whatwg/html

This overload delegates to the window open steps, which can return null.

Fixes #4091.

Fixes w3c/css-houdini-drafts#380.

Tests: web-platform-tests/wpt@2c89bbe#diff-b84a61f825cf43affca063e7c09e4ae8.

See w3c/webappsec-csp#207 for context.

Tests: web-platform-tests/wpt#8520.

Fixes #2594.

Also:

* Explain why [[Get]] and [[Set]] pass this instead of W.
* Remove a source reference to an addressed JavaScript issue.

Fixes #4064.

And adjust wrapping and wording slightly around the noopener feature and boolean window feature parsing.

Specify parsing of 'noopener' feature in window.open so that noopener is only set to true
if the value is either:
- The empty string.
- The string "yes".
- The value is not 0 or an error when parsed as an integer.

Fixes #2600.

* Module scripts are always fetched with request credentials mode
  "same-origin" by default, instead of the previous default of "omit".
  Only worker module scripts can still set that to "omit", using the
  credentials option to the Worker constructor. Non-worker module
  scripts, which only have the crossorigin="" attribute available, can
  only toggle between "same-origin" and "include", similar to how
  crossorigin="" works for other platform features.
* Similarly, import() statements inside of classic scripts now use the
  "same-origin" credentials mode, instead of "omit". This affects both
  <script> elements, where the default can be changed using
  crossorigin="", and other contexts like javascript: URLs and classic
  worker scripts, where the default cannot be changed.
* The top-level script for module workers is always fetched with request
  mode "same-origin". Cross-origin workers did not quite work due to
  service workers.

Fixes #2557. Fixes #3109.

Tests:

* web-platform-tests/wpt#11274
* web-platform-tests/wpt#13176
* web-platform-tests/wpt#13426

Conformance requirement for the width descriptor is about the sizes attribute, not the srcset attribute.

Fixes #3250.

This was changed in #2672 without
being explicitly discussed. This was discovered because the tests
still match the old behavior:
web-platform-tests/wpt#13411.

Previously, a navigation would create a reserved environment once and use it for all redirects. This commit changes that so a new environment is created on a cross-origin redirect.

We now also run CSP for each redirect.

See also w3c/ServiceWorker#1316.

Tests: web-platform-tests/wpt#13368

Fixes #1054.

Properly define the rendering of the fieldset and legend elements.

The layout model used is most similar to Gecko, which uses an anonymous box to hold the fieldset's contents.

Fixes #3955, fixes #3930, fixes #3929, fixes #3928, fixes #3927, fixes #3915, fixes #3913, fixes #3660, fixes #3331, fixes #2756, fixes #4013.

Tests:
https://github.com/web-platform-tests/wpt/tree/master/html/rendering/non-replaced-elements/the-fieldset-and-legend-elements
https://github.com/web-platform-tests/wpt/tree/master/html/semantics/forms/the-fieldset-element

This reverts commit 7711a1f. As
discussed in #3995, these changes were made prematurely without
appropriate implementer sign-off. Since then, a plethora of issues
around the changes here have been opened up (e.g. #3994, #4023, #4026,
#4030, #4033, #4034). We revert these changes until a more complete and
agreed-upon specification can replace them.

Closes #3995.

Helps with w3c/webappsec-csp#329.

This will be used in Web IDL.

This defines "autoplay" as a policy-controlled feature which can be used
to disable autoplaying videos in any frame. It also adds a new section
where policy-controlled features defined in HTML can be listed.

This allows an author to configure what type of icon is displayed in
place of the enter key on virtual keyboards.

Tests: web-platform-tests/wpt#12972

queueMicrotask() doesn't pass any arguments or return any values, so
VoidFunction is a better fit than Function. This does not change the
processing model, but is easier for implementers and code generators.

* Makes "bad" examples fit the current code block style, instead of
  removing their background.
* Marks ABNF code as such. This will require html-build tweaks to have
  an effect.
* Adds syntax highlighting styles to the dev edition. Closes #3755.
* Removes no-longer-necessary [hidden] rule, per
  whatwg/whatwg.org#220 (comment).

This was missed in 1dec930.

Fixes #3795.

Fixes #4006.

This was missed in #3999.

Fixes #3950.

Tests: web-platform-tests/wpt#12800

* Don't special-case focusable legend, like Edge/Chrome/Safari

* Fix grammar

* Fix wording

* Use lists to make it less ambiguous

* and

* Address domenic's comments

* Add an example

* Source formatting nits

This implements the "ideal 2" plan in #3975, which was found to be
compatible with the existing Chrome test suite while being reasonably
straightforward.

Closes #3651.
Fixes #3975.

Tests: web-platform-tests/wpt#10789

This was added in #3677. As
discovered in tidoust/reffy#125, this is the
only case that isn't wrapped in <code> in addition to <pre>.

Fonts have no origins. This was missed in
440a8eb.

Fixes #3992.

There is no longer anything fundamental that prevents document.open()
from being useful on non-active documents. This also aligns with Chrome,
Edge, and Safari. In fact, some developers already utilize this property
as a streaming HTML parser to desirable effect (see #2827).

Additionally, use a more appropriate guard for erasing event listeners
and handlers on the Window object, as revealed by the tests.

Fixes #2827.

Tests: web-platform-tests/wpt#12636
Tests: web-platform-tests/wpt#12770

"emHeightDescent" was the only descent where "positive" meant "above the baseline". This fixes that and makes it more aligned with the other descents, where "positive" means "below the baseline".

This changes the canvas TextMetrics interface mixin in two ways:

* It adds an advances attribute, for the advances of each character.
* It changes the baselines-retrieval API from separate attributes to a
  dictionary returned by a getBaselines() method.

Tests: offscreen-canvas/the-offscreen-canvas/offscreencanvas.constructor.html in wpt.

Fixes #3540.

Tests: KhronosGroup/WebGL#2701.

Fixes #3404.

This is another part of the effort to overhaul document.open() as outlined in #3818.

Tests: web-platform-tests/wpt#10817.

Fixes #2555.

Per investigation in #3818, this change aligns the behavior of
document.open() with Chrome and Safari.

Tests: web-platform-tests/wpt#10679.

Closes #3831.

Fixes #3587. Based on the proposal at
https://github.com/junov/OffscreenCanvasAnimation/blob/2e0546417d4f45d194270a67a1cdf303f2e0ef88/OffscreenCanvasAnimation.md.

This introduces a new AnimationFrameProvider mixin interface to contain
requestAnimationFrame() and cancelAnimationFrame(). It's included in
Window and DedicatedWorkerGlobalScope. In addition to generalizing them
to work on both objects, the two methods were rewritten editorially to
be based on Infra primitives.

This change also introduces the concept of updating the rendering of
worker event loops.