Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Commits on May 26, 2023

  1. Rename intrinsic dimensions to natural dimensions to match CSS

    Also fix some instances to use the "density-corrected" variant instead.
    Fixes #6233.
    zcorpan committed May 26, 2023
  2. Popover: throw exception in originalType check

    Since exception throwing was moved into "check popover validity," we need to explicitly throw an exception for this originalType check in order to make sure that it actually throws an exception like it is supposed to.
    Fixes #9037.
    josepharhar committed May 26, 2023

Commits on May 25, 2023

  1. Editorial: fix typo "traversible"

    This fixes a typo in the definition of "fully active descendant of a top-level traversable with user attention": s/traversible/traversable.
    schwering committed May 25, 2023
  2. Editorial: remove reference to [PRELOAD]

    That document now redirects to the HTML Standard.
    Closes #9327.
    noamr committed May 25, 2023

Commits on May 24, 2023

  1. Editorial: use quoted string instead of url() for @namespace

    This is for consistency with the Fullscreen Standard:
    These forms are equivalent. In HTML, the url() style has always been
    used, going back to commit f186b43 in
    2009. However, a string is shorter makes it more clear that it's just a
    string constant.
    foolip committed May 24, 2023

Commits on May 23, 2023

  1. Editorial: clean up getContext() tables

    Fixes #4511. Follow-up: #9320.
    trevorspiniolas committed May 23, 2023

Commits on May 19, 2023

  1. Don't restore popover focus for manual popovers

    I accidentally put the shouldRestoreFocus assignment outside of the popover=auto condition when I wrote this part of the spec.
    This is tested by the following WPTs:
    - html/semantics/popovers/popover-focus.html
    - html/semantics/popovers/popover-focus-2.html
    - html/semantics/popovers/popover-hide-crash.html
    josepharhar committed May 19, 2023

Commits on May 15, 2023

Commits on May 12, 2023

  1. Only restore popover focus if focus is in the popover

    Popovers will restore focus to the element which was focused before opening the popover when the popover is closed. However, if a user opens a popover and then tab-navigates away from the popover, focus should not be changed when the popover is closed.
    More context:
    Tests: web-platform-tests/wpt#38922.
    josepharhar committed May 12, 2023
  2. Only restore dialog focus if focus is in the dialog

    This patch prevents the behavior where closing a dialog focuses the previously focused element from before the dialog was opened only if focus is in the dialog when the dialog closes.
    Without this, focus can unexpectedly shift away from an element which is not going away, like a text input that the user is currently typing into for example.
    Tests: web-platform-tests/wpt#39579.
    Fixes #8904.
    josepharhar committed May 12, 2023
  3. Account for autofocus attribute for dialog focusing steps

    #9121 used the dialog focusing steps with isModal set to true for popovers, so they could honor the autofocus attribute. However, it is incorrect to consider popovers as modal since they don't create a focus trap, or render the outside content inert.
    Scott O'Hara also recommended that non-modal dialogs focusing steps take in account the autofocus attribute.
    So to fix both issues, remove the isModal parameter from the dialog focusing steps algorithm and account for the autofocus attribute when set on the dialog itself in all cases (non-modal/modal/popovers).
    Tests: web-platform-tests/wpt#39890.
    nt1m committed May 12, 2023

Commits on May 10, 2023

  1. Fix form submission's replace-before-load logic

    In 524485a, we overhauled the logic which converts "push" navigations to "replace" navigations before the load event fires. However, for form submissions we erroneously checked the loading state of the form's document, instead of the loading state of the target document; they can be different when using the form's target="" attribute.
    Further investigation reveals that this area is not interoperable, and neither Gecko nor WebKit pass tests for the "push"-to-"replace" conversion for such cross-document form submissions. (It's not clear exactly what they do, as they don't pass tests for the opposite behavior either.) Since we don't have interop here, we can standardize on a simpler behavior, of just avoiding the "push"-to-"replace" conversion.
    Closes #9135.
    domenic committed May 10, 2023

Commits on May 9, 2023

  1. Editorial: improve popover example

    Remove the aria-haspopup attribute in the popover example. It is confusing and explaining it would distract too much from the example. Instead allude to ARIA having requirements related to the construction of a menu widget.
    Closes #9153.
    scottaohara committed May 9, 2023
  2. Don't throw when popover/dialog is in requested state

    This patch makes the following changes:
    - Don't throw exceptions when showPopover or hidePopover is called and the popover is already in the requested state.
    - Don't throw exceptions when dialog.showModal,, or dialog.close is called and the dialog is already in the requested state.
    - Throw exceptions when trying to switch between modal and non-modal dialog modes via dialog.showModal or
    Fixes #9045.
    josepharhar committed May 9, 2023
  3. Fix a call to topmost auto popover

    It needs a document as argument, not an element.
    Also turn auto popover list into an algorithm.
    Fixes #9036.
    Co-authored-by: Anne van Kesteren <>
    josepharhar and annevk committed May 9, 2023

Commits on May 8, 2023

  1. Do not do same-URL replace navigations when initiated cross-origin

    This allows attackers to do a boolean probe on the URL of a cross-origin iframe, by attempting to navigate it to a given URL, and if history.length does not increase, they know that the iframe is currently pointed to that URL.
    Closes #2018, at least the actionable part where you can get more information than just what is retrieved using the load event.
    domenic committed May 8, 2023
  2. Editorial: reorder the navigation params structs

