Commits
main
Name already in use
Commits on May 26, 2023
-
Rename intrinsic dimensions to natural dimensions to match CSS
Also fix some instances to use the "density-corrected" variant instead. Fixes #6233.
-
Popover: throw exception in originalType check
Since exception throwing was moved into "check popover validity," we need to explicitly throw an exception for this originalType check in order to make sure that it actually throws an exception like it is supposed to. Fixes #9037.
Commits on May 25, 2023
-
Editorial: fix typo "traversible"
This fixes a typo in the definition of "fully active descendant of a top-level traversable with user attention": s/traversible/traversable.
-
Editorial: remove reference to [PRELOAD]
That document now redirects to the HTML Standard. Closes #9327.
Commits on May 24, 2023
-
Editorial: use quoted string instead of url() for @namespace
This is for consistency with the Fullscreen Standard: https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults These forms are equivalent. In HTML, the url() style has always been used, going back to commit f186b43 in 2009. However, a string is shorter makes it more clear that it's just a string constant.
Commits on May 23, 2023
Commits on May 19, 2023
-
Don't restore popover focus for manual popovers
I accidentally put the shouldRestoreFocus assignment outside of the popover=auto condition when I wrote this part of the spec. This is tested by the following WPTs: - html/semantics/popovers/popover-focus.html - html/semantics/popovers/popover-focus-2.html - html/semantics/popovers/popover-hide-crash.html
Commits on May 17, 2023
Commits on May 15, 2023
Commits on May 12, 2023
-
Only restore popover focus if focus is in the popover
Popovers will restore focus to the element which was focused before opening the popover when the popover is closed. However, if a user opens a popover and then tab-navigates away from the popover, focus should not be changed when the popover is closed. More context: https://chromium-review.googlesource.com/c/chromium/src/+/4322607. Tests: web-platform-tests/wpt#38922.
-
Only restore dialog focus if focus is in the dialog
This patch prevents the behavior where closing a dialog focuses the previously focused element from before the dialog was opened only if focus is in the dialog when the dialog closes. Without this, focus can unexpectedly shift away from an element which is not going away, like a text input that the user is currently typing into for example. Tests: web-platform-tests/wpt#39579. Fixes #8904.
-
Account for autofocus attribute for dialog focusing steps
#9121 used the dialog focusing steps with isModal set to true for popovers, so they could honor the autofocus attribute. However, it is incorrect to consider popovers as modal since they don't create a focus trap, or render the outside content inert. Scott O'Hara also recommended that non-modal dialogs focusing steps take in account the autofocus attribute. So to fix both issues, remove the isModal parameter from the dialog focusing steps algorithm and account for the autofocus attribute when set on the dialog itself in all cases (non-modal/modal/popovers). Tests: web-platform-tests/wpt#39890.
Commits on May 10, 2023
-
Fix form submission's replace-before-load logic
In 524485a, we overhauled the logic which converts "push" navigations to "replace" navigations before the load event fires. However, for form submissions we erroneously checked the loading state of the form's document, instead of the loading state of the target document; they can be different when using the form's target="" attribute. Further investigation reveals that this area is not interoperable, and neither Gecko nor WebKit pass tests for the "push"-to-"replace" conversion for such cross-document form submissions. (It's not clear exactly what they do, as they don't pass tests for the opposite behavior either.) Since we don't have interop here, we can standardize on a simpler behavior, of just avoiding the "push"-to-"replace" conversion. Closes #9135.
Commits on May 9, 2023
-
Editorial: improve popover example
Remove the aria-haspopup attribute in the popover example. It is confusing and explaining it would distract too much from the example. Instead allude to ARIA having requirements related to the construction of a menu widget. Closes #9153.
-
Don't throw when popover/dialog is in requested state
This patch makes the following changes: - Don't throw exceptions when showPopover or hidePopover is called and the popover is already in the requested state. - Don't throw exceptions when dialog.showModal, dialog.show, or dialog.close is called and the dialog is already in the requested state. - Throw exceptions when trying to switch between modal and non-modal dialog modes via dialog.showModal or dialog.show. Fixes #9045.
-
Fix a call to topmost auto popover
It needs a document as argument, not an element. Also turn auto popover list into an algorithm. Fixes #9036. Co-authored-by: Anne van Kesteren <annevk@annevk.nl>
Commits on May 8, 2023
-
Do not do same-URL replace navigations when initiated cross-origin
This allows attackers to do a boolean probe on the URL of a cross-origin iframe, by attempting to navigate it to a given URL, and if history.length does not increase, they know that the iframe is currently pointed to that URL. Closes #2018, at least the actionable part where you can get more information than just what is retrieved using the load event.
