Comments (8)
annevk
commented on June 15, 2024
1
We cannot make a breaking change like this to how HTML is parsed. Especially with so little justification. I hope you understand.
from html.
annevk
commented on June 15, 2024
1
https://whatwg.org/working-mode#changes describes the process, but in this specific case I know that it's extremely unlikely you'll get implementer support as making a breaking change to how HTML is parsed is not done lightly.
I can tell you that WebKit would not want this change to be made, but maybe you can convince other implementers. I'll reopen for now given that you don't seem convinced.
from html.
RokeJulianLockhart
commented on June 15, 2024
@annevk, what is the procedure for this, then? If I've supposedly no jurisdiction, yet the desire to implement a positive modification, I would like to be provided the opportunity to try to do so correctly.
from html.
RokeJulianLockhart
commented on June 15, 2024
Thank you, @annevk. I'm aware that this shall be an uphill battle, considering how much time this issue has been left unfixed.
from html.
RokeJulianLockhart
commented on June 15, 2024
@annevk, I know solely that Google, Mozilla, and Apple are stakeholders in this, so do you know of any implementers I might have missed? Additionally, how do you suggest I contact them? I've always created issues in their respective public bug trackers - is that the standard way to propose things like this?
from html.
kbrosnan
commented on June 15, 2024
I can see your enthusiasm for this feature. This change would be a breaking change to how HTML is parsed. This would break correctly parsed pages that currently exist. It would add a significant layer of complexity when parsing HTML.
This change would need an exceptional use case to be considered. Easier debugging is not exceptional. Some complied languages support this feature, again not exceptional.
Filing bugs, Anne already said that WebKit would not accept such a change. For Mozilla it would get duplicated to an old invalid bug like 195133. I expect a similar response from Blink/Chrome developers.
I suspect that this feels circular but you are proposing a fundamental change that affects any page that uses comments. Such a change is not taken lightly.
from html.
RokeJulianLockhart
commented on June 15, 2024
@kbrosnan, thanks. Indeed, I recognise what you've stated.
Nevertheless, my aforestated rationale for desiring this change is that I cannot see a world in which implementing a replacement comment tag (the sole alternative I've envisioned) is an easier breaking change to implement. Additionally, I constantly need the ability to nest comment tags, so I do need a solution. The work necessary to attempt to convince stakeholders would not be worth the effort were this not significantly problematic for me.
Regardless, I realize that others may prioritize stability. I vehemently disagree with this personally, but recognize that mere opinion shall not change that, so I shall not unnecessarily invoke ire by fighting with stakeholers. I only intend to explain as best I can the advantages of reconsidering this limitation, and leaving it for them to decide.
WebKit I consider a somewhat special case in that they tend to be somewhat unnecessarily conservative, and consequently, I would like to consider their opinion separately to the others'. Regarding Mozilla, specifically their aforementioned bug tracker's extensive history which appears to cover every proposal known to humankind, I believe triage identifying potentially duplicate closed issues shan't be a problem. That's because Mozilla has used multiple different triage practices during the past, some of which they recognise unnecessarily locked bugs. Additionally, they tend to reconsider duplicates if they provide new information and the reporter is receptive to feedback.
from html.
zcorpan
commented on June 15, 2024
We will not implement this for Gecko.
As already mentioned, this would break existing pages that have this syntax and expect the current behavior. This alone is a sufficient blocker.
But I think there's also another aspect here. When changing how HTML parsing works, we need to be consider if it introduces a new XSS problem. I believe this would: let's say a website allows untrusted input but uses an HTML-parser based sanitizer to remove anything that can run scripts. Comments are considered safe. If the website's backend implements this change, but the user's browser does not (it takes a long time for all users to update even if all browsers were to ship a coordinated change), then the user is now vulnerable to XSS.
What you could do instead is to use the template element, which can be nested and makes stuff inside it inert.
For those unaware of why this isn't already possible, https://stackoverflow.com/a/12102131/9731176 explains it well.
The SGML-style comment parsing issue was solved in the spec in 2006, so that is not relevant.
from html.
Related Issues (20)
- If a web author sets dropEffect to something that is not allowed according to spec, should UA respect their choice by updating dropEffect attribute?
- template.content has unusable value HOT 1
- Clean up HTML <-> DOM hooks HOT 2
- Consider improving interoperability of <iframe> throttling margins. HOT 10
- The dropEffect column in the Drag and Drop events summary table should clarify it represents default values.
- Drag and drop spec allows multiple values for dropEffect which might cause browsers to behave differently.
- How should UAs handle web authors setting dropEffect values?
- Proposal for event ordering when inserting replacement text such as text prediction, spell checker, etc
- It's unclear how shadows should be drawn across various compositing operators HOT 2
- Should custom validity error message treat \r as newline? HOT 3
- Upcoming WHATNOT meeting on 5/16/2024 HOT 5
- Date Picker popup doesn't propagate shadow DOM events into the light DOM HOT 1
- Clarify `detail` value of synthetic click event HOT 3
- Consider making "gamepadconnected" part of “activation triggering user event”? HOT 1
- Meeting 2 for joint OpenUI-WHATWG/HTML-CSSWG task force on styleable form controls HOT 4
- Upcoming WHATNOT meeting on 5/23/2024 HOT 6
- [Proposal]: Enable `HTMLElement` attributes to be toggled without JavaScript HOT 2
- Issue with Step 10 of inner navigate event firing algorithm HOT 2
- Provide native validation messages for native validity states on Form Associated Custom Elements
- Upcoming WHATNOT meeting on 5/30/2024 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from html.