diff --git a/sections/browsers.include b/sections/browsers.include index dfbaa5652e..15bc385173 100644 --- a/sections/browsers.include +++ b/sections/browsers.include @@ -2048,12 +2048,12 @@ sandboxed document.domain browsing context flag set, then throw a "{{SecurityError}}" {{DOMException}}. 1. Let effectiveDomain be this Document's origin's - effective domain. + effective domain. 1. If effectiveDomain is null, then throw a "{{SecurityError}}" {{DOMException}}. 1. If the given value is not a registrable domain suffix of and is not equal to effectiveDomain throw a "{{SecurityError}}" {{DOMException}}. - 1. Set origin's domain to to the result of parsing + 1. Set origin's domain to to the result of parsing the given value.

.

The {{Document/domain|document.domain}} attribute is used to enable pages on diff --git a/sections/changes.include b/sections/changes.include index c44b651bbc..e4ab045534 100644 --- a/sections/changes.include +++ b/sections/changes.include @@ -46,7 +46,7 @@ and the HTML 5.3 First

Removing magic alignment for dialog element
Removed due to lack of implementation. Fixed issue 1108
nonce now uses the [[CryptographicNonce]]
-
Hide `nonce` content attribute
+
Hide nonce content attribute to avoid leaking it.
Removed section on anchor-points
Substantive change. Fixed issue 1104
Added disableRemotePlayback to the HTMLMediaElement interface
diff --git a/sections/elements.include b/sections/elements.include index c505150feb..70e8c63233 100644 --- a/sections/elements.include +++ b/sections/elements.include @@ -785,7 +785,6 @@ <{link/rel}>; <{link/media}>; <{link/referrerpolicy}>; - <{link/nonce}>; <{link/hreflang}>; <{link/type}>; <{link/sizes}> @@ -1256,7 +1255,6 @@ varies* globals; <{style/media}>; - <{style/nonce}>; <{style/type}> {{HTMLStyleElement}} diff --git a/sections/infrastructure.include b/sections/infrastructure.include index b876167200..a29900ca4e 100644 --- a/sections/infrastructure.include +++ b/sections/infrastructure.include @@ -112,7 +112,7 @@ rule. In particular, a valid MIME type may include MIME type parameters. [[!HTTP]] A string is a - valid MIME type with no parameters + valid MIME type with no parameters if it matches the [=media-type=] rule, but does not contain any U+003B SEMICOLON characters (;). In other words, if it consists only of a type and subtype, with no MIME Type parameters. [[!HTTP]] @@ -3318,7 +3318,7 @@ the document. The rules for parsing a hash-name reference to an element of type type, - given a context node scope, are as follows: + are as follows: 1. If the string being parsed does not contain a U+0023 NUMBER SIGN character, or if the first such character in the string is the last character in the string, then return null and abort @@ -3853,7 +3853,7 @@ -

Nonce attributes

+

Nonce attributes

A nonce content attribute represents a cryptographic nonce ("number used once") which can be used by Content Security Policy @@ -3889,7 +3889,7 @@ interface NoncedElement {

Whenever a {{NoncedElement}}'s nonce attribute is set or changed, set this element's [[CryptographicNonce]] to the given value.

-

Whenever a {{NoncedElement}} becomes browsing-context connected, the +

Whenever a {{NoncedElement}} becomes connected to a browsing context, the user agent must executing the following steps on the element:

    @@ -3898,7 +3898,7 @@ interface NoncedElement {

  1. If [=response/CSP list=] contains a header-delivered Content Security Policy, and element has a nonce content attribute - attr whose value is not the empty string, then:

    + attr whose value is not the empty string, then:

    1. Set an attribute value for @@ -3910,7 +3910,7 @@ interface NoncedElement {

      As each {{Document}}'s [=response/CSP list=] is append-only, user agents can optimize away the contains a header-delivered Content Security Policy check by, for example, holding a flag on the {{Document}}, - set during Document initialization.

      + set when initializing a new document object.

      The cloning steps for elements that implement {{NoncedElement}} must set the [[CryptographicNonce]] slot on the copy @@ -5304,7 +5304,7 @@ o.myself = o;

      messagePort.postMessage() uses this pair of abstract operations, as the destination Realm is not known until the - MessagePort has been shipped.

      + MessagePort has been shipped.

      : StructuredSerialize : StructuredSerializeForStorage diff --git a/sections/rendering.include b/sections/rendering.include index c717e33a16..93f8ce49dd 100644 --- a/sections/rendering.include +++ b/sections/rendering.include @@ -8,14 +8,14 @@ Rendering {#rendering} ========= - *User agents are not required to present HTML documents in any particular way. However, this + User agents are not required to present HTML documents in any particular way. However, this section provides a set of suggestions for rendering HTML documents that, if followed, are likely to lead to a user experience that closely resembles the experience intended by the documents' authors. So as to avoid confusion regarding the normativity of this section, "must" has not been used. Instead, the term "expected" is used to indicate behavior that will lead to this experience. For the purposes of conformance for user agents designated as [=supporting the suggested default rendering=], the term "expected" in this section has the same - conformance implications as "must".* + conformance implications as "must". ## Introduction ## {#rendering-introduction} diff --git a/sections/semantics-grouping-content.include b/sections/semantics-grouping-content.include index b69dbf45c4..8b16f39be4 100644 --- a/sections/semantics-grouping-content.include +++ b/sections/semantics-grouping-content.include @@ -42,10 +42,11 @@ The <{p}> element should not be used when a more specific element, such as a list, is more appropriate.
      - Many elements whose typical rendering is a block cannot be children of <{p}> elements, - because when the parser finds them it automatically closes the <{p}> element - effectively inserting a </p> tag. - This includes lists, tables, heading content, most sectioning roots and sectioning content, - and <{form}>, <{fieldset}> and <{legend}> elements. + Some block elements cannot be children of <{p}> elements. + When the parser finds them, it automatically closes the <{p}> element - effectively inserting a + </p> tag. + These elements are: heading content, most sectioning roots and sectioning content, + <{form}>, <{fieldset}>, <{table}>, <{ol}>, <{ul}>, and <{legend}>.

