Name already in use

Also fix some instances to use the "density-corrected" variant instead.

Fixes #6233.

Since exception throwing was moved into "check popover validity," we need to explicitly throw an exception for this originalType check in order to make sure that it actually throws an exception like it is supposed to.

Fixes #9037.

This fixes a typo in the definition of "fully active descendant of a top-level traversable with user attention": s/traversible/traversable.

That document now redirects to the HTML Standard.

Closes #9327.

This is for consistency with the Fullscreen Standard:
https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults

These forms are equivalent. In HTML, the url() style has always been
used, going back to commit f186b43 in
2009. However, a string is shorter makes it more clear that it's just a
string constant.

Fixes #4511. Follow-up: #9320.

I accidentally put the shouldRestoreFocus assignment outside of the popover=auto condition when I wrote this part of the spec.

This is tested by the following WPTs:
- html/semantics/popovers/popover-focus.html
- html/semantics/popovers/popover-focus-2.html
- html/semantics/popovers/popover-hide-crash.html

Tests: #9207.

Fixes #9206.

Popovers will restore focus to the element which was focused before opening the popover when the popover is closed. However, if a user opens a popover and then tab-navigates away from the popover, focus should not be changed when the popover is closed.

More context: https://chromium-review.googlesource.com/c/chromium/src/+/4322607.

Tests: web-platform-tests/wpt#38922.

This patch prevents the behavior where closing a dialog focuses the previously focused element from before the dialog was opened only if focus is in the dialog when the dialog closes.

Without this, focus can unexpectedly shift away from an element which is not going away, like a text input that the user is currently typing into for example.

Tests: web-platform-tests/wpt#39579.

Fixes #8904.

#9121 used the dialog focusing steps with isModal set to true for popovers, so they could honor the autofocus attribute. However, it is incorrect to consider popovers as modal since they don't create a focus trap, or render the outside content inert.

Scott O'Hara also recommended that non-modal dialogs focusing steps take in account the autofocus attribute.

So to fix both issues, remove the isModal parameter from the dialog focusing steps algorithm and account for the autofocus attribute when set on the dialog itself in all cases (non-modal/modal/popovers).

Tests: web-platform-tests/wpt#39890.

In 524485a, we overhauled the logic which converts "push" navigations to "replace" navigations before the load event fires. However, for form submissions we erroneously checked the loading state of the form's document, instead of the loading state of the target document; they can be different when using the form's target="" attribute.

Further investigation reveals that this area is not interoperable, and neither Gecko nor WebKit pass tests for the "push"-to-"replace" conversion for such cross-document form submissions. (It's not clear exactly what they do, as they don't pass tests for the opposite behavior either.) Since we don't have interop here, we can standardize on a simpler behavior, of just avoiding the "push"-to-"replace" conversion.

Closes #9135.

Remove the aria-haspopup attribute in the popover example. It is confusing and explaining it would distract too much from the example. Instead allude to ARIA having requirements related to the construction of a menu widget.

Closes #9153.

This patch makes the following changes:

- Don't throw exceptions when showPopover or hidePopover is called and the popover is already in the requested state.
- Don't throw exceptions when dialog.showModal, dialog.show, or dialog.close is called and the dialog is already in the requested state.
- Throw exceptions when trying to switch between modal and non-modal dialog modes via dialog.showModal or dialog.show.

Fixes #9045.

It needs a document as argument, not an element.

Also turn auto popover list into an algorithm.

Fixes #9036.

Co-authored-by: Anne van Kesteren <annevk@annevk.nl>

This allows attackers to do a boolean probe on the URL of a cross-origin iframe, by attempting to navigate it to a given URL, and if history.length does not increase, they know that the iframe is currently pointed to that URL.

Closes #2018, at least the actionable part where you can get more information than just what is retrieved using the load event.

This tries to give a somewhat reasonable grouping and ordering of the navigation params and non-fetch scheme navigation params structs, including keeping them in parallel.

