whatwg / html

Closes #6703.

* "Determining the origin" was never called for javascript: URLs, so it didn't need to be passed activeDocumentNavigationOrigin.

* We were inconsistent about whether we'd thread through activeDocumentNavigationOrigin from the beginning of the navigation, or just consult browsingContext's active document's origin. Settle on the latter style, as it means we have to thread through fewer variables. There is no risk of races since only one navigation can affect a given (target) browsing context so its active document and origin will remain constant throughout.

Closes #2683.

Closes #2379.

Previously we were only using w-nohtml="", which omits the content from the singlepage and multipage editions, but fails to omit it from commit snapshots. Now, as appropriate, every for-developers-only piece of content is marked up with w-dev="", ensuring it *only* shows up in the developers edition.

Closes #6742.

Missed in #6757.

This focuses on constructs whose IDs are prefixed with "dom-".

Fixes #3773.

This matches all implementations.

As discussed in #4433, even though they are not exported, it's still reasonable to mark them up.

Add the remaining few missing from #5957.

This matches 2/3, soon to be 3/3, implementations.

Per https://tabatkins.github.io/bikeshed/#dfn-contract.

This change moves referrer policy from Document/WorkerGlobalScope into policy container. This allows us to simplify several steps (initializing for new empty documents, populating from the response headers, inheriting for local scheme documents), since they are handled centrally via the policy container mechanisms.

Companion PRs:
* whatwg/fetch#1233
* w3c/ServiceWorker#1593 (removes referrer policy from service workers as that comes for free with policy container)
* w3c/webappsec-referrer-policy#152

The change is mostly a refactoring and should have no significant behavioral changes, apart from simplifying the referrer policy inheritance mechanism. The most visible behavioral change of this is that referrer policy of a srcdoc iframe will be now copied from the parent document at creation time instead of referencing the parent document referrer policy.

* Makes the discussion of user agent interface invoke "stop document loading", not "abort a document", since the browser stop button also cancels ongoing navigations.

* Remove the "should" suggestion to fire an abort event. Closes #3525. Since this was the only case where abort was fired, this removes the event definition and event handler content attribute definition, effectively making use of the onabort="" content attribute nonconforming. (But, we keep the IDL definition in GlobalEventHandlers and the associated mapping.)

* Tweaks the active document check in "stop document loading" to be more correct.

This will discourage people from using it, helping with #1430. Closes #4229 by superseding it. Note that entry is already non-exported.

Complements #6287 and #6624. See also #6662 for further cleanup on the textarea data model.

Fixes #6647.

As of #6287 newlines are normalized when form data is serialized. This removes the (mostly redundant) normalization in constructing the entry list.

Tests: web-platform-tests/wpt#28798.

Follow-up: #6697.

Fixes #6469.

User agents normalize newlines when serializing form data to text/plain, application/x-www-form-urlencoded, and multipart/form-data. (This can be observed through FormData or the formdata event.)

This additionally changes the input passed to the application/x-www-form-urlencoded and text/plain serializers to be a
list of name-value pairs, where the values are always strings rather than potentially File objects.

Tests: web-platform-tests/wpt#26740.

Follow-up: #6624 & #6697.

Closes #6247. Helps with whatwg/url#562.

Closes #5431.

Also map <canvas width height> to aspect-ratio consistently with how the attributes are parsed and clean up some wording.

Tests: web-platform-tests/wpt#28229 & web-platform-tests/wpt#28932.

Follow-up: #6528.

Closes #4961 and closes #6527.

6efd0e6 addressed #5771 incorrectly. The current default path should not be part of the drawing state, but should be cleared when resetting the rendering context.

(Also remove some older ideas from the source.)

Closes #5618 and fixes #5771.

This is a companion to w3c/webappsec-csp#493. That PR requires calling the check for blocking workers which try to enforce sandboxing via CSP directly from HTML.

Together with a companion change to CSP (w3c/webappsec-csp#482), this enables checking policies consistently during the navigation, fixing whatwg/fetch#832 for navigation requests.

This replaces vague text about "if the prompt to unload algorithm is being run" and the like for "unload" with an explicit check of the "unload counter". The "unload counter" is a rename of the "ignore-opens-during-unload counter", which was already used for similar explicit checks in document.open().

This results in the same check being done everywhere, which appears to match at least some implementations better. Previously, for example, "traverse the history by a delta" did not check for beforeunload, only unload.