      diff --git a/sections/semantics-scriptings.include b/sections/semantics-scriptings.include index 9c56578c7a..9a4b51d919 100644 --- a/sections/semantics-scriptings.include +++ b/sections/semantics-scriptings.include @@ -431,11 +431,11 @@ Otherwise, if the <{script}> element has a <{script/type}> attribute, let the script block's type string for this <{script}> element be the value of that - attribute after stripping leading and trailing whitespace. + attribute after stripping leading and trailing white space. Otherwise, the element has a non-empty <{script/language}> attribute; let the script block's type string for this <{script}> element be the - concatenation of the string "text/" followed by the value of the <{script/language}> attribute. + concatenation of the string "text/" followed by the value of the <{script/language}> attribute.

      The <{script/language}> attribute is never conforming, and is always ignored if there is a <{script/type}> attribute present.

      @@ -498,7 +498,7 @@ as "[=parser-inserted=]", and "`not parser-inserted`" otherwise. 18. Let options be a set of script fetch options whose cryptographic nonce metadata is cryptographic nonce, integrity metadata is integrity metadata, - parser metadata is parser metadata, credentials mode is module + parser metadata is parser metadata, credentials mode is module script credentials mode, and referrer policy is the empty string. 19. Let settings be the element's node document's {{Window}} object's environment settings object. @@ -517,7 +517,7 @@
      `"classic"`
      Fetch a classic script given url, settings object, - options, classic script CORS setting, and + options, classic script CORS setting, and encoding.
      "module"
      diff --git a/sections/syntax.include b/sections/syntax.include index f1b5723f23..5222787ac7 100644 --- a/sections/syntax.include +++ b/sections/syntax.include @@ -121,7 +121,7 @@ Tags are used to delimit the start and end of elements in the markup. [=Raw text=], [=escapable raw text=], and [=normal elements=] have a [=start tag=] to indicate where they begin, and an [=end tag=] to indicate where they end. The start and end tags of certain - [=normal elements=] can be [=omitted=], as described below in the section on [=optional tags=]. + [=normal elements=] can be omitted, as described in the section on [=omitted|optional tags=]. Those that cannot be omitted must not be omitted. [=Void elements=] only have a start tag; end tags must not be specified for [=void elements=]. [=Foreign elements=] must either have a start tag and an end tag, or a start tag that is marked as self-closing, in which case they must not diff --git a/sections/webappapis.include b/sections/webappapis.include index 38b9c082af..7d9d7033e6 100644 --- a/sections/webappapis.include +++ b/sections/webappapis.include @@ -224,7 +224,7 @@ APIs for Web APplications. This is a bit of a grab-bag

      The default classic script fetch options are a set ofscript fetch options whose cryptographic nonce is the empty string, integrity metadata is the empty string, - parser metadata is "not-parser-inserted", credentials mode is "omit", + parser metadata is "not-parser-inserted", credentials mode is "omit", and referrer policy is the empty string.

      Given a request request and script fetch options options, we define:

      @@ -321,7 +321,7 @@ APIs for Web APplications. This is a bit of a grab-bag 11. Asynchronously complete this algorithm with script. To fetch a classic worker script given a url, a fetch client settings object, - a destination, and a script settings object, run these steps. The algorithm will + a destination, and a script settings object, run these steps. The algorithm will asynchronously complete with either null (on failure) or a new classic script (on success). @@ -332,7 +332,7 @@ APIs for Web APplications. This is a bit of a grab-bag use-URL-credentials flag is set. 2. If the caller specified custom steps to perform the fetch, perform them on request, with the is top-level flag set. Return from this algorithm, - and when the custom perform the fetch steps + and when the custom perform the fetch steps complete with response response, run the remaining steps.

      Otherwise, fetch request.

      @@ -360,7 +360,7 @@ APIs for Web APplications. This is a bit of a grab-bag 2. If module map settings object is not given, let it be fetch client settings object. 3. Fetch a single module script given url, credentials mode, - cryptographic nonce, parser state, destination, and + cryptographic nonce, parser state, destination, and module map settings object. If the caller of this algorithm specified custom set up the request or process the response steps, pass those along while fetching a single module script. @@ -418,7 +418,7 @@ APIs for Web APplications. This is a bit of a grab-bag To fetch a single module script, given a url, a fetch client settings object, a destination, some options, - a module map settings object, a referrer, and a top-level module fetch flag, run these steps. + a module map settings object, a referrer, and a top-level module fetch flag, run these steps. The algorithm will asynchronously complete with either null (on failure) or a module script (on success). 1. Let module map be settings object's module map. diff --git a/single-page.bs b/single-page.bs index 3a66c3753e..d3b2ecda6e 100644 --- a/single-page.bs +++ b/single-page.bs @@ -594,6 +594,7 @@ urlPrefix: https://tc39.github.io/ecma262/#; type: dfn; spec: ECMA-262 text: RunJobs text: running JavaScript execution context; url: running-execution-context text: SameValue + text: Script Record; url: script-records text: ScriptEvaluation; url: runtime-semantics-scriptevaluation text: Source Text Module Record; url: source-text-module-records text: Strict Equality Comparison