-
Editorial: reorder the navigation params structs
This tries to give a somewhat reasonable grouping and ordering of the navigation params and non-fetch scheme navigation params structs, including keeping them in parallel.
-
Only use the used invoker to establish popover hierarchy
Rationale from Mason Freed as per https://chromium-review.googlesource.com/c/chromium/src/+/4429412: Instead of using the node tree to establish the popover hierarchy, the user's behavior should matter. For example, if one popover contains a popover invoker pointing to another popover, it should matter whether that invoker is *actually used* to open the second popover. An example: - Component 1 is a third party widget, which uses popover - Component 2 is another third party widget, also using popover - A page wants to use both components separately, from separate invoking buttons. - Component 1 also wants to be able to use Component 2, via a button within Component 1. In this example, the page should be able to still independently use these components. So a user clicking the page's button for Component 2 is expected to close Component 1 if it's open, because that's a direct invocation of Component 2. However, if the user clicks the button within Component 1 to get Component 2, it is natural to leave Component 1 open because this is a nested call. Important note: this often happens to be the behavior even before this change, since the user clicking on the page-level Component 2 invoking button represents a light dismiss signal for Component 1, so it closes either way. But this simplifies the logic, removing the need to track all invokers on the page, and also removing the need to continuously check whether invoker relationships have changed. Fixes #9160, fixes #9168, and closes #9048 (as per discussion in the PR).
-
Expand non-fetch-scheme navigation params to include more
This is mostly editorial, to bundle up the variables flowing through the navigation algorithms and make them easier to track. However, this includes a bug fix for the non-fetch-scheme URL navigation flow, which would attempt to create a document with the the wrong URL in the case where a URL redirects to a non-fetch-scheme URL, because we failed to write it into the session history entry.
-
Commits on May 5, 2023
-
Check the popover's document in showPopover()
beforetoggle listeners can move popover elements between documents, which wasn't checked before and can lead to bad state and crashes. Fixes #9177.
-
Meta: move to GitHub Container Registry
Docker Hub was planning to sunset their free plan: https://www.docker.com/developers/free-team-faq/. Although they have backed down from doing this, it still seems better to centralize our infrastructure dependencies on GitHub. Wattsi and html-build have been successfully published to the GHCR. This commit moves HTML's continuous integration step to depend on the GHCR version of html-build, instead of the Docker Hub version.
Commits on May 2, 2023
-
Editorial: add parameters to popover attribute change steps
The attribute change steps to support the popover attribute did not list any arguments, which was pointed out in #9036. I followed some advice for adding arguments here: #9093 (comment).
-
Allow <hr> to be used inside <select> as a separator
This is a long-standing WebKit feature that regressed as part of the standardized HTML parser effort. This suggests bringing it back with optional semantics, but a mandatory HTML parser change. The HTML parser change is not expected to be significant for existing content or XSS. When the feature is correctly used it will also not hurt HTML parsers that have not yet incorporated the change. I.e., it should be fully backwards compatible. Tests: html5lib/html5lib-tests#167. Fixes #3410.
-
Use document's base URL when resolving <link> hrefs
This regressed at some point in the past with the various refactorings to the link processing model. Closes #8330.
-
Commits on Apr 28, 2023
-
Add "user attention" definition to top-level traversable
As well as document's "fully active descendant of a top-level traversible with user attention" for callers. Fixes #6211.
-
Fix "active frame element" definition
Closes #9136 by adding a non-null browsing context check. Also updates to use "in a document tree" instead of "in a document".
Commits on Apr 27, 2023
-
Add a performance entry type for visibility state changes
The entry is added when the visiblity changes for any reason, and an initial entry is added when the document becomes active. See w3c/page-visibility#29 and w3c/performance-timeline#105.
Commits on Apr 25, 2023
-
Use v RegExp flag instead of u for <input pattern>
This makes the pattern attribute more powerful, enabling the use of RegExp set notation syntax and properties of strings in its values. Differences with the previous u flag-based behavior: - [FEATURE] Previously invalid patterns now become valid, e.g.: pattern="[\p{ASCII_Hex_Digit}--[Ff]]" pattern="\p{RGI_Emoji}" pattern="[_\q{a|bc|def}]" - [BREAKING CHANGE] Some previously valid patterns are now errors, specifically those with a character class including either an unescaped special character ( ) [ ] { } / - \ | or a double punctuator. - [STATUS QUO] Other previously valid patterns still behave the same. (Other than the above-mentioned features, the v flags only differs in behavior from the u flag w.r.t. case-insensitive matching, but the pattern attribute uses case-sensitive matching.) Tests: web-platform-tests/wpt#38547. Fixes #7908.