Rationale from Mason Freed as per https://chromium-review.googlesource.com/c/chromium/src/+/4429412:

Instead of using the node tree to establish the popover hierarchy, the user's behavior should matter. For example, if one popover contains a popover invoker pointing to another popover, it should matter whether that invoker is *actually used* to open the second popover.

An example:
- Component 1 is a third party widget, which uses popover
- Component 2 is another third party widget, also using popover
- A page wants to use both components separately, from separate invoking buttons.
- Component 1 also wants to be able to use Component 2, via a button within Component 1.

In this example, the page should be able to still independently use these components. So a user clicking the page's button for Component 2 is expected to close Component 1 if it's open, because that's a direct invocation of Component 2. However, if the user clicks the button within Component 1 to get Component 2, it is natural to leave Component 1 open because this is a nested call.

Important note: this often happens to be the behavior even before this change, since the user clicking on the page-level Component 2 invoking button represents a light dismiss signal for Component 1, so it closes either way. But this simplifies the logic, removing the need to track all invokers on the page, and also removing the need to continuously check whether invoker relationships have changed.

Fixes #9160, fixes #9168, and closes #9048 (as per discussion in the PR).

This is mostly editorial, to bundle up the variables flowing through the navigation algorithms and make them easier to track.

However, this includes a bug fix for the non-fetch-scheme URL navigation flow, which would attempt to create a document with the the wrong URL in the case where a URL redirects to a non-fetch-scheme URL, because we failed to write it into the session history entry.

This regressed in 04a11f2, which removed <param> from the list of "void elements" (since it is no longer a conforming element), without adding it to the parser-algorithm-focused "serializes as void" list.

Closes #9249.

Closes #9082.

beforetoggle listeners can move popover elements between documents, which wasn't checked before and can lead to bad state and crashes.

Fixes #9177.

Docker Hub was planning to sunset their free plan: https://www.docker.com/developers/free-team-faq/. Although they have backed down from doing this, it still seems better to centralize our infrastructure dependencies on GitHub.

Wattsi and html-build have been successfully published to the GHCR. This commit moves HTML's continuous integration step to depend on the GHCR version of html-build, instead of the Docker Hub version.

The attribute change steps to support the popover attribute did not list any arguments, which was pointed out in #9036.

I followed some advice for adding arguments here: #9093 (comment).

This is a long-standing WebKit feature that regressed as part of the standardized HTML parser effort. This suggests bringing it back with optional semantics, but a mandatory HTML parser change.

The HTML parser change is not expected to be significant for existing content or XSS. When the feature is correctly used it will also not hurt HTML parsers that have not yet incorporated the change. I.e., it should be fully backwards compatible.

Tests: html5lib/html5lib-tests#167.

Fixes #3410.

This regressed at some point in the past with the various refactorings to the link processing model. Closes #8330.

As well as document's "fully active descendant of a top-level traversible with user attention" for callers.

Fixes #6211.

Fixes #9226.

Closes #9136 by adding a non-null browsing context check. Also updates to use "in a document tree" instead of "in a document".

Closes #9220.

The entry is added when the visiblity changes for any reason, and an initial entry is added when the document becomes active.

See w3c/page-visibility#29 and w3c/performance-timeline#105.

This makes the pattern attribute more powerful, enabling the use of RegExp set notation syntax and properties of strings in its values.

Differences with the previous u flag-based behavior:

- [FEATURE] Previously invalid patterns now become valid, e.g.:

    pattern="[\p{ASCII_Hex_Digit}--[Ff]]"
    pattern="\p{RGI_Emoji}"
    pattern="[_\q{a|bc|def}]"

- [BREAKING CHANGE] Some previously valid patterns are now errors, specifically those with a character class including either an unescaped special character ( ) [ ] { } / - \ | or a double punctuator.

- [STATUS QUO] Other previously valid patterns still behave the same. (Other than the above-mentioned features, the v flags only differs in behavior from the u flag w.r.t. case-insensitive matching, but the pattern attribute uses case-sensitive matching.)

Tests: web-platform-tests/wpt#38547.

Fixes #7908.