whatwg / html

Closes #5417. Previously many of these were marked up as element-attr,
but without a for="", which is invalid according to the Bikeshed
linking contract. dir="" was especially messed up, with its *values*
marked up as element-attr, but the attribute itself not marked up at
all.

This uses for="global" for any-namespace elements and for="html-global"
for HTML elements.

This includes some other related fixes such as:

* Unifying the inconsistent definition location for these attributes.
  Sometimes they would be defined in their section headers; sometimes
  separately. Now they are all defined separately.

* Marking up some of the related IDL attributes.

* Delegating definitions of xml:space, xml:lang, and the style IDL
  attribute to other specifications, instead of re-defining them in
  HTML.

Part of #3957. See also discussion in
w3c/page-visibility#39.

Note that we're already running visibility change steps before firing pageshow,
so after this change we have up-to-date visibility when either pagehide or
pageshow is fired.

This change adds an additional anchor to the dfn/heading for the
Email state of the input element.

Otherwise, without this change, we have broken links at any sites which
are were linking to the old "e-mail-state-(type=email)" anchor — that
is, with "e-mail" rather than "email". (That changed when we globally
replaced "e-mail" with "email" throughout the source.)

See also: w3c/webappsec-permissions-policy#402 and w3c/payment-request#928.

Tests: web-platform-tests/wpt#25558.

This change sets dfn type attributes on a large number of dfn and other
elements throughout the spec — generated using a specialized definitions
parser for the HTML spec built to improve on the existing scraping done
in Shepherd.

This particular patch doesn’t set all the potential dfn types that could
be set; instead it only sets those that were easiest to determine (those
where the data-x attribute and dfn start tag occur on the same line).

The setting of dfn type attributes and “for” attributes is based on the
corresponding WebIDL defined in the spec.

Note that this change also switches the spec to using the Bikeshed short
syntax for the attribute names; specifically:

* rather than using data-dfn-type=element, etc., attribute names, it
  uses attributes literally named "element", etc.

* rather than the attribute name data-dfn-for it uses an attribute
  literally named "for"

* replaces all data-export="" and data-noexport="" attributes with
  value-less attributes literally named "export" and "noexport"

Additionally, the change drops "export" from any dfn that has a dfn type
attribute, and switches data-dfn-type="dfn" disambiguators to "export"
instead. It also cleans up some of the markup in the dependencies
section, which shouldn't be parsed anyway.

The CSS spec[1] has been updated to use 'auto' as the initial value for
quotes, as resolved in [2]. The 'auto' behavior is what the HTML spec
has been trying to express. Instead, let the HTML elements have the
initial value for the quotes property and let CSS specify what 'auto'
means.

[1] https://drafts.csswg.org/css-content/#quotes-property
[2] w3c/csswg-drafts#4074

Closes #3636.

This commit modifies the way we handle redirects with COOP. Instead of always
comparing a response to the current Document, we will compare it to the
previous redirect when enforcing COOP.

See camillelamy/explainers#12 for context.

Tests: web-platform-tests/wpt#24915.

Tests: web-platform-tests/wpt#25463.

Fixes #5893.

And drop ASCII-compatible in the process as it is confusing with the continued existence of ISO-2022-JP.

Fixes #5895.

Tests: web-platform-tests/wpt#25033.

Fixes #5552.

This change updates the normative document-conformance requirements for
the "autocomplete" attribute to allow documents to have an "input"
element such as the following:

<input name="u" type="email" autocomplete="username">

That is, this change allows an "input" element whose type is "email" to
have an "autocomplete" attribute whose value is "username".

Otherwise, without this change, the spec does not allow the "username"
value for the "autocomplete" when the input type is "email".

This change also takes what had been called the "E-mail" control group,
and renames it to the "Username" control group.

Fixes #5873. See also validator/validator#983.

This change globally replaces the word “e-mail” (with hyphen) throughout
the spec with the word “email” (without hyphen). That matches WHATWG
style as documented in https://whatwg.org/style-guide#dictionary

Mainly more HTTPS, but also to account for the agreement with the W3C.

The former W3C fork changed the rel-alternate ID, and now links to there redirect to the HTML Standard and end up leading nowhere.

See protocol-registries/link-relations#22.

Chromium 86 and Firefox 82 set the request "destination" to "image".

The clause "if any of the following are true" does not indicate the
intended sequence by which the subsequent conditions must be evaluated.
Conforming implementations are therefore free to perform the checks in
any order. However, the sequence is observable by web content because
both the Content-Security Policy (CSP) check and the Cross-Origin
Embedder Policy (COEP) check may trigger reporting events.

The current implementation status is as follows (neither Safari nor
Firefox implement COEP reporting at this time):

- Chrome 86:   CSP, then COEP, then X-Frame-Options
- Firefox 80:  CSP, then X-Frame-Options
- Safari 13.1: CSP, then X-Frame-Options

Standardize the sequence according to the state of the implementations.

Fixes #5847, by consolidating the explicit replacementEnabled with the
previously-implicit "reload-triggered navigation" and "entry update"
booleans. They are now unified into a "history handling" parameter,
which is explicitly passed in as needed, and makes it clear what the
four possible history handling behaviors are.

whatwg/wattsi#86 makes it unnecessary to use
data-x="" for <code> elements that are children of <pre> elements.

See https://github.com/WICG/origin-isolation.

* Rename "blocked-url" to "blockedURL"; fixes #5818.
* Add "disposition" and "destination"; closes #5391.

This change normalizes the markup for spec citations to consistently
omit quotation marks.

There are 500+ instances of spec citations in the source, more than 90%
which of which use markup in the form `<ref spec=CSSOMVIEW>`. But there
are about 48 instances that were added to the spec instead in the form
`<ref spec="CSP">`, with quotation marks around this spec abbreviation.

This change drops the quotation marks from those 48 instances.

Closes #1230.

Closes #5796. This also makes <meta http-equiv="refresh">'s discussion
of "seconds elapsed since document's has completed loaded" more
rigorous, by explicitly saving the timestamp in a new field.

Additionally, this fixes what is either a spec bug or a serious
ambiguity. Previously, <iframe> and friends, when loading the initial
about:blank, would fire two load events: one from explicit prose doing
so in their sections, and one implicitly because one always gets fired
when you set the "completely loaded" flag.

It's possible that the spec meant to distinguish "mark the document as
completely loaded" from the initial about:blank's "the document is
completely loaded immediately", and have only the former trigger the
reaction-at-a-distance that fired load events. In that case this change
is an editorial clarification only, albeit quite a nice one as by
moving the load firing into the initial about:blank creation, we
deduplicate spec prose from the iframe/frame, embed, and object
sections.

This introduces explicit optional parameters for the navigation
algorithm, exceptionsEnabled and replacementEnabled. It then takes care
to thread these through to all call sites explicitly; replacementEnabled
in particular is consulted all over the place. Previously, these were
passed and consulted in an ad-hoc manner, often involving deeply-nested
calls talking about "the value that the navigation algorithm was
originally invoked with".

Along the way, this cleans up several calling algorithms, including
Location-object navigate, Location-object setter navigate, and frame and
iframe processing. They are now generally more explicit, and the
frame/iframe element processing contains less duplicated spec text.

This sets the stage for making other currently-implicit inputs to the
navigation algorithm into explicit, but optional, parameters. For
example, navigation type ("form-submission" or "other"),
"reload-triggered navigation", and "entry update". That will be done in
future commits.

Closes #5757.