The WHATWG Blog

Please leave your sense of logic at the door, thanks!

WHATWG Weekly: Same-Origin Policy Explained

We are still looking for a volunteer to write WHATWG Weekly. Otherwise on March 21 and beyond there will not be much to see here. Well, no new WHATWG Weekly.

Big thanks, security model, and editing

We got a big thanks from people at the BBC. Though reading Frame accurate video in HTML5 it seems we owe them for providing valuable feedback! Great to see how many people are paying attention and contributing to what we are trying to build here.

Earlier this week Adam Barth published Principles of the Same-Origin Policy, a document outlining the principles of the Web platform security model. That is, as it has come to be over the years, with many people hacking on it in browsers.

Aryeh Gregor has a new project: HTML Editing Commands. He is working out a more detailed specification for the execCommand() method (and friends). Currently the HTML specification is rather vague on the subject, deferring much to implementations. This specification will eventually help user agents to get closer to each other — also known as interoperability — with regards to editing operations.

W3C HTML WG

Another attempt is made to get the longdesc attribute conforming. Edward O'Connor (since recently with Apple; congrats!) is not convinced there is new information here since we made the decision to kick it out.

A whole bunch of open HTML WG issues (156, 157, 158, 160) were “closed without prejudice” last week. This happens when no change proposals are written in time. The process starts with a bug that is resolved by the editor. If the reporter disagrees with the editor he can escalate the bug into an issue. But if then nobody steps up to do something with the issue nothing will change and the issue is closed without prejudice. After this the issue can only be reconsidered with approval of the WG Chairs. Otherwise it is deferred to the next version of HTML (the W3C uses a snapshot model, the current one is labeled HTML5).

Shorts

Posted in Weekly Review | 6 Comments »

WHATWG Weekly: Search Provider APIs

WHATWG Weekly will go on vacation for three months three weeks from now. However, you can stop that by joining IRC and offering to write it instead. You will be given at least one Internet for each post.

Shorts from the WHATWG mailing list

David Flanagan pointed out that various event handlers are on the HTMLElement interface rather than HTMLMediaElement even though the events are non-bubbling and dispatched solely on HTMLMediaElement. Philip Jägenstedt explained that it makes them more straightforward to implement. Why they are also on Document and Window was not explained.

David Levin suggested we standardize APIs for adding search providers. A way for a site the user is visiting to find out whether it is the default search provider and a way to add itself as search provider. The APIs he suggests we converge on are proprietary APIs from Internet Explorer.

As part of the real-time web APIs the HTML specification defines a StreamRecorder interface so authors can obtain a File out of some streaming media data. Ian Hickson indicated this is still very experimental. We are basically looking for feedback from implementors and authors, as well as standardization of the various protocols and formats, before proceeding with the APIs.

Michael Nordman said he plans on changing Chrome to allow cross-origin caching of secure resources for the application cache feature. The idea is to respect Cache-Control: no-store giving the cross-origin resources control over the situation.

Philip Jägenstedt reported he nuked javascript: URL support from various contexts within Opera and argues for standardizing this more limited behavior.

Jukka K. Korpela provided feedback on the new controls. I remember reading his Guidelines on alt texts in img elements back in the day and realizing that markup is fricking complex. Pretty cool that he is now reviewing our work.

At the W3C

Philip Jägenstedt reported some issues with <video>.readyState on the HTML WG list. On the Webfonts WG list Maciej Stachowiak explained Apple’s position on font linking and embedding.

Over the past week or so I updated DOM Core (formerly Web DOM Core) to include events.

history.pushState()

When more popular sites adopted the #! URL pattern advocacy articles were written, e.g: Breaking the Web with hash-bangs. The WHATWG saw this coming which is why we came up with the history.pushState() API some time ago. It allows resources to manipulate the path of their URL.

Posted in Weekly Review | Comments Off on WHATWG Weekly: Search Provider APIs

WHATWG Weekly: Synchronized Media

Probably the most interesting proposal last week was an email by Silvia Pfeiffer on a Multitrack Media API. Specifically, how to synchronize media resources for the purposes of e.g. sign language and independent audio description tracks. Jeroen Wijering suggested this should be handled in a manifest, outside of HTML.

Interesting implementation-wise, Emiliano Martinez Luque announced he wrote a Microdata library for PHP.

Change Proposals

Two weeks ago Frank Olivier from Microsoft wrote a Change Proposal for playbackRate that I missed. Namely that user agents can ignore it being set if they cannot change the speed at which the media resource plays.

Related to change proposals the W3C HTML WG now has a straw poll going on as to whether WAI-ARIA should be allowed to override native HTML semantics.

