whatwg / html

Fixes #5118.

Tests: web-platform-tests/wpt#20465

d3c9442 intended to remove a, area, and
frameset from Window's named objects, and came with matching web
platform tests to assert that frameset was removed, which all engines
currently pass. However, that commit actually forgot to remove frameset;
this fixes that.

Closes #5230.

Closes #5219.

This builds on whatwg/wattsi#41, whatwg/infra#115 (which builds on tabatkins/bikeshed#964), and whatwg/whatwg.org#64.

Part of this was fixed by b5ac75d. This was introduced in 163c216 due to not resorting after renaming.

Closes whatwg/compat#118.

This adds a pointer to #2137, which remains somewhat contested, to the
relevant parts of the prepare and execute algorithms for scripts.

Previously this was referred to imprecisely as "the node document of the
script element at the time the prepare a script algorithm started".

This makes it easier to add to and rearrange them.

Previously this was referenced in an implicit way, as "the parser that
created the element". This makes it an explicit associated value, from
which "parser-inserted" is derived.

One normative fix: by saving the script element's node document before
evaluation, this properly changes that document's currentScript back
after evaluation. As previously written, a script that moved during
evaluation would cause its new node document's currentScript to update.

Tests: web-platform-tests/wpt#20775

Editorial cleanups:

* Use a named argument, scriptElement
* Use the saved document variable throughout
* Cleanup source formatting
* Remove <!-- SCRIPT EXEC --> comments

Closes #5119.

Fixes #5140.

For people who follow a link to single page (with a fragment) but
prefer to load the multipage version, using the link at the top
would remove the fragment. This keeps the fragment when clicking
the link, and `link-fixup.js` will do the necessary redirect when
the multipage page is loaded.

Follows tc39/ecma262#1562.

Closes #5170.

Helps with #4980 and #4506.

This feature brings extra complexity for Cross-Origin-Opener-Policy and
Cross-Origin-Embedder-Policy, and is rarely used.

Relevant discussion:
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/Z1XdYf6SjDU

Fixes #3282.

Additionally, make content document (also used by contentDocument) perform the same origin-domain comparison on the two documents involved rather than involve the current settings object.

Tests: web-platform-tests/wpt#20432.

Fixes #5094.

The refactoring in bcd5d61 missed a few
instances of the "new focus target" variable.

These days all implementations only have security checks on a couple of objects. Firefox used to have cross-origin object wrapper, but those are no longer web observable.

Tests: html/browsers/origin/cross-origin-objects/cross-origin-objects.html and web-platform-tests/wpt#20432.

As indicated by whatwg/dom#800 and its tests, more than Text node changes are observed by consumers.

This is a specialization of "queue a task", where the event loop and the
document are derived from the element.

This helps with #4980. For now only a couple instances were converted,
but the other 200+ will follow.

The "same-orgin fallback flag" only influences the behavior of the
"create a potential-CORS request" algorithm when the
"corsAttributeState" parameter is "No CORS". The EventSource
constructor's algorithm never specifies corsAttributeState as "No
CORS", so the flag has no effect.

Follow-up to #5123.

Closes #5009.

This replaces the previous concept of "triggered by user activation"
with a more nuanced model, introducing new concepts and a more detailed
processing model. This aligns with Chromium's "user activation v2" work,
which gained consensus during the discussion at TPAC [1]. (The previous
specification did not align with any implementation.)

This serves mostly as a foundational improvement. Interop work remains
to be done on individual APIs and how they use user activation, as well
as the exact set of events which count as user activation. Those issues
are tracked in [2] and elsewhere.

Fixes #1903. Fixes #3859.

[1]: https://docs.google.com/document/d/1gHxQMdXGX4UjjoPXi0c1vhwYregQzWNEHqgbydopCoo/edit#heading=h.9hw95kikso76
[2]: https://github.com/whatwg/html/labels/topic%3A%20user%20activation

Fixes w3c/longtasks#77.

Also make more usage of a browsing context's container (document) where possible.