    This tries to give a somewhat reasonable grouping and ordering of the navigation params and non-fetch scheme navigation params structs, including keeping them in parallel.
    domenic committed May 8, 2023
  3. Only use the used invoker to establish popover hierarchy

    Rationale from Mason Freed as per
    Instead of using the node tree to establish the popover hierarchy, the user's behavior should matter. For example, if one popover contains a popover invoker pointing to another popover, it should matter whether that invoker is *actually used* to open the second popover.
    An example:
    - Component 1 is a third party widget, which uses popover
    - Component 2 is another third party widget, also using popover
    - A page wants to use both components separately, from separate invoking buttons.
    - Component 1 also wants to be able to use Component 2, via a button within Component 1.
    In this example, the page should be able to still independently use these components. So a user clicking the page's button for Component 2 is expected to close Component 1 if it's open, because that's a direct invocation of Component 2. However, if the user clicks the button within Component 1 to get Component 2, it is natural to leave Component 1 open because this is a nested call.
    Important note: this often happens to be the behavior even before this change, since the user clicking on the page-level Component 2 invoking button represents a light dismiss signal for Component 1, so it closes either way. But this simplifies the logic, removing the need to track all invokers on the page, and also removing the need to continuously check whether invoker relationships have changed.
    Fixes #9160, fixes #9168, and closes #9048 (as per discussion in the PR).
    josepharhar committed May 8, 2023
  4. Expand non-fetch-scheme navigation params to include more

    This is mostly editorial, to bundle up the variables flowing through the navigation algorithms and make them easier to track.
    However, this includes a bug fix for the non-fetch-scheme URL navigation flow, which would attempt to create a document with the the wrong URL in the case where a URL redirects to a non-fetch-scheme URL, because we failed to write it into the session history entry.
    domfarolino committed May 8, 2023
  5. Add <param> to the "serializes as void" list

    This regressed in 04a11f2, which removed <param> from the list of "void elements" (since it is no longer a conforming element), without adding it to the parser-algorithm-focused "serializes as void" list.
    Closes #9249.
    domenic committed May 8, 2023

Commits on May 5, 2023

  1. Check the popover's document in showPopover()

    beforetoggle listeners can move popover elements between documents, which wasn't checked before and can lead to bad state and crashes.
    Fixes #9177.
    josepharhar committed May 5, 2023
  2. Meta: move to GitHub Container Registry

    Docker Hub was planning to sunset their free plan: Although they have backed down from doing this, it still seems better to centralize our infrastructure dependencies on GitHub.
    Wattsi and html-build have been successfully published to the GHCR. This commit moves HTML's continuous integration step to depend on the GHCR version of html-build, instead of the Docker Hub version.
    domenic committed May 5, 2023

Commits on May 2, 2023

  1. Editorial: add parameters to popover attribute change steps

    The attribute change steps to support the popover attribute did not list any arguments, which was pointed out in #9036.
    I followed some advice for adding arguments here: #9093 (comment).
    josepharhar committed May 2, 2023
  2. Allow <hr> to be used inside <select> as a separator

    This is a long-standing WebKit feature that regressed as part of the standardized HTML parser effort. This suggests bringing it back with optional semantics, but a mandatory HTML parser change.
    The HTML parser change is not expected to be significant for existing content or XSS. When the feature is correctly used it will also not hurt HTML parsers that have not yet incorporated the change. I.e., it should be fully backwards compatible.
    Tests: html5lib/html5lib-tests#167.
    Fixes #3410.
    annevk committed May 2, 2023
  3. Use document's base URL when resolving <link> hrefs

    This regressed at some point in the past with the various refactorings to the link processing model. Closes #8330.
    noamr committed May 2, 2023

Commits on Apr 28, 2023

  1. Add "user attention" definition to top-level traversable

    As well as document's "fully active descendant of a top-level traversible with user attention" for callers.
    Fixes #6211.
    jan-ivar committed Apr 28, 2023
  2. Meta: export Window's navigable

    Fixes #9226.
    domenic committed Apr 28, 2023
  3. Fix "active frame element" definition

    Closes #9136 by adding a non-null browsing context check. Also updates to use "in a document tree" instead of "in a document".
    domenic authored and annevk committed Apr 28, 2023

Commits on Apr 27, 2023

  1. Add a performance entry type for visibility state changes

    The entry is added when the visiblity changes for any reason, and an initial entry is added when the document becomes active.
    See w3c/page-visibility#29 and w3c/performance-timeline#105.
    noamr committed Apr 27, 2023

Commits on Apr 25, 2023

  1. Use v RegExp flag instead of u for <input pattern>

    This makes the pattern attribute more powerful, enabling the use of RegExp set notation syntax and properties of strings in its values.
    Differences with the previous u flag-based behavior:
    - [FEATURE] Previously invalid patterns now become valid, e.g.:
    - [BREAKING CHANGE] Some previously valid patterns are now errors, specifically those with a character class including either an unescaped special character ( ) [ ] { } / - \ | or a double punctuator.
    - [STATUS QUO] Other previously valid patterns still behave the same. (Other than the above-mentioned features, the v flags only differs in behavior from the u flag w.r.t. case-insensitive matching, but the pattern attribute uses case-sensitive matching.)
    Tests: web-platform-tests/wpt#38547.
    Fixes #7908.
    mathiasbynens committed Apr 25, 2023