
objects or dialog
elements when they are closed via a close request or via web developer code, or at MessagePort
objects when disentangled