Noteworthy

Posted in Weekly Review | Comments Off on WHATWG Weekly: Synchronized Media

WHATWG Weekly: “Distributed Extensibility” put to rest and loads more

Two weeks ago I reported that Philip Jägenstedt wrote a proposal to ignore the Content-Type header for video resources and last week that made it into the HTML standard. Video formats were already being sniffed if the Content-Type had an appropriate value. Now that process is simplified.

The server-sent events feature was also simplified. 2xx — except 200 — HTTP response codes no longer have any special semantics.

Meanwhile Web Workers gained the online and offline events turning its navigator.onLine into something useful. And the window.onerror feature will also be invoked for compile-time errors. Aryeh Gregor’s work on window.atob() and window.btoa() — methods for base 64 encoding and decoding — made it into the HTML standard.

The Wider Web

Ian Hickson dedicated a blog entry to a change to the HTML standard with regards to script execution order. Suffice to say that inserting scripts dynamically is hairy, but at least it is well defined now.

Robert O'Callahan wrote Distinguishing "Embeddable" Versus "Readable" Web Resources Considered Harmful to which I replied with Breaking Web Platform Consistency Considered Harmful. Loading external resources is a complicated topic and I would like to avoid changing strategy there. Ian Hickson captures it quite well in a comment: I think the consistency argument has to be given a lot of weight, because otherwise each generation of Web standards people will bring with it a whole new set of API styles, and we’ll end up with a platform that is nigh on impossible to intuitively understand.

Related to loading policies a post by Mike Cardwell on abusing HTTP status codes to expose private information garnered quite a bit of attention last week. Simon Pieters suggested that my From-Origin proposal would be able to tackle that issue. It is quite a severe privacy problem that we should study carefully.

If you are interested in what editors of the CSS Working Group are working on there is now @csscommits where updates of CSS specifications are announced.

“Distributed Extensibility”

The Chairs of the W3C HTML Working Group finally announced the decision on ISSUE-41. HTML will not have XML-style namespaces. HTML has numerous extension points already and it is unclear whether namespaces are a good idea. It is nice that the W3C and WHATWG are in agreement on this, insofar they are actually separate.

I should point out that this decision can still be appealed if new information is brought forward. This discussion has been going on for a decade so hopefully we covered it, but you never know.

On the List

Posted in Weekly Review | 1 Comment »

WHATWG Weekly: Sniffing, Peer-to-Peer, and hgroup

Another week, another WHATWG Weekly. While the change of name continues to excite the wider world — be sure to read HTML5 vs. HTML by Jeffrey Zeldman for some perspective — standards development marches on.

Media Type Sniffing

At the start of the week Adam Barth gave “whatwgians” a heads up on an update to the Media Type Sniffing specification, published by the IETF Web Security (websec) WG. It now includes rules for handling WebP, Ogg, WAVE, and WebM resources that lack a media type. This work was originally part of the HTML specification and as it progressed found a home at the IETF. The reason sniffing is being documented is that browsers are required to do it if they want to handle legacy content. On top of that, if their sniffing algorithms differ it is bad for security, as explained by the Secure Content Sniffing For Web Browsers paper.

As fonts are being uniformly sniffed by browsers as well due to the lack of registered media types for them I asked for the font sniffing rules to be included in Media Type Sniffing.

Real-Time Web

Patrik Persson with Ericsson Research reported they have been exploring peer-to-peer conversational video based on several APIs from the HTML specification. This is where the web platform is still lacking compared to plugins, but it is starting to look like that will change. Sorting out the details however will likely take time as browsers do not have camera integration so far and have no UDP or peer-to-peer network stack.

The network part is also still an unknown. There is no agreed upon standard protocol yet for this type of functionality. The RTC-Web effort plans to change that though.

hgroup

Various people are unsatisfied with the design of the hgroup element and wish for it to be changed. Some want it to be removed until more research is done. And they may be right. There is some anecdotal evidence that the element is difficult for people to grasp — Bruce Lawson discussed it with developers and Lars Gunther experimented on students. There are a few bugs opened on it and Steve Faulkner is trying to get the HTML WG to do a poll.

Change Proposals

The W3C HTML WG currently has three issues open on the processing details of meta elements with their http-equiv attribute set to "content-type" (125, 126, and 148). Change proposals were written for all of these last week.

Kenny Lu, assisted by Henri Sivonen, is trying to get the u element conforming by writing a Change Proposal for issue 144. Furthermore he believes u as well as b and i should be marked presentational. On the HTML WG mailing list Ian Hickson argued that if we return b and i to be presentational elements in HTML and introduce u as a presentational element, we should bring all presentational elements back. Preferring consistency over design-by-committee.

Shorts

Posted in Weekly Review | 6 Comments »